Staff Product Security Engineer - remote

Posted 3 years ago  • Austin, TX
Stack Overflow
Job Description

SailPoint is seeking a Staff Product Security Engineer as part of execution for an industry-leading Product Security program. As a provider of both SaaS and enterprise software for some the world’s most prestigious organizations, SailPoint strives for best-in-class security for its product offerings. This critical role will be responsible for performing highly technical hands-on work related to Product Security as well as be a key player in designing the overall strategy of the Product Security Program at SailPoint.

The ideal candidate will be highly collaborative and customer service oriented;balancing the right level of security with business objectives and working to creatively solve complex Product Security related problems.

This is a challenging and impactful role with security responsibilities that all product offerings and can be REMOTE or based in Austin, TX.

Responsibilities:

  • Configure, maintain, and tune all pipeline and traditional product and application security technologies.
  • Continuously reduce false positives through calculated and repeatable suppressions to ensure utilization and adoption of the technology(s).
  • Responsible for proactive scanning/auditing in early phases of the SSDLC as well as reactive scanning/auditing in later phases of the SSDLC, triage and comms to DEV teams.
  • Assists tech leads and developers with technical approach for remediation.
  • Support automation and tooling of security technologies to be leveraged by development teams.
  • Assist in developing custom software quality tests and Security as Code solutions.
  • Review designs for security defects, perform threat modelling and identify remediation solutions.
  • Provide training, guidance, and assistance to development teams early in the SSDLC.
  • Cultivate security ownership in the product teams.
  • Communicate new security services to product teams and assist with security integration, requirement gathering, and troubleshooting failures.
  • Manage product/application vulnerabilities in a consistent manner to prioritize, advise, monitor, and validate remediation.
  • Produce metrics based on product findings and vulnerabilities, to include customer facing true positives and SLAs/KPIs.
  • Provide input to security risk impact assessment.
  • Work closely with engineering to sustain processes and/or convert manual integrations to automated pipeline activities.
  • Be a key advisor to the overall strategy and roadmap of the Product Security Program.
  • Be a part of the Product Security Incident Response Team (PSIRT) at SailPoint.

Requirements:

  • Bachelor’s degree with 12+ years of experience/Master’s degree with 8+ years of experience in IT Security
  • 6-8 years of Technical Product Security related experience around SSDLC tooling, automation, remediation advisory, security testing, threat modeling/attack surface analysis.
  • US Citizenship is required due to the nature of the role
  • Proven track record of solving complex Product Security issues and protecting products using a risk-based approach.
  • Extensive knowledge of the current Product Security threat landscape and industry best practices.
  • Knowledge of compliance/certification frameworks such as ISO27001, SOC2, FedRAMP, SOX, GDPR from a Product Security standpoint is a plus.
  • Experience working in Agile development with experience in the following technologies:
    • Containers (Docker, Kubernetes, or similar)
    • Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)
    • Continuous integration (Jenkins, Bamboo, Hudson, or similar.)
    • Integration of Security testing tools into pipeline
    • Defect tracking (Jira, Bugzilla, ServiceNow, or similar.)
    • Source code management (GitLab, GitHub, BitBucket, or similar.)
    • QA Testing tools (nUnit, jUnit, Selenium, Cucumber, or similar.)
    • Application security testing tools (SAST, DAST, IAST, SCA, or similar.)
    • Various *nix distributions
    • Cloud environment (AWS, Azure, or similar)
  • Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
  • Minimal travel (<10%) to Austin, TX
  • Certification such as OSCP, GSEC, GPEN, CISSP, CSSLP