Resumen del rol

Staff Product Security Engineer

Requisitos y responsabilidades

Contenido del rol extraído en secciones para revisar más rápido.

Key Responsibilities

  • Partner with Engineering teams throughout the software development lifecycle to identify and mitigate security risks, and implement secure deployment practices

Key Responsibilities

  • Support threat modeling activities and help engineering teams implement appropriate security controls

Key Responsibilities

  • Define and promote secure coding standards, security policies, best practices, and secure-by-design principles

Key Responsibilities

  • Participate in the Cyber organization’s efforts to leverage AI across the team, as well as the use of AI in our SSDLC.

Key Responsibilities

  • Partner with Engineering on improving security testing programs

Key Responsibilities

  • Coordinate internal and external application and penetration testing initiatives

Key Responsibilities

  • Validate vulnerability findings and prioritize remediation based on risk

Key Responsibilities

  • Perform root cause analysis and recommend long-term security improvements

Key Responsibilities

  • Collaborate with the Security Operations team on security monitoring and detection capabilities for applications and services

Key Responsibilities

  • Triage, coordinate, and oversee remediation for security researcher disclosures via our bug bounty program

Key Responsibilities

  • Develop security training, guidance, and technical documentation

Key Responsibilities

  • Interact with other organizations at SailPoint as a consultant on security-related matters

Required Qualifications

  • 5-7 years of experience in product security, application security, software engineering, or a related field

Required Qualifications

  • Experience with security testing tools such as: SAST, SCA, DAST, Container security scanners

Required Qualifications

  • Experience with CI/CD security controls and DevSecOps practices

Required Qualifications

  • Familiarity with one or more programming languages such as Python, Go, Java, JavaScript/TypeScript, Ruby

Required Qualifications

  • Demonstrated ability to effectively use AI-powered tools and automation to enhance security engineering productivity, research, analysis, and remediation efforts

Required Qualifications

  • Knowledge of emerging AI security risks and best practices for securing AI-enabled applications, services, and development workflows

Required Qualifications

  • Deep expertise in threat modeling, secure architecture design, and vulnerability management

Required Qualifications

  • Experience influencing engineering organizations and driving security initiatives across multiple teams

Required Qualifications

  • Knowledge of artificial intelligence software security frameworks is strongly preferred, including OWASP AI Security and Privacy Guide, NIST AI Risk Management Framework, Cybersecurity AI (CAI), Open SSF AI/ML Security Framework.

The successful candidate will:

  • Be a highly active observer of industry security trends and threats, remaining up to date on current cyber issues

The successful candidate will:

  • Have a continuous learning mindset and passion for security

The successful candidate will:

  • Have strong analytical and problem-solving skills

The successful candidate will:

  • Be flexible, with the ability to balance security vs the needs of the business

The successful candidate will:

  • Have excellent written and oral communications skills with demonstrated commitment to producing high quality documentation

The successful candidate will:

  • Be able to translate technical risks into business impact

The successful candidate will:

  • Be collaborative and able to foster relationships with teams we partner with

The successful candidate will:

  • Strategic Alignment & Planning Integration: Deepen collaboration with key engineering and tooling leads by Day 90, reinforcing recurring touchpoints to integrate product security proactively into early planning cycles, roadmaps, and feature designs.
  • SDLC Optimization Assessment: Review the end-to-end Software Development Life Cycle (SDLC) by Day 60 to identify enhancement opportunities, accelerate "shift-left" practices, and further standardize secure-by-design deployment pipelines.
  • Asset & Dependency Inventory: Refine and centralize the inventory of supported products, underlying architecture, and third-party dependencies by Day 90 to deliver a highly visible, comprehensive single source of truth.

The successful candidate will:

  • Modernizing Tool Stack & AI Integration (Q3): Evaluate the current security tooling and implement state-of-the-art AI-assisted scanning across product code (utilizing tools like Cursor and Claude Enterprise) to further automate and scale security workflows.
  • Optimized Remediation & Board Metrics (Q4): Implement a highly scalable, risk-based vulnerability prioritization framework, optimizing Time to Remediate (TTR) metrics to provide clear, actionable risk visibility for executive leadership and the Board.
  • Security Champions & Developer Empowerment: Elevate developer security education and launch a formal "Security Champions" program by Day 180, embedding security advocates across core product lines to champion secure development practices.

The successful candidate will:

  • Systemic Architecture Enhancements: Conduct comprehensive reviews of the production environment (including Kubernetes and containerized applications) to systematically address complex architectural security opportunities and build long-term environment resilience.
  • Standardizing "Paved Road" Configurations: Define, document, and roll out standardized, secure "paved road" configurations and guardrails, making secure deployment the friction-free path of least resistance for product teams.
  • Program Scaling & Mentorship: Maintain and scale updated product architecture documentation while continuously elevating team capabilities, autonomy, and cross-functional alignment through active, hands-on mentorship.
Roles similares

Mantén una lista de respaldo.

Ver stack
FocoProduct Security EngineeringÁrea del rol
Señal de senioritySeniorNivel del candidato
StackCI/CD, Java, JavaScriptSkills principales
Ubicación1 país aceptadoElegibilidad

Stack

Usa estas tags para comparar roles remotos similares.

Elegibilidad de ubicación

Candidatos deberían aplicar solo cuando el país del perfil aparece aquí.

Tu perfilPaís no definidoInicia sesión para comparar tu país con este rol.

Flujo de contratación

WithMira muestra el rol y luego envía candidatos a la aplicación de la empresa.

1Revisa fit del rol, stack y elegibilidad de ubicación en WithMira.
2Abre la página de aplicación de la empresa desde el link rastreado.
3Guarda el rol o suscríbete a oportunidades similares antes de salir.
Aplicar en el sitio de la empresaSitio de la empresaAbrir link