Resumo da vaga

Staff Product Security Engineer

Requisitos e responsabilidades

Conteúdo da vaga extraído em seções para revisão mais rápida.

Key Responsibilities

  • Partner with Engineering teams throughout the software development lifecycle to identify and mitigate security risks, and implement secure deployment practices

Key Responsibilities

  • Support threat modeling activities and help engineering teams implement appropriate security controls

Key Responsibilities

  • Define and promote secure coding standards, security policies, best practices, and secure-by-design principles

Key Responsibilities

  • Participate in the Cyber organization’s efforts to leverage AI across the team, as well as the use of AI in our SSDLC.

Key Responsibilities

  • Partner with Engineering on improving security testing programs

Key Responsibilities

  • Coordinate internal and external application and penetration testing initiatives

Key Responsibilities

  • Validate vulnerability findings and prioritize remediation based on risk

Key Responsibilities

  • Perform root cause analysis and recommend long-term security improvements

Key Responsibilities

  • Collaborate with the Security Operations team on security monitoring and detection capabilities for applications and services

Key Responsibilities

  • Triage, coordinate, and oversee remediation for security researcher disclosures via our bug bounty program

Key Responsibilities

  • Develop security training, guidance, and technical documentation

Key Responsibilities

  • Interact with other organizations at SailPoint as a consultant on security-related matters

Required Qualifications

  • 5-7 years of experience in product security, application security, software engineering, or a related field

Required Qualifications

  • Experience with security testing tools such as: SAST, SCA, DAST, Container security scanners

Required Qualifications

  • Experience with CI/CD security controls and DevSecOps practices

Required Qualifications

  • Familiarity with one or more programming languages such as Python, Go, Java, JavaScript/TypeScript, Ruby

Required Qualifications

  • Demonstrated ability to effectively use AI-powered tools and automation to enhance security engineering productivity, research, analysis, and remediation efforts

Required Qualifications

  • Knowledge of emerging AI security risks and best practices for securing AI-enabled applications, services, and development workflows

Required Qualifications

  • Deep expertise in threat modeling, secure architecture design, and vulnerability management

Required Qualifications

  • Experience influencing engineering organizations and driving security initiatives across multiple teams

Required Qualifications

  • Knowledge of artificial intelligence software security frameworks is strongly preferred, including OWASP AI Security and Privacy Guide, NIST AI Risk Management Framework, Cybersecurity AI (CAI), Open SSF AI/ML Security Framework.

The successful candidate will:

  • Be a highly active observer of industry security trends and threats, remaining up to date on current cyber issues

The successful candidate will:

  • Have a continuous learning mindset and passion for security

The successful candidate will:

  • Have strong analytical and problem-solving skills

The successful candidate will:

  • Be flexible, with the ability to balance security vs the needs of the business

The successful candidate will:

  • Have excellent written and oral communications skills with demonstrated commitment to producing high quality documentation

The successful candidate will:

  • Be able to translate technical risks into business impact

The successful candidate will:

  • Be collaborative and able to foster relationships with teams we partner with

The successful candidate will:

  • Strategic Alignment & Planning Integration: Deepen collaboration with key engineering and tooling leads by Day 90, reinforcing recurring touchpoints to integrate product security proactively into early planning cycles, roadmaps, and feature designs.
  • SDLC Optimization Assessment: Review the end-to-end Software Development Life Cycle (SDLC) by Day 60 to identify enhancement opportunities, accelerate "shift-left" practices, and further standardize secure-by-design deployment pipelines.
  • Asset & Dependency Inventory: Refine and centralize the inventory of supported products, underlying architecture, and third-party dependencies by Day 90 to deliver a highly visible, comprehensive single source of truth.

The successful candidate will:

  • Modernizing Tool Stack & AI Integration (Q3): Evaluate the current security tooling and implement state-of-the-art AI-assisted scanning across product code (utilizing tools like Cursor and Claude Enterprise) to further automate and scale security workflows.
  • Optimized Remediation & Board Metrics (Q4): Implement a highly scalable, risk-based vulnerability prioritization framework, optimizing Time to Remediate (TTR) metrics to provide clear, actionable risk visibility for executive leadership and the Board.
  • Security Champions & Developer Empowerment: Elevate developer security education and launch a formal "Security Champions" program by Day 180, embedding security advocates across core product lines to champion secure development practices.

The successful candidate will:

  • Systemic Architecture Enhancements: Conduct comprehensive reviews of the production environment (including Kubernetes and containerized applications) to systematically address complex architectural security opportunities and build long-term environment resilience.
  • Standardizing "Paved Road" Configurations: Define, document, and roll out standardized, secure "paved road" configurations and guardrails, making secure deployment the friction-free path of least resistance for product teams.
  • Program Scaling & Mentorship: Maintain and scale updated product architecture documentation while continuously elevating team capabilities, autonomy, and cross-functional alignment through active, hands-on mentorship.
Vagas similares

Mantenha uma lista reserva.

Ver stack
FocoProduct Security EngineeringÁrea da vaga
Sinal de senioridadeSeniorNível do candidato
StackCI/CD, Java, JavaScriptSkills principais
Localização1 país aceitoElegibilidade

Stack

Use estas tags para comparar vagas remotas similares.

Elegibilidade de localização

Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.

Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.

Fluxo de contratação

O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.

1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.
Aplicar no site da empresaSite da empresaAbrir link