SailPoint
Staff Product Security Engineer
Vaga remota de Product Security Engineering com fit claro de localização do candidato.
Publicada3 de jul. de 2026
Países elegíveis1 país aceito
Sinal de senioridadeSenior
Modelo de trabalhoRemoto
Locais aceitos para candidatos
Estados Unidos
Resumo da vaga
Staff Product Security Engineer
Requisitos e responsabilidades
Conteúdo da vaga extraído em seções para revisão mais rápida.
Key Responsibilities
- Partner with Engineering teams throughout the software development lifecycle to identify and mitigate security risks, and implement secure deployment practices
Key Responsibilities
- Support threat modeling activities and help engineering teams implement appropriate security controls
Key Responsibilities
- Define and promote secure coding standards, security policies, best practices, and secure-by-design principles
Key Responsibilities
- Participate in the Cyber organization’s efforts to leverage AI across the team, as well as the use of AI in our SSDLC.
Key Responsibilities
- Partner with Engineering on improving security testing programs
Key Responsibilities
- Coordinate internal and external application and penetration testing initiatives
Key Responsibilities
- Validate vulnerability findings and prioritize remediation based on risk
Key Responsibilities
- Perform root cause analysis and recommend long-term security improvements
Key Responsibilities
- Collaborate with the Security Operations team on security monitoring and detection capabilities for applications and services
Key Responsibilities
- Triage, coordinate, and oversee remediation for security researcher disclosures via our bug bounty program
Key Responsibilities
- Develop security training, guidance, and technical documentation
Key Responsibilities
- Interact with other organizations at SailPoint as a consultant on security-related matters
Required Qualifications
- 5-7 years of experience in product security, application security, software engineering, or a related field
Required Qualifications
- Experience with security testing tools such as: SAST, SCA, DAST, Container security scanners
Required Qualifications
- Experience with CI/CD security controls and DevSecOps practices
Required Qualifications
- Familiarity with one or more programming languages such as Python, Go, Java, JavaScript/TypeScript, Ruby
Required Qualifications
- Demonstrated ability to effectively use AI-powered tools and automation to enhance security engineering productivity, research, analysis, and remediation efforts
Required Qualifications
- Knowledge of emerging AI security risks and best practices for securing AI-enabled applications, services, and development workflows
Required Qualifications
- Deep expertise in threat modeling, secure architecture design, and vulnerability management
Required Qualifications
- Experience influencing engineering organizations and driving security initiatives across multiple teams
Required Qualifications
- Knowledge of artificial intelligence software security frameworks is strongly preferred, including OWASP AI Security and Privacy Guide, NIST AI Risk Management Framework, Cybersecurity AI (CAI), Open SSF AI/ML Security Framework.
The successful candidate will:
- Be a highly active observer of industry security trends and threats, remaining up to date on current cyber issues
The successful candidate will:
- Have a continuous learning mindset and passion for security
The successful candidate will:
- Have strong analytical and problem-solving skills
The successful candidate will:
- Be flexible, with the ability to balance security vs the needs of the business
The successful candidate will:
- Have excellent written and oral communications skills with demonstrated commitment to producing high quality documentation
The successful candidate will:
- Be able to translate technical risks into business impact
The successful candidate will:
- Be collaborative and able to foster relationships with teams we partner with
The successful candidate will:
- Strategic Alignment & Planning Integration: Deepen collaboration with key engineering and tooling leads by Day 90, reinforcing recurring touchpoints to integrate product security proactively into early planning cycles, roadmaps, and feature designs.
- SDLC Optimization Assessment: Review the end-to-end Software Development Life Cycle (SDLC) by Day 60 to identify enhancement opportunities, accelerate "shift-left" practices, and further standardize secure-by-design deployment pipelines.
- Asset & Dependency Inventory: Refine and centralize the inventory of supported products, underlying architecture, and third-party dependencies by Day 90 to deliver a highly visible, comprehensive single source of truth.
The successful candidate will:
- Modernizing Tool Stack & AI Integration (Q3): Evaluate the current security tooling and implement state-of-the-art AI-assisted scanning across product code (utilizing tools like Cursor and Claude Enterprise) to further automate and scale security workflows.
- Optimized Remediation & Board Metrics (Q4): Implement a highly scalable, risk-based vulnerability prioritization framework, optimizing Time to Remediate (TTR) metrics to provide clear, actionable risk visibility for executive leadership and the Board.
- Security Champions & Developer Empowerment: Elevate developer security education and launch a formal "Security Champions" program by Day 180, embedding security advocates across core product lines to champion secure development practices.
The successful candidate will:
- Systemic Architecture Enhancements: Conduct comprehensive reviews of the production environment (including Kubernetes and containerized applications) to systematically address complex architectural security opportunities and build long-term environment resilience.
- Standardizing "Paved Road" Configurations: Define, document, and roll out standardized, secure "paved road" configurations and guardrails, making secure deployment the friction-free path of least resistance for product teams.
- Program Scaling & Mentorship: Maintain and scale updated product architecture documentation while continuously elevating team capabilities, autonomy, and cross-functional alignment through active, hands-on mentorship.
Vagas similares
Mantenha uma lista reserva.
Java, Python USA
Application Security Engineer (Tech Lead)Morgan StanleyVer vaga Java, Python USA
Application Security Engineer (Middle)Morgan StanleyVer vaga JavaScript, TypeScript 5 países aceitos
Full Stack EngineerSubwayVer vaga Kubernetes, Python 13 países aceitos
Senior Backend Engineer (AdTech)Leap ToolsVer vaga Stack
Use estas tags para comparar vagas remotas similares.
Elegibilidade de localização
Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.
Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.
Fluxo de contratação
O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.
1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.