Vulnerability Management Analyst

Cybersecurity Vulnerability Management Analyst SailPoint’s Cybersecurity organization is seeking a CybersecurityVulnerability Management Analyst with a passion for cybersecurity. Thisrole ensures the continuous discovery, accurate assessment, risk-basedprioritization, and successful remediation of vulnerabilities andmisconfigurations across all IT assets, directly reducing the organization'sexposure and maintaining regulatory compliance. We are seeking a colleague with demonstrable technical expertise, strongbusiness acumen, and a proven track record of working in securityprograms in complex environments. The ideal candidate will be part of theteam securing SailPoint’s production environments from misconfigurationsand software vulnerabilities, cross-functional collaboration, and ensuringthat products meet the highest standards of security, availability, and trust. Our new Vulnerability Management Analyst will join a growing and capablethreat and vulnerability management team of both emerging andestablished talent. This potential team member will be comfortable with the4 I’s at SailPoint (individual, Impact, Innovation, and Integrity) even ifthey’re new to the concept. They will embrace new challenges, and by beingtheir authentic self they will be a positive contributor to an already positivework culture and environment. This is a challenging and impactful role where you will have the opportunityto work with a variety of stakeholders, including our fantastic colleagues inIT, DevOps, Product engineering, Security engineering, and Compliance.This role reports directly to the Head of Vulnerability Management and willbe remote. Candidae must go to Pune office once a quarter. Key Requirements: 3-5 years experience, preferably in vulnerability management. Strong engineering experience with cloud, containers, open-sourcecode, deployment and misconfigurations. Intermediate experience with scripting languages (e.g., Python,PowerShell) for automating data ingestion, reporting, or integratingVM data into other security tools (SIEM/SOAR). Experience with regulatory frameworks (e.g., NIST, ISO 27001, SOC,GDPR) and providing evidence for compliance and audit needs. Experience tracking trends and configure systems as required toreduce false positives from true events. Process Improvement: Drive continuous improvement in the efficiencyof vulnerability remediation through automation, ticketing systemintegration (e.g., Jira), and process streamlining. Influence & Collaboration – Demonstrable experience building strongpartnerships in a matrixed organization. Technical – Intermediate understanding of product security issues(like XXE, SSRF, Injections, etc.), modern software development (fullyautomated CI/CD, REST, OAuth2) including multi-cloud (AWS, Azure,GCP, Containers, Kubernetes) architectures, particularly Amazon WebServices, Kubernetes, and Docker. Risk-Based Decision Making – Experience making informed decisionsthrough balancing business priorities, technical constraints, and riskexposure. Certifications like CISSP, CISA, CySA+, AWS Certs, or CCNSE, orother relevant certifications are preferred. If the candidate does not have the AWS Certified Cloud Practitioner orAWS Certified Cloud Security – Specialty, they must take thesecertifications within first year of employment. Core Responsibilities: Collaborating in the enterprise-wide product security and resiliencestrategy, aligning with business goals and regulatory requirements. Partnering with Dev/Ops, engineering, product management, andinfrastructure teams to integrate vulnerability management practicesinto production environments. Identifying risk in a production environment comprised of asophisticated SaaS architecture consisting of dozens of microservices Maintain knowledge of the threat landscape for prioritization ofvulnerabilities, attack techniques, tool/exploit development, cyberthreat intelligence analysis and adversarial tactics. Explaining risks, identifing dependencies, and facilitating theremediation process by providing necessary details and context. Enforce a prioritization framework that utilizes risk context beyondstandard CVSS scores, factoring in asset criticality, exposure to thepublic internet, and internal threat intelligence (e.g., activeexploitation in the wild). Drive the adoption of security automation, vulnerability managementwith product teams. Providing program performance reporting and metrics per businessunit and product.First 30 Days Learn the landscape, processes and technologies. Complete all tooling platform specific training assigned. 60 Days Take ownership of vulnerability analysis and reporting for adesignated environment Establish communication and follow-up cadence with the remediationteams Identify and document an opportunity to improve the efficiency of thecurrent process 90 Days Manage full lifecycle for all production environment Collaborate with respective teams to address specific, frequentoccurring vulnerability, insecure coding, etc Have deep understanding of all core technologies, environments andour cloud architecture. Contribute to the team internal knowledgebase on lessons learnedSailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law.  Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact applicationassistance@sailpoint.com or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations.  NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.