Product Security Architect

PRODUCT SECURITY ARCHITECTSailPoint is seeking a Product Security Architect to provide technical leadership and execution for an industry-leading Product Security program. As a provider of both SaaS and enterprise software for some the world’s most prestigious organizations, SailPoint strives for best-in-class security for its product offerings. This critical role will be responsible for performing security architecture reviews and offering consulting services as well as be a key player in designing the overall strategy of the Product Security Program at SailPoint. The ideal candidate will be highly collaborative, customer-service oriented, able to balance the right level of security with business objectives, comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences, and work to creatively solve complex Product Security related problems.This role can be remote or based in Pune, India.Responsibilities: Gain an understanding of our current state product security program and partner with the team to define future state and multi-year roadmaps.Use knowledge of current product security best practices and industry trends to advise on the secure design of SailPoint products and services.Perform Threat Modelling, assess and document product risks and/or application designs.Participate in expanding/maturing the SailPoint S-SDLC programGather and analyze functional requirements and lead proof of concept activities with key business users and stakeholders in support of advanced use cases.Work with product teams and shared services to determine appropriate security reviews cadence based on risk.Develop and maintain checklists and working aides for secure development.Design solution blueprints that meet the security needs of the system.Approve security guidance and training materials provided to development teams.Provides input to security risk impact assessment.Approve architecture change proposals from a security perspective.Conduct Third party/Alliances assessments.Be a key advisor to the overall strategy and roadmap of the Product Security Program.Be a part of the Product Security Incident Response Team (PSIRT) at SailPoint.Mentor and foster development of best practices within the Product Security team.Stay abreast of the threat landscape, current technologies, security compliance requirements, standards, and industry trends in order to help achieve cybersecurity’s goals.Participate in audits pertaining to SailPoint’s cybersecurity processes and best practices.Respond to and, when appropriate, resolve or escalate security incidents.Required:Bachelor’s degree with 12+ years of experience/Master’s degree with 8+ years of experience in Cybersecurity6-8 years of Technical Product Security related experience that includes Security Architecture, Threat Modeling, Attack Surface Analysis, Secure Design, Security Assessments, AppSec Security Tools, etc.Proven track record of solving complex Product Security issues and protecting products using a risk-based approach.Extensive knowledge of the current Product Security threat landscape and industry best practices.Extensive experience of performing Threat Modeling and Product Security design reviews and incorporating them as part of SSDLC processes.Experience with compliance/certification frameworks such as ISO27001, SOC2, FedRAMP, SOX, GDPR from a Product Security standpoint.Experience working in Agile development with experience in technologies such as:Containers (Docker, Kubernetes, or similar)Infrastructure as code (Vagrant, Docker, Ansible, Chef, Terraform, or similar)Continuous integration (Jenkins, Bamboo, Hudson, or similar.)Integration of Security testing tools into pipelineDefect tracking (Jira, Bugzilla, ServiceNow, or similar.)Source code management (GitLab, GitHub, BitBucket, or similar.)QA Testing tools (nUnit, jUnit, Selenium, Cucumber, or similar.)Application security testing tools (SAST, DAST, IAST, SCA, or similar.)Various *nix distributionsKnowledge of all components of a SaaS multi-tenant product architectureREST APIsExperience in requirement gathering and documentation.Sound judgment skills and ability to manage escalations.Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.Proven experience in, and passion for technically leading teams, mentoring staff and driving organizational change.Demonstrated professional writing/communication skills.Preferred: Cloud security architecture experience with major cloud providers: AWS (preferred), Azure, or GCP.A solid understanding of cloud security technologies including container security, serverless security, network and application security, and access management. Familiarity with Linux systems security.One or more of the following certifications:Certified Information Systems Security Professional (CISSP)Information Systems Security Architecture Professional (ISSAP)Information Systems Security Engineering Professional (ISSEP)Certified Secure Software Lifecycle Professional (CSSLP)Certified Information Security Manager (CISM)Certified Information Systems Auditor (CISA)AWS, Google, or Azure Architecture CertificationSailPoint is an equal opportunity employer and we welcome everyone to our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.