Vulnerability Management Analyst

SailPoint is looking for a motivated Vulnerability Management Analyst to join our growing Cybersecurity team. In this role, you will be at the heart of our security operations, responsible for protecting SailPoint's production environments from misconfigurations and software vulnerabilities. You will ensure our products meet the highest standards of security and trust by managing the complete lifecycle of vulnerabilities across our complex, cloud-native infrastructure.

As a key member of our threat and vulnerability management team, you will work closely with cross-functional partners in IT, DevOps, and Engineering to reduce our organizational risk. This is a challenging and impactful role where you can grow your skills and contribute directly to our security posture.

What You'll Do (Core Responsibilities):

• Analyze & Prioritize: Triage and assess vulnerabilities discovered in our cloud infrastructure, containerized environments, enterprise infrastructure, and applications, using a risk-based framework that goes beyond standard CVSS scores.
• Cloud Security: Partner with DevOps and Engineering to identify and remediate vulnerabilities and misconfigurations in our AWS environment.
• Drive Remediation: Act as a key liaison, explaining risks, identifying dependencies, and providing the necessary context to help teams remediate vulnerabilities efficiently.
• Automate & Improve: Contribute to the continuous improvement of our program by helping automate data ingestion, reporting, and ticketing system integrations (e.g., Jira, Slack) using scripting languages like Python or PowerShell.
• Report & Comply: Develop metrics to report on the health of the vulnerability management program and provide evidence to support compliance and audit needs for frameworks like SOC2, ISO 27001, and FedRAMP.
• Threat Intelligence: Maintain knowledge of the current threat landscape, including new attack techniques and actively exploited vulnerabilities, to inform our prioritization strategy.

What You'll Bring (Key Requirements):

• Cloud Infrastructure Experience: Strong, hands-on experience securing cloud environments, particularly AWS. You should have a technical understanding of core services like EC2, and container technologies such as Kubernetes and Docker.
• Vulnerability Management Experience: 2-4 years of experience in vulnerability management, product security, or a similar cybersecurity role.
• Technical Acumen: A solid grasp of common product security issues (e.g., OWASP Top 10, SSRF, Injection flaws) and how they manifest in modern, multi-cloud architectures.
• Automation Skills: Intermediate scripting ability (e.g., Python, PowerShell) to help automate security workflows, reporting, and data analysis.
• Collaboration & Influence: A proven ability to build strong partnerships and communicate effectively with technical and non-technical stakeholders in a matrixed organization.

Preferred Qualifications:

• Past experience in penetration testing, product security, or the security research community.
• Certifications such as AWS Certified Security - Specialty, CISSP, CISA, or CySA+.
  
  • Note: Candidates are required to obtain the AWS Certified Cloud Practitioner or AWS Certified Security - Specialty certification within the first year of employment if not already held.

The Path to Success (Milestones):

60-Day Milestones (The "Connecting" Phase):

• Become fully comfortable with core processes and tools (e.g., Qualys, CrowdStrike), including reporting, ticketing, and internal workflows.
• Solidify relationships with key members of the vulnerability management team and begin engaging with stakeholders in Engineering and Compliance.
• Begin performing routine vulnerability management tasks, such as validating scans and initiating remediation ticketing, with increasing independence.

90-Day Milestones (The "Contribution" Phase):

• Operate with minimal oversight on daily tasks, fully managing the day-to-day vulnerability lifecycle for your areas of responsibility.
• Act as a natural escalation point for junior analysts, providing mentorship and helping to resolve challenges with remediation teams.
• Confidently engage with engineering teams to work through remediation problems and ensure operational flow.

6-Month Milestones (The "Performance" Phase):

• Become a strong, effective contributor who actively identifies and suggests areas for process improvement.
• Take the lead on an internal team project, such as revamping vulnerability metrics or automating a reporting process.
• Demonstrate a deep understanding of our risk-based approach by prioritizing vulnerabilities.

12-Month Milestones (The "Ownership" Phase):

• Solidly own all assigned tasks and responsibilities, running with them from start to finish with minimal supervision.
• Actively contribute to maturing the team by bringing in new ideas, finding process efficiencies, and mentoring junior analysts on technical and communication skills.
• Establish and maintain strong, trusted relationships with cross-functional partners in Engineering, Compliance, and other departments, effectively working through complex problems together.

Benefits and Compensation listed vary based on the location of your employment and the nature of your employment with SailPoint.

As a part of the total compensation package, this role may be eligible for the SailPoint Corporate Bonus Plan or a role-specific commission, along with potential eligibility for equity participation. SailPoint maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect SailPoint's differing products, industries, and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. We estimate the base salary, for US-based employees, will be in this range from (min-mid-max, USD):
$71,500 - $120,478.00
Base salaries for employees based in other locations are competitive for the employee's home location.

Benefits Overview

1. Health and wellness coverage: Medical, dental, and vision insurance

2. Disability coverage: Short-term and long-term disability

3. Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)

4. Additional life coverage options: Supplemental life insurance for employees, spouses, and children

5. Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account

6. Financial security: 401(k) Savings and Investment Plan with company matching

7. Time off benefits: Flexible vacation policy

8. Holidays: 8 paid holidays annually

9. Sick leave

10. Parental support: Paid parental leave

11. Employee Assistance Program (EAP) and Care Counselors

12. Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options

13. Health Savings Account (HSA) with employer contribution

SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law.


Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact View email address on click.appcast.io or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations. NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.