Vulnerability Management Team Lead

Cybersecurity Vulnerability Management Team Lead

SailPoints Cybersecurity organization is seeking a Cybersecurity Vulnerability Management Team Lead with a passion for cybersecurity. This role ensures the continuous discovery accurate assessment risk-based prioritization and successful remediation of vulnerabilities and misconfigurations across all IT assets directly reducing the organizations exposure and maintaining regulatory compliance.

We are seeking a colleague who is an experienced leader with deep technical expertise strong business acumen and a proven track record of building scalable security programs in complex environments. The ideal candidate will be responsible for leading the daily activities of a team securing SailPoints production environments from misconfigurations and software vulnerabilities. driving cross-functional collaboration and ensuring that products meet the highest standards of security availability and trust. This person will drive the cultural and technical shift from reactive vulnerability patching to proactive threat-informed risk reduction.

Our new Vulnerability Management Team Lead will join a growing and capable threat and vulnerability management team of both emerging and established talent. This potential team member will be comfortable with the 4 Is at SailPoint (individual Impact Innovation and Integrity) even if theyre new to the concept. They will embrace new challenges and by being their authentic self will be a positive contributor to an already positive work culture and environment.

This is a challenging and impactful role where you will have the opportunity to work with a variety of stakeholders including our fantastic colleagues in IT DevOps Product engineering security engineering and the security operations center.

This role reports directly to the Head of Vulnerability Management and will be remote.

Key Requirements:

• 5-7 years in leadership roles preferably in product or application security.

• Strong engineering experience with cloud containers open-source code deployment and misconfigurations

• Advanced experience with scripting languages (e.g. Python PowerShell) for automating data ingestion reporting or integrating VM data into other security tools (SIEM/SOAR).

• Experience with secure software development practices and tools.

• Experience and knowledge of artificial intelligence software security including OWASP AI Security and Privacy Guide NIST AI Risk Management Framework Cybersecurity AI (CAI) Open SSF AI/ML Security Framework.

• Experience with regulatory frameworks (e.g. NIST ISO 27001 SOC GDPR).

• Experience building relationships with software engineering teams including managing mature product security including final security reviews and risk-driven product scoring/metrics.

• Strategic Vision & Execution - Ability to define and communicate a clear vision for product security and resilience aligned with enterprise goals.

• Process Improvement: Drive continuous improvement in the efficiency of vulnerability remediation through automation ticketing system integration (e.g. Jira) and process streamlining.

• Influence & Collaboration Demonstrable experience building strong partnerships across an organization to drive secure-by-design culture.

• Application Security Familiarity with application security testing tools (SAST/DAST) and integrating vulnerability findings into development workflows.

• Technical Leadership Deep understanding of product security issues (like XXE SSRF Injections etc.) modern software development (fully automated CI/CD REST OAuth2) including multi-cloud (AWS Azure GCP Containers Kubernetes) architectures particularly Amazon Web Services Kubernetes and software bill of materials (SBOM).

• Change Management Experience leading organizational change initiatives to embed security and resilience into product development lifecycles.

• Risk-Based Decision Making Experience making informed decisions through balancing business priorities technical constraints and risk exposure.

• Executive Communication Experience communicating complex technical concepts and ongoing program updates clearly to non-technical stakeholders and executive leadership.

• Certifications like CISSP CISM CISA AWS or CCNSE are beneficial.

• If the candidate does not have the AWS Certified Cloud Practitioner or AWS Certified Cloud Security Specialty they must take these certifications within first year of employment.

Core Responsibilities:

• Developing and lead the enterprise-wide product security and resilience strategy aligning with business goals and regulatory requirements.

• Partnering with Dev/Ops engineering product management and infrastructure teams to integrate vulnerability management practices into production environments.

• Identifying risk in a production environment comprised of a sophisticated SaaS architecture consisting of dozens of microservices.

• Explaining risks identifying dependencies and facilitating the remediation process by providing necessary details and context.

• Developing and enforce a prioritization framework that utilizes risk context beyond standard CVSS scores factoring in asset criticality exposure to the public internet and internal threat intelligence (e.g. active exploitation in the wild).

• Establishing and oversee secure architecture patterns threat modeling practices and resilience engineering frameworks.

• Driving adoption of security automation vulnerability management and secure coding standards across product teams.

• Monitoring for emerging threats technologies and compliance trends to proactively evolve the security posture.

• Collaborating with with SailPoints risk team to establish the risk acceptance criteria and service level objectives (SLOs) with business leaders and asset owners ensuring remediation efforts are directly aligned with organizational risk appetite.

• Collaborating with SailPoints legal compliance and risk teams to ensure alignment with global standards and certifications.

• Generating operational Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) such as Mean Time to Remediate (MTTR) Remediation Compliance Rate and overall vulnerability density for different business units.

• Providing program performance reporting and metrics per business unit and product.

Compensation and benefits

• Experience a Small-company Atmosphere with Big-company Benefits.

• Competitive pay 401(k) and comprehensive medical dental and vision plans.

• Recharge your batteries with a flexible vacation policy and paid holidays.

• Grow with us with both technical and career growth opportunities.

• Enjoy a healthy work-life balance with flexible hours family-friendly company events and charitable work.

• All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability or veteran status.

Benefits and Compensation listed vary based on the location of your employment and the nature of your employment with SailPoint.

As a part of the total compensation package this role may be eligible for the SailPoint Corporate Bonus Plan or a role-specific commission along with potential eligibility for equity participation. SailPoint maintains broad salary ranges for its roles to account for variations in knowledge skills experience market conditions and locations as well as reflect SailPoints differing products industries and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. We estimate the base salary for US-based employees will be in this range from (min-mid-max USD):

Base salaries for employees based in other locations are competitive for the employees home location.

Benefits Overview

1. Health and wellness coverage: Medical dental and vision insurance

2. Disability coverage: Short-term and long-term disability

3. Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)

4. Additional life coverage options: Supplemental life insurance for employees spouses and children

5. Flexible spending accounts for health care and dependent care; limited purpose flexible spending account

6. Financial security: 401(k) Savings and Investment Plan with company matching

7. Time off benefits: Flexible vacation policy

8. Holidays: 8 paid holidays annually

9. Sick leave

10. Parental support: Paid parental leave

11. Employee Assistance Program (EAP) and Care Counselors

12. Voluntary benefits: Legal Assistance Critical Illness Accident Hospital Indemnity and Pet Insurance options

13. Health Savings Account (HSA) with employer contribution

SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin disability protected veteran status or any other category protected by applicable law.

Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact or mail to 11120 Four Points Dr Suite 100 Austin TX 78726 to discuss reasonable accommodations. NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.