SailPoint
Security Analyst
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About SailPoint
SailPoint is an identity security company based in Austin, Texas, founded in 2005. It specializes in AI-powered solutions for managing and securing access to applications and data across enterprises. The company is recognized as a leader in identity and access management (IAM) solutions, helping organizations address challenges related to user access, particularly during employee transitions and company acquisitions. SailPoint's product offerings include IdentityIQ, an on-premises identity governance platform, and IdentityNow, a cloud-based IAM solution. The company also provides Harbor Pilot, an AI-powered agent for identity security, and a Non-Employee Risk Management solution that has received FedRAMP authorization. With a workforce of over 2,600 employees, SailPoint serves a diverse range of customers, from high-end Global 2000 companies to smaller businesses, across more than 60 countries.
Security at SailPoint
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“SailPoint documents a formal vulnerability management lifecycle: "Vulnerability management is a cyclical process."The identity-library guidance prescribes regular automated scanning: "regular vulnerability scans using automated tools."”
Security Team
Job postings indicate a named vulnerability management leadership role: "reports directly to the Head of Vulnerability Management."Team leadership postings state the team owns product security strategy: "Developing and lead the enterprise-wide product security and resilience strategy."Public company leadership: "Heather Gantt-Evans joins the company as chief information security officer."☢‹ (stale)
Key Initiatives
SailPoint's product security roles list S-SDLC program responsibilities: "Participate in expanding/maturing the SailPoint S-SDLC program."Product Security Engineer responsibilities include early developer engagement: "Provide training, guidance, and assistance to development teams early in the SSDLC."Product Security Engineer role includes pipeline/tooling ownership: "Configure, maintain and tune all pipeline and traditional product and application security technologies."Product Security Engineer listing explicitly references common AppSec tools: "Application security testing tools (SAST, DAST, IAST, SCA, or similar.)"The Product Security function participates in incident response: "Be a part of the Product Security Incident Response Team (PSIRT) at SailPoint."Product Security Engineer posting references early SSDLC engagement and training: "Provide training, guidance, and assistance to development teams early in the SSDLC."Product Security Engineers are expected to "support automation and tooling of security technologies to be leveraged by development teams."Job postings describe risk-based prioritization and remediation integrations: "risk-based prioritization"Job postings require ticketing integration and KPIs including MTTR: "KPIs... such as Mean Time to Remediate (MTTR)."Vulnerability Management Analyst duties include "driving the adoption of security automation, vulnerability management with product teams."
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.