Senior Vulnerability Management Analyst

+1 more | Remote
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
SailPoint is seeking an experienced Senior Vulnerability Management Analyst with demonstrated competence and thought leadership capability to contribute toward the success of our vulnerability management initiatives. As a provider of both SaaS and enterprise software for some of the world's most prestigious organizations, SailPoint strives for best-in-class security. The Senior Vulnerability Management Analyst will play a crucial role in ensuring that our systems, data, and products remain secure. This role will be responsible for ensuring that SailPoint's vulnerability management program conforms to disciplined, industry best practices. The Senior Vulnerability Management Analyst will be responsible for scanning, tracking, analyzing, and reporting on vulnerabilities as part of the vulnerability management process. To accomplish this, you will work closely with our internal security teams and other partners to help develop a vulnerability program that is resilient and supportable.
The ideal candidate will have a high passion for security, innovation, and problem-solving and the ability to work well within a team, participate in security audits, and aid in responding to customer security questionnaires. They will be highly collaborative, customer-service oriented, and comfortable with driving technical ideas and communicating clearly with technical as well as non-technical audiences in terms of risk. Additional responsibilities include implementing organizational policies and standards for vulnerability management and patch management and partnering with other teams to integrate best practices. This role will be a vital member of the CISO team and can be remote or based in Austin, TX.
***Because of the nature of the role, US Citizenship is a requirement***
  • Responsible for monitoring and reviewing vulnerability and compliance scan results and tracking remediation of vulnerabilities against service level objectives.
  • Conduct scheduled and ad hoc vulnerability scans.
  • Perform research and analysis of scheduled and on demand vulnerability assessments and develop risk-based remediation plans with proposed solutions to identified vulnerabilities; including system patching, deployment of specialized controls, code or infrastructure changes, and changes in development processes.
  • Interface with vendor support teams to keep abreast of developments in product lines.
  • Research security testing tools, techniques, and processes.
  • Promote collaboration with our stakeholders to prioritize the remediation of vulnerabilities and close potential attack vectors.
  • Analyze penetration test results then engage with technology partners and business partners to resolve identified vulnerabilities.
  • Monitor team mailbox and ticketing system to ensure proper steps are taken for all identified vulnerabilities and support of the security operations center (SOC).
  • Design and implement emergency patch criteria and processes in conjunction with the SOC.
  • Understand asset criticality and the identification of system software and configuration vulnerabilities and critical information, data and processes that must be protected.
  • Develop vulnerability reports and score cards that define current state of the corporate network security risk posture.
  • Maintain knowledge of the threat landscape for prioritization of vulnerabilities, attack techniques, tool/exploit development, intelligence analysis and adversarial tactics.
  • Provide guidance and collaborate with the Vulnerability Management engineering team to design and implement advanced vulnerability dashboards to meet operational requirements.
  • Drive automation initiatives across the vulnerability management team and operational activities that are part of maintaining security infrastructure. Identify potential for and work with engineering to implement automation between Tenable, Prisma, Slack, JIRA and other relevant tools.
  • Liaise with compliance teams to meet compliance requirements.
  • Conduct continual self-driven learning on the Vulnerability Management space to understand new trends, strategies, and technologies.
  • Establish practices, templates, policies, tools and partnerships to expand and mature operational capabilities.
  • Provide after-hours support on a scheduled / non-scheduled basis.
  • Solve complex issues and protect various environments using a risk-based approach.
  • Establishes credibility and maintains strong working relationships with groups involved with information security matters.

  • Because of the nature of the role, US Citizenship is a requirement
  • As needed, provide on-call support on, and not limited to, after hours and weekends such as in the event of unscheduled incident response efforts
  • Intermediate knowledge of risk analytics / modeling and vulnerability assessment.
  • Experience with vulnerability scanning tools.
  • Experience tracking trends and configure systems as required to reduce false positives from true events.
  • Excellent writing and presentation skills are required to communicate findings and status.
  • Detail oriented, organized, methodical, follow up skills with an analytical thought process.
  • Innovative and efficiency focused with the ability to formalize program governance, processes, report templates, and metrics.
  • Good understanding of Windows, Mac, Unix, and Linux patching.
  • Understanding of cybersecurity best practices and frameworks such as SANS Top 20 Critical Security Controls, NIST Cybersecurity Framework, MITRE ATT&CK Framework, CIS Controls and OWASP Top 10.
  • Advanced knowledge of vulnerability assessment tooling such as Tenable, Rapid7, Qualys, Orca, Prisma Cloud, Aqua, Lacework, etc.
  • A fundamental understanding of vulnerability management reporting products and their usage (such as Kenna Security, Brinqa, ZeroNorth, Nucleus).
  • Ability to prioritize impactful vulnerabilities and reduce noise often associated with vulnerability tools.
  • Knowledge of network based, system level, cloud and application layer attacks and mitigation methods.
  • Solid grasp of vulnerability classification and scoring methodologies (CVSS, CVE, CWE). Fundamental understanding of risk vs severity.
  • Strong understanding of desktop and server operating systems and software.
  • Solid understanding of cloud, network, endpoint, and application security.
  • Ability to manage time independently while handling multiple projects concurrently. Ability to work in a fast-paced environment; ability to multi-task, change direction, effectively prioritize, and meet deadlines.
  • Team-first attitude and interest in helping assist peers collaboratively on projects or as a subject matter expert on technical escalations.
  • Strong communication skills that include the ability to clearly articulate thoughts and distill complex problems into stakeholder-friendly language.
  • Experience with compliance frameworks such as ISO27001, SOC2, SOX, GDPR, FedRAMP.
  • Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.
  • Ability to work effectively with both local and remote staff, teammates and managers.

  • Bachelor's degree in Computer Science, IT Security, Information Systems, Engineering, or related field and 4+ years of related work experience.
  • Preferred certifications: CEH, CISSP, GEVA, GPEN, GWAPT, GXPN, LPT, OSCP, or other relevant certifications.

SailPoint is an equal opportunity employer and we welcome everyone to our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.
See More
Apply Now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • RLanguages
    • RubyLanguages
    • SqlLanguages
    • Twitter BootstrapLibraries
    • AngularJSFrameworks
    • Node.jsFrameworks
    • SparkFrameworks
    • SpringFrameworks
    • MySQLDatabases
    • RedisDatabases

What are SailPoint Perks + Benefits

SailPoint Benefits Overview

Experience a Small-company Atmosphere with Big-company Benefits

Volunteer in local community
Partners with Nonprofits
Friends outside of work
Eat lunch together
Intracompany committees
Daily sync
Open door policy
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Open office floor plan
Documented equal pay policy
Mean gender pay gap below 10%
Diversity Employee Resource Groups
Hiring Practices that Promote Diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Onsite Gym
Retirement & Stock Options Benefits
401(K) Matching
Employee Stock Purchase Plan
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Family Medical Leave
Company sponsored family events
Vacation & Time Off Benefits
Unlimited Vacation Policy
Paid Holidays
Perks & Discounts
Beer on Tap
Casual Dress
Company Outings
Game Room
Stocked Kitchen
Some Meals Provided
Happy Hours
Recreational Clubs
Home Office Stipend for Remote Employees
Professional Development Benefits
Job Training & Conferences
Lunch and learns
Promote from within
Mentorship program
Online course subscriptions available

More Jobs at SailPoint