Vulnerability Management Analyst

SailPoint is seeking a Cybersecurity Vulnerability Management Analyst to ensure continuous discovery, accurate assessment, risk-based prioritization, and successful remediation of vulnerabilities and misconfigurations across all IT assets. This role directly reduces the organization's exposure and maintains regulatory compliance. The analyst will collaborate with IT, DevOps, Product engineering, Security engineering, and Compliance teams to secure SailPoint’s production environments and ensure products meet high security standards. This remote position involves working with a growing threat and vulnerability management team.

Must Have

• 3-5 years experience, preferably in vulnerability management
• Strong engineering experience with cloud, containers, open-source code, deployment, and misconfigurations
• Intermediate experience with scripting languages (e.g., Python, PowerShell) for automating data ingestion, reporting, or integrating VM data into other security tools
• Experience with regulatory frameworks (e.g., NIST, ISO 27001, SOC, GDPR) and providing evidence for compliance and audit needs
• Experience tracking trends and configuring systems to reduce false positives from true events
• Drive continuous improvement in the efficiency of vulnerability remediation through automation, ticketing system integration (e.g., Jira), and process streamlining
• Demonstrable experience building strong partnerships in a matrixed organization
• Intermediate understanding of product security issues (like XXE, SSRF, Injections), modern software development (fully automated CI/CD, REST, OAuth2) including multi-cloud (AWS, Azure, GCP, Containers, Kubernetes) architectures
• Experience making informed decisions through balancing business priorities, technical constraints, and risk exposure
• Collaborate in the enterprise-wide product security and resilience strategy
• Partner with Dev/Ops, engineering, product management, and infrastructure teams to integrate vulnerability management practices
• Identify risk in a production environment comprised of a sophisticated SaaS architecture
• Maintain knowledge of the threat landscape for prioritization of vulnerabilities, attack techniques, and cyber threat intelligence
• Explain risks, identify dependencies, and facilitate the remediation process
• Enforce a prioritization framework that utilizes risk context beyond standard CVSS scores
• Drive the adoption of security automation and vulnerability management with product teams
• Provide program performance reporting and metrics

Good to Have

• Certifications like CISSP, CISA, CySA+, AWS Certs, or CCNSE, or other relevant certifications are preferred
• If not already held, AWS Certified Cloud Practitioner or AWS Certified Cloud Security – Specialty certifications must be obtained within the first year of employment

Perks & Benefits

• Medical, dental, and vision insurance
• Short-term and long-term disability coverage
• Life insurance and Accidental Death & Dismemberment (AD&D)
• Supplemental life insurance for employees, spouses, and children
• Flexible spending accounts for health care, dependent care, and limited purpose
• 401(k) Savings and Investment Plan with company matching
• Flexible vacation policy
• 8 paid holidays annually
• Sick leave
• Paid parental leave
• Employee Assistance Program (EAP) and Care Counselors
• Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options
• Health Savings Account (HSA) with employer contribution

Cybersecurity Vulnerability Management Analyst

The Cybersecurity organization is seeking a Cybersecurity Vulnerability Management Analyst with a passion for cybersecurity. This role ensures the continuous discovery, accurate assessment, risk-based prioritization, and successful remediation of vulnerabilities and misconfigurations across all IT assets, directly reducing the organization's exposure and maintaining regulatory compliance.

We are seeking a colleague with demonstrable technical expertise, strong business acumen, and a proven track record of working in security programs in complex environments. The ideal candidate will be part of the team securing production environments from misconfigurations and software vulnerabilities, cross-functional collaboration, and ensuring that products meet the highest standards of security, availability, and trust.

Our new Vulnerability Management Analyst will join a growing and capable threat and vulnerability management team of both emerging and established talent. This potential team member will be comfortable with the 4 I’s at SailPoint (individual, Impact, Innovation, and Integrity) even if they’re new to the concept. They will embrace new challenges, and by being their authentic self they will be a positive contributor to an already positive work culture and environment.

This is a challenging and impactful role where you will have the opportunity to work with a variety of stakeholders, including our fantastic colleagues in IT, DevOps, Product engineering, Security engineering, and Compliance.

This role reports directly to the Head of Vulnerability Management and will be remote.

Key Requirements:

• 3-5 years experience, preferably in vulnerability management.
• Strong engineering experience with cloud, containers, open-source code, deployment and misconfigurations.
• Intermediate experience with scripting languages (e.g., Python, PowerShell) for automating data ingestion, reporting, or integrating VM data into other security tools (SIEM/SOAR).
• Experience with regulatory frameworks (e.g., NIST, ISO 27001, SOC, GDPR) and providing evidence for compliance and audit needs.
• Experience tracking trends and configure systems as required to reduce false positives from true events.
• Process Improvement: Drive continuous improvement in the efficiency of vulnerability remediation through automation, ticketing system integration (e.g., Jira), and process streamlining.
• Influence & Collaboration – Demonstrable experience building strong partnerships in a matrixed organization.
• Technical – Intermediate understanding of product security issues (like XXE, SSRF, Injections, etc.), modern software development (fully automated CI/CD, REST, OAuth2) including multi-cloud (AWS, Azure, GCP, Containers, Kubernetes) architectures, particularly Amazon Web Services, Kubernetes, and Docker.
• Risk-Based Decision Making – Experience making informed decisions through balancing business priorities, technical constraints, and risk exposure.
• Certifications like CISSP, CISA, CySA+, AWS Certs, or CCNSE, or other relevant certifications are preferred.
• If the candidate does not have the AWS Certified Cloud Practitioner or AWS Certified Cloud Security – Specialty, they must take these certifications within first year of employment.

Core Responsibilities:

• Collaborating in the enterprise-wide product security and resilience strategy, aligning with business goals and regulatory requirements.
• Partnering with Dev/Ops, engineering, product management, and infrastructure teams to integrate vulnerability management practices into production environments.
• Identifying risk in a production environment comprised of a sophisticated SaaS architecture consisting of dozens of microservices
• Maintain knowledge of the threat landscape for prioritization of vulnerabilities, attack techniques, tool/exploit development, cyber threat intelligence analysis and adversarial tactics.
• Explaining risks, identifing dependencies, and facilitating the remediation process by providing necessary details and context.
• Enforce a prioritization framework that utilizes risk context beyond standard CVSS scores, factoring in asset criticality, exposure to the public internet, and internal threat intelligence (e.g., active exploitation in the wild).
• Drive the adoption of security automation, vulnerability management with product teams.
• Providing program performance reporting and metrics per business unit and product.