Senior Vulnerability Management Analyst

SailPoint is seeking an experienced Senior Vulnerability Management Analyst to help contribute to the overall success of our vulnerability management program. As a key member of our Cybersecurity team, you will play a crucial role in protecting our systems and data and partnering with key departments across SailPoint to ensure our SaaS and enterprise software solutions remain secure against emerging threats.

The Senior VM Analyst will join a growing threat and vulnerability management team of both emerging and established talent and work closely with cross-functional teams across the company. The ideal candidate will be comfortable with the 4 I’s at SailPoint (Individual, Impact, Innovation, and Integrity) even if they are new to the concept. They will embrace new challenges, and by being their authentic self they will be a positive contributor to an already positive work culture and environment.

This role is fully remote, and reports directly to the Head of Vulnerability Management.

Key Responsibilities:

• Vulnerability Lifecycle Management: Work closely with teams to manage the end-to-end vulnerability management process, including conducting scans, analyzing results, and tracking remediation efforts against defined service level objectives (SLOs).

• Risk Analysis & Prioritization: Perform in-depth analysis of vulnerabilities from automated scans and penetration tests. Develop risk-based remediation plans and collaborate with stakeholders to prioritize the most critical findings.

• Process Automation & Improvement: Help drive the evolution of our vulnerability management operations by identifying and implementing automation opportunities across our tech stack. Develop and refine program governance, reporting templates, and metrics.

• Reporting & Communication: Create and present clear, actionable vulnerability reports, scorecards, and dashboards that define the current security risk posture for both technical and non-technical audiences.

• Subject Matter Expertise: Serve as a thought leader within the team, maintaining deep knowledge of the current threat landscape, new technologies, and security best practices to guide strategy and mentor peers.

Core Qualifications:

• Experience: 4+ years of hands-on experience in vulnerability management and risk analytics.

• Technical Skills:

  • Advanced knowledge of vulnerability assessment tools (e.g., Qualys, CrowdStrike, Teneable, Orca etc.).

  • Strong understanding of vulnerability classification (CVSS, CVE), risk vs. severity, and prioritizing impactful findings.

  • Solid grasp of cloud, network, endpoint, and application security, as well as patching processes for Windows, Mac, and Linux systems.

• Strategic Abilities:

  • Proven ability to innovate and formalize security processes.

  • Excellent written and verbal communication skills, with an ability to distill complex issues into clear, stakeholder-friendly language.

  • Highly organized, detail-oriented, and capable of managing multiple projects in a fast-paced environment.

• Frameworks & Compliance: Experience with common cybersecurity frameworks (e.g., NIST, MITRE ATT&CK, OWASP) and compliance requirements (e.g., SOC2, ISO27001, FedRAMP).

Preferred Qualifications:

• Professional certifications such as AWS CCP, CISSP, CEH, GEVA, or OSCP.

• Background in penetration testing, product security, or security research.

Note: Candidates are required to obtain the AWS Certified Cloud Practitioner or AWS Certified Security - Specialty certification within the first year of employment if they do not already possess it.

The Path to Success (Milestones):

60-Day Milestones (The "Connecting" Phase):

• Become fully comfortable with core processes and tools (e.g., Qualys, CrowdStrike), including reporting, ticketing, and internal workflows.
• Solidify relationships with key members of the vulnerability management team and begin engaging with stakeholders in Engineering and Compliance.
• Begin performing routine vulnerability management tasks, such as validating scans and initiating remediation ticketing, with increasing independence.

90-Day Milestones (The "Contribution" Phase):

• Operate with minimal oversight on daily tasks, fully managing the day-to-day vulnerability lifecycle for your areas of responsibility.
• Act as a natural escalation point for junior analysts, providing mentorship and helping to resolve challenges with remediation teams.
• Confidently engage with engineering teams to work through remediation problems and ensure operational flow.

6-Month Milestones (The "Performance" Phase):

• Become a strong, effective contributor who actively identifies and suggests areas for process improvement.
• Take the lead on an internal team project, such as revamping vulnerability metrics or automating a reporting process.
• Demonstrate a deep understanding of our risk-based approach by prioritizing vulnerabilities.

12-Month Milestones (The "Ownership" Phase):

• Solidly own all assigned tasks and responsibilities, running with them from start to finish with minimal supervision.
• Actively contribute to maturing the team by bringing in new ideas, finding process efficiencies, and mentoring junior analysts on technical and communication skills.
• Establish and maintain strong, trusted relationships with cross-functional partners in Engineering, Compliance, and other departments, effectively working through complex problems together.

Benefits and Compensation listed vary based on the location of your employment and the nature of your employment with SailPoint.

As a part of the total compensation package, this role may be eligible for the SailPoint Corporate Bonus Plan or a role-specific commission, along with potential eligibility for equity participation. SailPoint maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect SailPoint’s differing products, industries, and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. We estimate the base salary, for US-based employees, will be in this range from (min-mid-max, USD):

Base salaries for employees based in other locations are competitive for the employee’s home location.

Benefits Overview

1. Health and wellness coverage: Medical, dental, and vision insurance

2. Disability coverage: Short-term and long-term disability

3. Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)

4. Additional life coverage options: Supplemental life insurance for employees, spouses, and children

5. Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account

6. Financial security: 401(k) Savings and Investment Plan with company matching

7. Time off benefits: Flexible vacation policy

8. Holidays: 8 paid holidays annually

9. Sick leave

10. Parental support: Paid parental leave

11. Employee Assistance Program (EAP) and Care Counselors

12. Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options

13. Health Savings Account (HSA) with employer contribution

SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law.  

Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact [email protected] or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations.  NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.