Vulnerability Management Analyst

Cybersecurity Vulnerability Management Analyst

SailPoint's Cybersecurity organization is seeking a Cybersecurity

Vulnerability Management Analyst with a passion for cybersecurity. This

role ensures the continuous discovery, accurate assessment, risk-based

prioritization, and successful remediation of vulnerabilities and

misconfigurations across all IT assets, directly reducing the organization's

exposure and maintaining regulatory compliance.

We are seeking a colleague with demonstrable technical expertise, strong

business acumen, and a proven track record of working in security

programs in complex environments . The ideal candidate will be part of the

team securing SailPoint's production environments from misconfigurations

and software vulnerabilities, cross-functional collaboration, and ensuring

that products meet the highest standards of security, availability, and trust.

Our new Vulnerability Management Analyst will join a growing and capable

threat and vulnerability management team of both emerging and

established talent. This potential team member will be comfortable with the

4 I's at SailPoint (individual, Impact, Innovation, and Integrity) even if

they're new to the concept. They will embrace new challenges, and by being

their authentic self they will be a positive contributor to an already positive

work culture and environment.

This is a challenging and impactful role where you will have the opportunity

to work with a variety of stakeholders, including our fantastic colleagues in

IT, DevOps, Product engineering, Security engineering, and Compliance.

This role reports directly to the Head of Vulnerability Management and will

be remote. Candidae must go to Pune office once a quarter.

Key Requirements :

 3-5 years experience, preferably in vulnerability management.

 Strong engineering experience with cloud, containers, open-source

code, deployment and misconfigurations.

 Intermediate experience with scripting languages (e.g., Python,

PowerShell) for automating data ingestion, reporting, or integrating

VM data into other security tools (SIEM / SOAR).

 Experience with regulatory frameworks (e.g., NIST, ISO 27001, SOC,

GDPR) and providing evidence for compliance and audit needs.  Experience tracking trends and configure systems as required to

reduce false positives from true events.

 Process Improvement : Drive continuous improvement in the efficiency

of vulnerability remediation through automation, ticketing system

integration (e.g., Jira), and process streamlining.

 Influence & Collaboration – Demonstrable experience building strong

partnerships in a matrixed organization.

 Technical – Intermediate understanding of product security issues

(like XXE, SSRF, Injections, etc.), modern software development (fully

automated CI / CD, REST, OAuth2) including multi-cloud (AWS, Azure,

GCP, Containers, Kubernetes) architectures, particularly Amazon Web

Services, Kubernetes, and Docker.

 Risk-Based Decision Making – Experience making informed decisions

through balancing business priorities, technical constraints, and risk

exposure.

 Certifications like CISSP, CISA, CySA+, AWS Certs, or CCNSE , or

other relevant certifications are preferred.

 If the candidate does not have the AWS Certified Cloud Practitioner or

AWS Certified Cloud Security – Specialty, they must take these

certifications within first year of employment.

Core Responsibilities :

 Collaborating in the enterprise-wide product security and resilience

strategy, aligning with business goals and regulatory requirements.

 Partnering with Dev / Ops, engineering, product management, and

infrastructure teams to integrate vulnerability management practices

into production environments.

 Identifying risk in a production environment comprised of a

sophisticated SaaS architecture consisting of dozens of microservices

 Maintain knowledge of the threat landscape for prioritization of

vulnerabilities, attack techniques, tool / exploit development, cyber

threat intelligence analysis and adversarial tactics.

 Explaining risks, identifing dependencies, and facilitating the

remediation process by providing necessary details and context.

 Enforce a prioritization framework that utilizes risk context beyond

standard CVSS scores, factoring in asset criticality, exposure to the

public internet, and internal threat intelligence (e.g., active

exploitation in the wild).

 Drive the adoption of security automation, vulnerability management

with product teams.

 Providing program performance reporting and metrics per business

unit and product. First 30 Days

 Learn the landscape, processes and technologies.

 Complete all tooling platform specific training assigned.

60 Days

 Take ownership of vulnerability analysis and reporting for a

designated environment

 Establish communication and follow-up cadence with the remediation

teams

 Identify and document an opportunity to improve the efficiency of the

current process

90 Days

 Manage full lifecycle for all production environment

 Collaborate with respective teams to address specific, frequent

occurring vulnerability, insecure coding, etc

 Have deep understanding of all core technologies, environments and

our cloud architecture.

 Contribute to the team internal knowledgebase on lessons learned

SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law.

Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact [HIDDEN TEXT] or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations.  NOTE : Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.

Skills Required

Gdpr, Oauth2, Vulnerability Management, SOAR, Soc, Cisa, Jira, Rest, Iso 27001, Gcp, Docker, Cissp, nist, Siem, Azure, Kubernetes, Aws