Key skills
Product Security LeadershipSecurity IntegrationDeveloper Security ExperienceSecurity Automation ProgramsAI/ML Security ProgramsPlatform Security ArchitectureStrategic VisionSecure Coding PracticesCollaborative MindsetTeam LeadershipAIMLGitHubSDLCCI/CDLeadershipCollaboration
About this role
SailPoint is at the forefront of transforming enterprise identity governance, creating an AI-powered identity security platform. They are seeking a Director of Engineering Product Security to lead a product and developer-focused security program, enabling secure-by-default services and collaborating with various teams to address evolving product security expectations.
Responsibilities:
- Lead and grow a high-performing Engineering Product Security team focused on enabling secure development at scale
- Champion a left-shifted security model that puts secure tooling and patterns directly in developers' hands
- Partner deeply with our platform teams to embed security into CI/CD pipelines, architecture patterns, and developer workflows
- Define the security standards and practices that will govern our extensible platform, internal services, external APIs, and partner integrations
- Serve as a security advocate and trusted advisor across Product, Engineering, Cyber Security, and Field teams
- Strategic ownership of security tooling, automation, and self-service capabilities that make secure development the path of least resistance
- Set the direction and lead your team in delivering a comprehensive application security tooling strategy encompassing SAST/SCA, DAST, and IAST
- Define organizational policies and secure guardrails for AI-assisted development tools (Cursor, GitHub Copilot, etc.) to ensure AI-generated code meets our security standards
- Implement automated scanning and validation workflows that catch vulnerabilities in AI-generated code before it reaches production
- Establish the strategic framework for threat modeling, secure design patterns, and architecture reviews across our unified platform
- Define the standards, build the review processes, and ensure your team has the capacity and expertise to support the organization at scale
- Executive ownership of the partnership with our platform engineering teams to define and drive how security practices are embedded into SailPoint's SDLC and CI/CD pipelines
- Set the integration strategy and ensure your team delivers on it in close collaboration with engineering leadership
- Leadership and continuous optimization of programs that measurably reduce vulnerability turnaround time by catching issues before they reach production
- Define the metrics, establish accountability structures, and drive a culture of continuous improvement in remediation velocity across the engineering organization
- Ownership of the security standards and governance framework for our API-first platform strategy, SDKs, integration tooling, and marketplace components
- Chart the course for how security scales alongside our extensibility model, ensuring your team delivers clear, adoptable guardrails for internal and external developers
- Strategic direction and investment in security training, secure coding practices, and guidance that empowers engineering teams to own security outcomes
- Build the enablement program, define its success criteria, and ensure your team delivers content and experiences that drive measurable improvements in secure development practices across the organization
Requirements:
- 7+ years of security leadership experience, preferably in product or application security
- Experience at a platform company building security into extensible, multi-tenant services
- Proven builder and leader of developer-focused security programs
- Platform company leadership experience
- Deep technical credibility that earns trust across the organization
- Seasoned security engineering leader
- Collaborative executive partnership mindset
- Vision for elegant, scalable developer security experiences
- Strategic ownership of security automation programs
- AI/ML security program visionary and builder