Director, Product Security Engineering

Director, Engineering Product Security

At SailPoint, we are at the forefront of transforming enterprise identity governance. With our next-generation Atlas Platform, we are creating the industry's most advanced, AI-powered identity security platform. Our mission is clear: unify and simplify identity management across humans, machines, and AI agents, just as CMDB revolutionized IT asset management.

Atlas is a productized, externally facing platform built for customers, not just internal users. We're integrating multiple product offerings into an internally and externally extensible platform and we need someone who understands what it means to embed security into the DNA of the product lifecycle.

We are seeking a Director of Engineering Product Security to lead a product and developer-focused security program. This role will enable our product managers and engineering teams to build secure-by-default services from the design phase. The ideal candidate will collaborate with Product, GTM, and customers to anticipate and address evolving product security expectations. This is an opportunity to help build the most secure and extensible identity platform available.

Why This Role Matters

Security isn't a gate at the end of the development process—it's the foundation everything else is built on. As SailPoint evolves into a unified platform company, we need a security leader who thinks like a developer, partners like a product owner, and can help architect security that scales to meet the identity security needs of the world’s largest organizations.

You won't be chasing compliance checkboxes. You'll be empowering engineering teams with the tools, patterns, and guardrails they need to ship secure code fast. You'll shape how security integrates into our SDLC, our APIs, our extensibility model, and our partner ecosystem.

You will

• Lead and grow a high-performing Engineering Product Security team focused on enabling secure development at scale

• Champion a left-shifted security model that puts secure tooling and patterns directly in developers' hands

• Partner deeply with our platform teams to embed security into CI/CD pipelines, architecture patterns, and developer workflows

• Define the security standards and practices that will govern our extensible platform, internal services, external APIs, and partner integrations

• Serve as a security advocate and trusted advisor across Product, Engineering, Cyber Security, and Field teams

What You'll Own

• Developer Security Experience: Strategic ownership of security tooling, automation, and self-service capabilities that make secure development the path of least resistance. You will set the direction and lead your team in delivering:

  • A comprehensive application security tooling strategy encompassing SAST/SCA, DAST, and IAST

  • Organizational policies and secure guardrails for AI-assisted development tools (Cursor, GitHub Copilot, etc.) to ensure AI-generated code meets our security standards

  • Automated scanning and validation workflows that catch vulnerabilities in AI-generated code before it reaches production, with your team owning the design, implementation, and continuous improvement of these capabilities

• Product Security Architecture: Establishment of the strategic framework for threat modeling, secure design patterns, and architecture reviews across our unified platform, including services consumed by customers, partners, and internal teams. You will define the standards, build the review processes, and ensure your team has the capacity and expertise to support the organization at scale.

• Security Integration: Executive ownership of the partnership with our platform engineering teams to define and drive how security practices are embedded into SailPoint's SDLC and CI/CD pipelines, including AI coding security practices. You will set the integration strategy and ensure your team delivers on it in close collaboration with engineering leadership.

• Product Security Program Management: Leadership and continuous optimization of programs that measurably reduce vulnerability turnaround time by catching issues before they reach production. You will define the metrics, establish accountability structures, and drive a culture of continuous improvement in remediation velocity across the engineering organization.

• Platform Extensibility Security: Ownership of the security standards and governance framework for our API-first platform strategy, SDKs, integration tooling, and marketplace components. You will chart the course for how security scales alongside our extensibility model, ensuring your team delivers clear, adoptable guardrails for internal and external developers.

• Developer Enablement: Strategic direction and investment in security training, secure coding practices, and guidance that empowers engineering teams to own security outcomes. You will build the enablement program, define its success criteria, and ensure your team delivers content and experiences that drive measurable improvements in secure development practices across the organization.

What We're Looking For

• Proven builder and leader of developer-focused security programs: You've stood up and scaled left-shifted product security programs that product and engineering organizations embrace. You've set the vision, built the teams, and driven adoption not by doing the work yourself, but by creating the strategy, hiring the right people, and establishing the culture that makes secure development the default.

• Platform company leadership experience: You've led security programs at organizations integrating multiple product offerings into extensible platforms. You understand the unique security challenges this creates and have set the architectural direction and policy frameworks to address them at scale.

• Deep technical credibility that earns trust across the organization: You bring a strong command of modern software development paradigms, including multi-cloud native architectures, Kubernetes, and API security, so you can hold your own with principal engineers, challenge architectural decisions, and ensure your team is setting the right technical direction.

• Seasoned security engineering leader: 7+ years leading and scaling product or application security teams, with a track record of recruiting, mentoring, and developing high-performing engineers and architects into future leaders. You know how to build team structures, define career paths, and create an environment where top talent thrives.

• Collaborative executive partnership mindset: You build trust with engineering, product, and field leadership by operating as a strategic partner, not a compliance gate. You know how to influence without direct authority, align cross-functional stakeholders, and drive a secure-by-design culture from the leadership level down.

• Vision for elegant, scalable developer security experiences: You set the standard for what great security tooling looks like: fast, accurate, and seamlessly integrated. You know that developer experience is the single biggest lever for improving security outcomes. You direct your team to deliver on that vision and hold them accountable to that bar.

• Strategic ownership of security automation programs: You've directed the implementation and continuous improvement of security tooling across CI/CD pipelines, led SAST/DAST/SCA program strategy, and driven organization-wide adoption by ensuring your teams prioritize developer experience alongside security rigor.

• AI/ML security program visionary and builder: You've defined and led security programs for AI-powered products, charting the course for your organization using governance frameworks such as the NIST AI Risk Management Framework (AI RMF), ISO/IEC 42001:2023, and OECD AI Principles. You've directed your teams' work across:

  • Threat-focused frameworks like MITRE ATLAS and the OWASP Top 10 for LLM Applications

  • Enterprise and emerging frameworks including Google Secure AI Framework (SAIF), CSA MAESTRO for agentic AI and multi-agent orchestration, OWASP AI Security and Privacy Guide, and Open SSF AI/ML Security Framework

  • Secure development frameworks including NIST Secure Software Development Framework (SSDF) and ISO/IEC 27090 for AI cybersecurity

Why Join Us

• Shape the future of identity security—this isn't about incremental improvements, it's about building the most secure extensible platform in our industry

• Work alongside passionate, top-tier technologists solving real, hard, and impactful security problems at scale

• Lead with autonomy while enjoying strong executive sponsorship and investment in security as a competitive advantage

• Build for real impact—our platform is used by thousands of enterprises, millions of identities, and countless security-critical workflows

• Define what great looks like—you'll have the opportunity to shape security culture, tooling, and practices across the entire engineering organization

Requirements

• 7+ years of security leadership experience, preferably in product or application security

• Experience at a platform company building security into extensible, multi-tenant services

Locations: This role reports directly to the Sr. Director of Infrastructure Platform Engineering, and can be remote or based in Austin, TX. Considering candidates in the US, Canada, and India.

If you're ready to build security that enables rather than restricts, security that makes our platform better, faster, and more trusted, we want to build it with you.

Benefits and Compensation listed vary based on the location of your employment and the nature of your employment with SailPoint.

As a part of the total compensation package, this role may be eligible for the SailPoint Corporate Bonus Plan or a role-specific commission, along with potential eligibility for equity participation. SailPoint maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect SailPoint’s differing products, industries, and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. We estimate the base salary, for US-based employees, will be in this range from (min-mid-max, USD):

Base salaries for employees based in other locations are competitive for the employee’s home location.

Benefits Overview

1. Health and wellness coverage: Medical, dental, and vision insurance

2. Disability coverage: Short-term and long-term disability

3. Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)

4. Additional life coverage options: Supplemental life insurance for employees, spouses, and children

5. Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account

6. Financial security: 401(k) Savings and Investment Plan with company matching

7. Time off benefits: Flexible vacation policy

8. Holidays: 8 paid holidays annually

9. Sick leave

10. Parental support: Paid parental leave

11. Employee Assistance Program (EAP) and Care Counselors

12. Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options

13. Health Savings Account (HSA) with employer contribution

SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law.  

Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact [email protected] or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations.  NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.