The Vulnerability Management Analyst will assess, prioritize, and remediate vulnerabilities across IT assets, ensuring compliance and collaboration with cross-functional teams.
Cybersecurity Vulnerability Management Analyst
SailPoint’s Cybersecurity organization is seeking a Cybersecurity
Vulnerability Management Analyst with a passion for cybersecurity. This
role ensures the continuous discovery, accurate assessment, risk-based
prioritization, and successful remediation of vulnerabilities and
misconfigurations across all IT assets, directly reducing the organization's
exposure and maintaining regulatory compliance.
Vulnerability Management Analyst with a passion for cybersecurity. This
role ensures the continuous discovery, accurate assessment, risk-based
prioritization, and successful remediation of vulnerabilities and
misconfigurations across all IT assets, directly reducing the organization's
exposure and maintaining regulatory compliance.
We are seeking a colleague with demonstrable technical expertise, strong
business acumen, and a proven track record of working in security
programs in complex environments. The ideal candidate will be part of the
team securing SailPoint’s production environments from misconfigurations
and software vulnerabilities, cross-functional collaboration, and ensuring
that products meet the highest standards of security, availability, and trust.
business acumen, and a proven track record of working in security
programs in complex environments. The ideal candidate will be part of the
team securing SailPoint’s production environments from misconfigurations
and software vulnerabilities, cross-functional collaboration, and ensuring
that products meet the highest standards of security, availability, and trust.
Our new Vulnerability Management Analyst will join a growing and capable
threat and vulnerability management team of both emerging and
established talent. This potential team member will be comfortable with the
4 I’s at SailPoint (individual, Impact, Innovation, and Integrity) even if
they’re new to the concept. They will embrace new challenges, and by being
their authentic self they will be a positive contributor to an already positive
work culture and environment.
threat and vulnerability management team of both emerging and
established talent. This potential team member will be comfortable with the
4 I’s at SailPoint (individual, Impact, Innovation, and Integrity) even if
they’re new to the concept. They will embrace new challenges, and by being
their authentic self they will be a positive contributor to an already positive
work culture and environment.
This is a challenging and impactful role where you will have the opportunity
to work with a variety of stakeholders, including our fantastic colleagues in
IT, DevOps, Product engineering, Security engineering, and Compliance.
This role reports directly to the Head of Vulnerability Management and will
be remote. Candidae must go to Pune office once a quarter.
to work with a variety of stakeholders, including our fantastic colleagues in
IT, DevOps, Product engineering, Security engineering, and Compliance.
This role reports directly to the Head of Vulnerability Management and will
be remote. Candidae must go to Pune office once a quarter.
Key Requirements:
3-5 years experience, preferably in vulnerability management.
Strong engineering experience with cloud, containers, open-source
code, deployment and misconfigurations.
Intermediate experience with scripting languages (e.g., Python,
PowerShell) for automating data ingestion, reporting, or integrating
VM data into other security tools (SIEM/SOAR).
Experience with regulatory frameworks (e.g., NIST, ISO 27001, SOC,
GDPR) and providing evidence for compliance and audit needs.
3-5 years experience, preferably in vulnerability management.
Strong engineering experience with cloud, containers, open-source
code, deployment and misconfigurations.
Intermediate experience with scripting languages (e.g., Python,
PowerShell) for automating data ingestion, reporting, or integrating
VM data into other security tools (SIEM/SOAR).
Experience with regulatory frameworks (e.g., NIST, ISO 27001, SOC,
GDPR) and providing evidence for compliance and audit needs.
Experience tracking trends and configure systems as required to
reduce false positives from true events.
Process Improvement: Drive continuous improvement in the efficiency
of vulnerability remediation through automation, ticketing system
integration (e.g., Jira), and process streamlining.
Influence & Collaboration – Demonstrable experience building strong
partnerships in a matrixed organization.
Technical – Intermediate understanding of product security issues
(like XXE, SSRF, Injections, etc.), modern software development (fully
automated CI/CD, REST, OAuth2) including multi-cloud (AWS, Azure,
GCP, Containers, Kubernetes) architectures, particularly Amazon Web
Services, Kubernetes, and Docker.
Risk-Based Decision Making – Experience making informed decisions
through balancing business priorities, technical constraints, and risk
exposure.
Certifications like CISSP, CISA, CySA+, AWS Certs, or CCNSE, or
other relevant certifications are preferred.
If the candidate does not have the AWS Certified Cloud Practitioner or
AWS Certified Cloud Security – Specialty, they must take these
certifications within first year of employment.
reduce false positives from true events.
Process Improvement: Drive continuous improvement in the efficiency
of vulnerability remediation through automation, ticketing system
integration (e.g., Jira), and process streamlining.
Influence & Collaboration – Demonstrable experience building strong
partnerships in a matrixed organization.
Technical – Intermediate understanding of product security issues
(like XXE, SSRF, Injections, etc.), modern software development (fully
automated CI/CD, REST, OAuth2) including multi-cloud (AWS, Azure,
GCP, Containers, Kubernetes) architectures, particularly Amazon Web
Services, Kubernetes, and Docker.
Risk-Based Decision Making – Experience making informed decisions
through balancing business priorities, technical constraints, and risk
exposure.
Certifications like CISSP, CISA, CySA+, AWS Certs, or CCNSE, or
other relevant certifications are preferred.
If the candidate does not have the AWS Certified Cloud Practitioner or
AWS Certified Cloud Security – Specialty, they must take these
certifications within first year of employment.
Core Responsibilities:
Collaborating in the enterprise-wide product security and resilience
strategy, aligning with business goals and regulatory requirements.
Partnering with Dev/Ops, engineering, product management, and
infrastructure teams to integrate vulnerability management practices
into production environments.
Identifying risk in a production environment comprised of a
sophisticated SaaS architecture consisting of dozens of microservices
Maintain knowledge of the threat landscape for prioritization of
vulnerabilities, attack techniques, tool/exploit development, cyber
threat intelligence analysis and adversarial tactics.
Explaining risks, identifing dependencies, and facilitating the
remediation process by providing necessary details and context.
Enforce a prioritization framework that utilizes risk context beyond
standard CVSS scores, factoring in asset criticality, exposure to the
public internet, and internal threat intelligence (e.g., active
exploitation in the wild).
Drive the adoption of security automation, vulnerability management
with product teams.
Providing program performance reporting and metrics per business
unit and product.
Collaborating in the enterprise-wide product security and resilience
strategy, aligning with business goals and regulatory requirements.
Partnering with Dev/Ops, engineering, product management, and
infrastructure teams to integrate vulnerability management practices
into production environments.
Identifying risk in a production environment comprised of a
sophisticated SaaS architecture consisting of dozens of microservices
Maintain knowledge of the threat landscape for prioritization of
vulnerabilities, attack techniques, tool/exploit development, cyber
threat intelligence analysis and adversarial tactics.
Explaining risks, identifing dependencies, and facilitating the
remediation process by providing necessary details and context.
Enforce a prioritization framework that utilizes risk context beyond
standard CVSS scores, factoring in asset criticality, exposure to the
public internet, and internal threat intelligence (e.g., active
exploitation in the wild).
Drive the adoption of security automation, vulnerability management
with product teams.
Providing program performance reporting and metrics per business
unit and product.
First 30 Days
Learn the landscape, processes and technologies.
Complete all tooling platform specific training assigned.
Learn the landscape, processes and technologies.
Complete all tooling platform specific training assigned.
60 Days
Take ownership of vulnerability analysis and reporting for a
designated environment
Establish communication and follow-up cadence with the remediation
teams
Identify and document an opportunity to improve the efficiency of the
current process
Take ownership of vulnerability analysis and reporting for a
designated environment
Establish communication and follow-up cadence with the remediation
teams
Identify and document an opportunity to improve the efficiency of the
current process
90 Days
Manage full lifecycle for all production environment
Collaborate with respective teams to address specific, frequent
occurring vulnerability, insecure coding, etc
Have deep understanding of all core technologies, environments and
our cloud architecture.
Contribute to the team internal knowledgebase on lessons learned
Manage full lifecycle for all production environment
Collaborate with respective teams to address specific, frequent
occurring vulnerability, insecure coding, etc
Have deep understanding of all core technologies, environments and
our cloud architecture.
Contribute to the team internal knowledgebase on lessons learned
SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law.
Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact [email protected] or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations. NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.
Top Skills
AWS
Azure
Docker
GCP
JIRA
Kubernetes
Powershell
Python
SIEM
Soar
SailPoint Pune, Mahārāshtra, IND Office
Lohia Jain Arcade, Sr. No. 106/107, Near Chatursringi Temple, Senapati Bapat Road , Pune, Maharashtra , India, 411016
Similar Jobs at SailPoint
Artificial Intelligence • Cloud • Sales • Security • Software • Cybersecurity • Data Privacy
The Product Counsel provides legal guidance on product development, compliance, and risk management, working with cross-functional teams while ensuring legal documentation and internal policies are up to date.
Top Skills:
AICybersecurityData ProtectionOpen-Source SoftwareSoftware
Artificial Intelligence • Cloud • Sales • Security • Software • Cybersecurity • Data Privacy
The Site Reliability Engineer will design, develop, and improve the reliability of SailPoint's IdentityNow services, focusing on automation, incident management, and mentoring teams in observability best practices.
Top Skills:
AWSGoGrafanaHoneycombJavaKibanaKubernetesPrometheusPythonTerraform
Artificial Intelligence • Cloud • Sales • Security • Software • Cybersecurity • Data Privacy
Lead the software support engineering team, overseeing issue verification processes, ensuring timely resolution, and enhancing support tools in collaboration with various teams.
Top Skills:
Debugging TechniquesIssue Tracking SystemsSoftware Development Methodologies
What you need to know about the Pune Tech Scene
Once a far-out concept, AI is now a tangible force reshaping industries and economies worldwide. While its adoption will automate some roles, AI has created more jobs than it has displaced, with an expected 97 million new roles to be created in the coming years. This is especially true in cities like Pune, which is emerging as a hub for companies eager to leverage this technology to develop solutions that simplify and improve lives in sectors such as education, healthcare, finance, e-commerce and more.
