Director, Product Security Engineering

About The Position

Requirements

• Proven builder and leader of developer-focused security programs: You've stood up and scaled left-shifted product security programs that product and engineering organizations embrace. You've set the vision, built the teams, and driven adoption not by doing the work yourself, but by creating the strategy, hiring the right people, and establishing the culture that makes secure development the default.
• Platform company leadership experience: You've led security programs at organizations integrating multiple product offerings into extensible platforms. You understand the unique security challenges this creates and have set the architectural direction and policy frameworks to address them at scale.
• Deep technical credibility that earns trust across the organization: You bring a strong command of modern software development paradigms, including multi-cloud native architectures, Kubernetes, and API security, so you can hold your own with principal engineers, challenge architectural decisions, and ensure your team is setting the right technical direction.
• Seasoned security engineering leader: 7+ years leading and scaling product or application security teams, with a track record of recruiting, mentoring, and developing high-performing engineers and architects into future leaders. You know how to build team structures, define career paths, and create an environment where top talent thrives.
• Collaborative executive partnership mindset: You build trust with engineering, product, and field leadership by operating as a strategic partner, not a compliance gate. You know how to influence without direct authority, align cross-functional stakeholders, and drive a secure-by-design culture from the leadership level down.
• Vision for elegant, scalable developer security experiences: You set the standard for what great security tooling looks like: fast, accurate, and seamlessly integrated. You know that developer experience is the single biggest lever for improving security outcomes. You direct your team to deliver on that vision and hold them accountable to that bar.
• Strategic ownership of security automation programs: You've directed the implementation and continuous improvement of security tooling across CI/CD pipelines, led SAST/DAST/SCA program strategy, and driven organization-wide adoption by ensuring your teams prioritize developer experience alongside security rigor.
• AI/ML security program visionary and builder: You've defined and led security programs for AI-powered products, charting the course for your organization using governance frameworks such as the NIST AI Risk Management Framework (AI RMF), ISO/IEC 42001:2023, and OECD AI Principles. You've directed your teams' work across: Threat-focused frameworks like MITRE ATLAS and the OWASP Top 10 for LLM Applications Enterprise and emerging frameworks including Google Secure AI Framework (SAIF), CSA MAESTRO for agentic AI and multi-agent orchestration, OWASP AI Security and Privacy Guide, and Open SSF AI/ML Security Framework Secure development frameworks including NIST Secure Software Development Framework (SSDF) and ISO/IEC 27090 for AI cybersecurity
• 7+ years of security leadership experience, preferably in product or application security
• Experience at a platform company building security into extensible, multi-tenant services

Responsibilities

• Lead and grow a high-performing Engineering Product Security team focused on enabling secure development at scale
• Champion a left-shifted security model that puts secure tooling and patterns directly in developers' hands
• Partner deeply with our platform teams to embed security into CI/CD pipelines, architecture patterns, and developer workflows
• Define the security standards and practices that will govern our extensible platform, internal services, external APIs, and partner integrations
• Serve as a security advocate and trusted advisor across Product, Engineering, Cyber Security, and Field teams
• Developer Security Experience: Strategic ownership of security tooling, automation, and self-service capabilities that make secure development the path of least resistance. You will set the direction and lead your team in delivering: A comprehensive application security tooling strategy encompassing SAST/SCA, DAST, and IAST Organizational policies and secure guardrails for AI-assisted development tools (Cursor, GitHub Copilot, etc.) to ensure AI-generated code meets our security standards Automated scanning and validation workflows that catch vulnerabilities in AI-generated code before it reaches production, with your team owning the design, implementation, and continuous improvement of these capabilities
• Product Security Architecture: Establishment of the strategic framework for threat modeling, secure design patterns, and architecture reviews across our unified platform, including services consumed by customers, partners, and internal teams. You will define the standards, build the review processes, and ensure your team has the capacity and expertise to support the organization at scale.
• Security Integration: Executive ownership of the partnership with our platform engineering teams to define and drive how security practices are embedded into SailPoint's SDLC and CI/CD pipelines, including AI coding security practices. You will set the integration strategy and ensure your team delivers on it in close collaboration with engineering leadership.
• Product Security Program Management: Leadership and continuous optimization of programs that measurably reduce vulnerability turnaround time by catching issues before they reach production. You will define the metrics, establish accountability structures, and drive a culture of continuous improvement in remediation velocity across the engineering organization.
• Platform Extensibility Security: Ownership of the security standards and governance framework for our API-first platform strategy, SDKs, integration tooling, and marketplace components. You will chart the course for how security scales alongside our extensibility model, ensuring your team delivers clear, adoptable guardrails for internal and external developers.
• Developer Enablement: Strategic direction and investment in security training, secure coding practices, and guidance that empowers engineering teams to own security outcomes. You will build the enablement program, define its success criteria, and ensure your team delivers content and experiences that drive measurable improvements in secure development practices across the organization.

Benefits

• Health and wellness coverage: Medical, dental, and vision insurance
• Disability coverage: Short-term and long-term disability
• Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)
• Additional life coverage options: Supplemental life insurance for employees, spouses, and children
• Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account
• Financial security: 401(k) Savings and Investment Plan with company matching
• Time off benefits: Flexible vacation policy
• Holidays: 8 paid holidays annually
• Sick leave
• Parental support: Paid parental leave
• Employee Assistance Program (EAP) and Care Counselors
• Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options
• Health Savings Account (HSA) with employer contribution