Apply on Employer Site

SailPoint · 1 day ago

Attack Surface Management Team Lead

United States

Full-time

Remote

Mid, Senior Level

$105K/yr - $195K/yr

5+ years exp

SailPoint’s Cybersecurity organization is seeking a Cybersecurity Attack Surface Management Team Lead to strengthen our security posture by reducing our digital exposure. The ASM Lead is responsible for defining and executing the strategy to continuously discover, categorize, and prioritize every asset that constitutes our attack surface, leveraging advanced tooling and threat intelligence to inform security posture and remediation efforts.

Enterprise SoftwareIdentity ManagementRisk ManagementSoftware

Growth Opportunities

H1B Sponsor Likely

Responsibilities

Develop and drive the overall strategy for discovering, inventorying, and managing the company's external and internal digital attack surface

Establish and lead the ASM program, defining key metrics, reporting mechanisms, and service level agreements (SLAs) for remediation

Implement and operate ASM tools (e.g., EASM solutions) to continuously discover and maintain an accurate inventory of all digital assets (IPs, domains, cloud resources, third-party exposures, code repositories, etc.)

Identify "Shadow IT" and unknown external-facing assets and integrate them into the security framework

Collaborate closely with Threat Intelligence, Vulnerability Management, and Penetration Testing teams to prioritize risks based on exploitability and business criticality

Oversee and track the remediation process for identified exposures, working with asset owners across IT and business units

Drive the integration of ASM data into existing security operations and risk management processes (e.g., CMDB, SIEM, GRC)

Identify opportunities to automate asset discovery, risk assessment, and reporting to enhance program efficiency

Provide technical guidance and mentorship to junior security analysts

Present program status, key findings, and strategic recommendations to leadership

Qualification

CybersecurityVulnerability ManagementThreat IntelligenceASM/EASM platformsTCP/IPCloud environmentsScripting languagesAnalytical skillsStrategic VisionInfluence & CollaborationRisk-Based Decision MakingExecutive CommunicationCertifications CISSPCertifications OSCPCertifications GIAC

Required

5+ years of experience in Cybersecurity, with at least 2+ years specifically focused on Vulnerability Management, EASM (External Attack Surface Management), or Threat Intelligence

Hands-on experience with commercial and open-source ASM/EASM platforms and methodologies (e.g., CrowdStrike, SecurityScorecard, Shodan, Censys or similar)

Expertise of ASM concepts including asset discovery, exposure monitoring, shadow IT detection, and external threat identification

Deep understanding of TCP/IP, networking protocols, cloud environments (AWS, Azure, or GCP), and web application architectures

Familiarity with internet-facing systems, cloud infrastructures (IaaS/PaaS/SaaS), domain and certificate management, and network perimeter configurations

Strong ability to translate technical exposure data into meaningful risk insights

Strong analytical and investigative skills, with the ability to turn gaps into prioritized action plans

Proficiency in scripting languages (e.g., Python, PowerShell) for automation and data analysis

Developing and tracking ASM metrics and KPIs

Strategic Vision & Execution - Ability to define and communicate a clear vision and resilience aligned with enterprise goals

Influence & Collaboration – Demonstrable experience building strong partnerships across an organization

Risk-Based Decision Making – Experience making informed decisions through balancing business priorities, technical constraints, and risk exposure

Executive Communication – Experience communicating complex technical concepts and ongoing program updates clearly to stakeholders and executive leadership

Preferred

Certifications like CISSP, OSCP and GIAC are beneficial

Benefits

Health and wellness coverage: Medical, dental, and vision insurance

Disability coverage: Short-term and long-term disability

Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)

Additional life coverage options: Supplemental life insurance for employees, spouses, and children

Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account

Financial security: 401(k) Savings and Investment Plan with company matching

Time off benefits: Flexible vacation policy

Holidays: 8 paid holidays annually

Sick leave

Parental support: Paid parental leave

Employee Assistance Program (EAP) and Care Counselors

Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options

Health Savings Account (HSA) with employer contribution

Company

SailPoint

Glassdoor4.4

SailPoint is an identity and access management provider helping organizations deliver and manage user access from any device.

Founded in 2005

Austin, Texas, USA

1001-5000 employees

http://www.sailpoint.com

H1B Sponsorship

SailPoint has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (40)

2024 (35)

2023 (29)

2022 (51)

2021 (20)

2020 (22)

Funding

Current Stage

Public Company

Total Funding

$26.08M

Key Investors

Thoma Bravo

2022-04-11Acquired

2017-11-16IPO

2014-12-25Series Unknown· $0.25M

Leadership Team

Mark McClain

CEO & Founder

Brian Carolan

Chief Financial Officer (CFO)