Attack Surface Management Team Lead

Cybersecurity Attack Surface Management Team Lead

SailPoint’s Cybersecurity organization is seeking a Cybersecurity Attack Surface Management Team Lead to strengthen our security posture by reducing our digital exposure. The ASM Lead is a seasoned security professional responsible for defining and executing the strategy to continuously discover, categorize, and prioritize every asset that constitutes our attack surface. You will leverage advanced tooling and threat intelligence to transform raw asset data into actionable risk insights, directly informing our overall security posture and remediation efforts.

The ASM Lead will be a critical member of our Threat Exposure Management team, responsible for defining, implementing, and maturing our ASM program. This role requires a blend of technical expertise, strategic thinking, and strong leadership to continuously reduce our organization's external and internal security risks.This person will drive the cultural and technical shift from reactive to proactive, threat-informed risk reduction.

Our new Attack Surface Management Team Lead will join a growing and capable threat and vulnerability management team of both emerging and established talent. This potential team member will be comfortable with the 4 I’s at SailPoint (individual, Impact, Innovation, and Integrity) even if they’re new to the concept. They will embrace new challenges and by being their authentic self will be a positive contributor to an already positive work culture and environment.

This is a challenging and impactful role where you will have the opportunity to work with a variety of stakeholders, including our fantastic colleagues in IT, DevOps, Product Engineering, Security Architect Engineering, and Cyber Defense Operations. 

This role reports directly to the Head of Threat Exposure Management and will be remote.

Key Requirements:

• 5+ years of experience in  Cybersecurity, with at least 2+ years specifically focused on Vulnerability Management, EASM (External Attack Surface Management), or Threat Intelligence.

• Hands-on experience with commercial and open-source ASM/EASM platforms and methodologies (e.g., CrowdStrike, SecurityScorecard, Shodan, Censys or similar).

• Expertise of ASM concepts including asset discovery, exposure monitoring, shadow IT detection, and external threat identification

• Deep understanding of TCP/IP, networking protocols, cloud environments (AWS, Azure, or GCP), and web application architectures.

• Familiarity with internet-facing systems, cloud infrastructures (IaaS/PaaS/SaaS), domain and certificate management, and network perimeter configurations.

• Strong ability to translate technical exposure data into meaningful risk insights.

• Strong analytical and investigative skills, with the ability to turn gaps into prioritized action plans.

• Proficiency in scripting languages (e.g., Python, PowerShell) for automation and data analysis.

• Developing and tracking ASM metrics and KPIs.

• Strategic Vision & Execution - Ability to define and communicate a clear vision and resilience aligned with enterprise goals.

• Influence & Collaboration – Demonstrable experience building strong partnerships across an organization

• Risk-Based Decision Making – Experience making informed decisions through balancing business priorities, technical constraints, and risk exposure.

• Executive Communication – Experience communicating complex technical concepts and ongoing program updates clearly to stakeholders and executive leadership.

• Certifications like CISSP, OSCP and GIAC are beneficial.

Core Responsibilities:

• Strategy & Program Leadership:

• • Develop and drive the overall strategy for discovering, inventorying, and managing the company's external and internal digital attack surface.

  • Establish and lead the ASM program, defining key metrics, reporting mechanisms, and service level agreements (SLAs) for remediation.

• Discovery & Inventory:

• • Implement and operate ASM tools (e.g., EASM solutions) to continuously discover and maintain an accurate inventory of all digital assets (IPs, domains, cloud resources, third-party exposures, code repositories, etc.).

  • Identify "Shadow IT" and unknown external-facing assets and integrate them into the security framework.

• Vulnerability & Risk Management:

• • Collaborate closely with Threat Intelligence, Vulnerability Management, and Penetration Testing teams to prioritize risks based on exploitability and business criticality.

  • Oversee and track the remediation process for identified exposures, working with asset owners across IT and business units.

• Process Improvement & Automation:

• • Drive the integration of ASM data into existing security operations and risk management processes (e.g., CMDB, SIEM, GRC).

  • Identify opportunities to automate asset discovery, risk assessment, and reporting to enhance program efficiency.

• Leadership & Mentorship:

• • Provide technical guidance and mentorship to junior security analysts.

  • Present program status, key findings, and strategic recommendations to leadership.

Benefits and Compensation listed vary based on the location of your employment and the nature of your employment with SailPoint.

As a part of the total compensation package, this role may be eligible for the SailPoint Corporate Bonus Plan or a role-specific commission, along with potential eligibility for equity participation. SailPoint maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect SailPoint’s differing products, industries, and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity. We estimate the base salary, for US-based employees, will be in this range from (min-mid-max, USD):

Base salaries for employees based in other locations are competitive for the employee’s home location.

Benefits Overview

1. Health and wellness coverage: Medical, dental, and vision insurance

2. Disability coverage: Short-term and long-term disability

3. Life protection: Life insurance and Accidental Death & Dismemberment (AD&D)

4. Additional life coverage options: Supplemental life insurance for employees, spouses, and children

5. Flexible spending accounts for health care, and dependent care; limited purpose flexible spending account

6. Financial security: 401(k) Savings and Investment Plan with company matching

7. Time off benefits: Flexible vacation policy

8. Holidays: 8 paid holidays annually

9. Sick leave

10. Parental support: Paid parental leave

11. Employee Assistance Program (EAP) and Care Counselors

12. Voluntary benefits: Legal Assistance, Critical Illness, Accident, Hospital Indemnity and Pet Insurance options

13. Health Savings Account (HSA) with employer contribution

SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team.  All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law.  

Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact [email protected] or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations.  NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.