Attack Surface Management Team Lead

SailPoint is seeking an Attack Surface Management (ASM) Team Lead to lead the technical strategy and execution of our enterprise-wide ASM program. As a critical member of our Vulnerability Management team, you will be our foremost expert dedicated to mapping, analyzing, and reducing our digital footprint. This is a senior, hands-on technical role for an analyst who wants to drive the cultural and technical shift from reactive vulnerability management to proactive, threat-informed exposure management.

You will join a growing and capable team of both emerging and established talent. At SailPoint, we value our "4 I's" (Integrity, Individuals, Impact, and Innovation), and we're looking for someone who embodies these principles. By being your authentic self, you will be a positive and influential contributor to our already fantastic work culture.

This is a challenging and high-impact role where you will have the opportunity to build strong partnerships with colleagues across IT, DevOps, Product Engineering, Security Architecture, and our Cyber Defense Operations Center. This role is remote and reports directly to the Head of Vulnerability Management.

What You'll Do (Core Responsibilities):

Own the Attack Surface Map:

• Architect, implement, and operate our ASM program to create and maintain a definitive, real-time inventory of all external and internal digital assets (e.g., domains, IPs, cloud resources, code repositories, SaaS exposures).
• Proactively hunt for and illuminate "Shadow IT" and other unknown assets, ensuring they are brought under the governance of our security framework.

​Drive Risk-Based Prioritization:

• Serve as the primary liaison between ASM and our Threat Intelligence, Red Team, and Vulnerability Management functions.
• Synthesize data from ASM tools, threat feeds, and offensive security findings to transform raw exposure data into a prioritized, actionable risk plan. Focus the organization on the vulnerabilities that matter most.

Lead the Remediation Lifecycle:

• Act as the technical lead for remediating complex, cross-functional exposures. You will track remediation progress, define and monitor SLAs, and act as a subject matter expert to help asset owners understand and fix identified issues.

Automate and Integrate:

• Develop scripts and integrations (primarily in Python) to connect ASM data with our broader security ecosystem (e.g., CMDB, SIEM, SOAR).
• Continuously seek out and implement opportunities to automate discovery, enrichment, and reporting to improve program efficiency and reduce analyst toil.

Mentor and Influence:

• Provide technical guidance and mentorship to other analysts on the team, elevating the overall skill set of the group.
• Translate complex technical findings into clear, concise reports and presentations for technical peers, stakeholders, and executive leadership.

What You'll Need (Must-Have Experience & Skills):

• 7+ years in Cybersecurity, with 3+ years in a senior, hands-on role focused specifically on Attack Surface Management (EASM/CAASM), Threat Intelligence, or Offensive Security.
• Expert-level, hands-on experience with modern ASM platforms and vulnerability scanners (e.g., CrowdStrike, Tenable, Qualys, CyCognito etc).
• Demonstrable proficiency in a scripting language (Python strongly preferred) used for API integration, data analysis, and automation. You should be able to provide examples of past automation projects.
• Deep technical understanding of the internet ecosystem: TCP/IP, DNS, TLS/SSL certificate management, domain registration, and BGP.
• Strong familiarity and experience with modern cloud environments (AWS, Azure, GCP), including knowledge of common services, configurations, and associated attack vectors.

What Will Set You Apart (Bonus Points):

• Experience with Breach and Attack Simulation (BAS) platforms.
• A background in penetration testing, red teaming, threat intelligence, or threat hunting.
• Experience building and presenting executive-level dashboards that track ASM KPIs and demonstrate ROI.
• Relevant certifications such as AWS CCP, CEH, GPEN, OSCP etc.
• Contributions to the security community (e.g., open-source tools, conference talks, blog posts).

Leadership Qualities for This Role:

• Pragmatic & Results-Oriented: You make informed, risk-based decisions that balance business priorities with security needs to achieve measurable outcomes.
• Influence & Collaboration: You have a proven ability to build strong, collaborative relationships across diverse technical teams and drive change without direct authority.
• An Analytical & Investigative Mindset: You possess an innate curiosity and a structured approach to problem-solving, with a talent for turning ambiguous data into a clear action plan.
• Clear Communicator: You can distill complex technical concepts into clear, concise language for a variety of audiences, from junior analysts to senior executives.