Security Analyst

SailPoint’s Cybersecurity organization is seeking a Security Analyst with a passion for cybersecurity and protecting the organization.

The role independently handles moderately complex events and events of interest, contributes to proactive threat monitoring, and participates in purple teaming and threat intelligence activities. This role involves refining playbooks and conducting threat hunting. Applicants should embrace the opportunity to work across diverse platforms with a variety of tools and will play a key role as we continually improve our capabilities.

The ideal candidate will embody SailPoint's 4 I’s of Integrity, Individuals, Impact, and Innovation. They will embrace new challenges and contribute positively to our established team of talented and dedicated teammates to achieve our security objectives.

This role reports directly to the Americas SOC Manager, can be remote anywhere in Mexico, and will be working a mid-day shift with hours from 1:00 PM - 10:00 PM CDT.

Responsibilities:

• Independently triage and investigate security events and events of interest, determining root causes and mitigating potential incidents.

• Update and maintain response playbooks for events of interest and potential incidents, incorporating threat intelligence insights.

• Conduct basic threat hunting using SIEM queries and EDR tools to identify potential threats.

• Participate in purple team exercises, collaborating with blue and red teams to test and improve detection capabilities.

• Collect and analyze threat intelligence from internal and external sources (e.g., IOCs, TTPs) to enhance detection rules.

• Perform risk enumeration to identify vulnerabilities and misconfigurations, using scanning tools and threat intelligence.

• Assist in training Junior Engineers on tools, processes, and basic purple teaming concepts.

• Document findings and contribute to reports on events, events of interest, and threat intelligence.

Requirements:

• Bachelor’s degree in Cybersecurity, Computer Science, or related field (or equivalent experience).

• 2–4 years of experience in cybersecurity, with at least 1 year in a detection/response role.

• Proficiency in SIEM platforms, EDR tools, and basic scripting (e.g., Python, PowerShell) for automation.

• Experience with purple teaming exercises and applying threat intelligence to detection processes.

• Strong understanding of attack vectors, malware analysis, and network protocols.

• Certifications such as CySA+, CEH, or equivalent are required.

• Ability to work independently and collaborate with cross-functional teams.

Desired:

• Ability to quickly pick up and learn new technologies

• Able to collaborate with cross-functional teams

• A willingness to be challenged and a strong desire to learn

• Good personal communications skills

• A foundational understanding of applications, networks, cloud architecture, and coding concepts

30-Day Milestones (The "Learning" Phase):

• Rapidly achieve proficiency across the security stack (SOAR, SIEM, EDR).

• Independently perform basic triage of security events by following established documentation.

• Understand the team's processes and align investigation techniques with our standards.

60-Day Milestones (The "Connecting" Phase):

• Triage all event types completely and autonomously without oversight.

• Operate as a fully functional and integrated member of the SOC team.

• Demonstrate a solid understanding of what "normal" looks like in our environment.

90-Day Milestones (The "Contribution" Phase):

• Move beyond basic triage to actively contribute to process improvement initiatives.

• Begin identifying and proposing ideas for rule tuning, rule development, and automation.

6-Month Milestones (The "Performance" Phase):

• Confidently triage events and escalate when necessary, with investigation quality meeting all team standards.

• Actively participate in process improvement projects, working with other teams to implement changes.

• Perform assigned threat hunting using SIEM and EDR tools.

• Actively participate in the QA process

1-Year Milestones (The "Mastery" Phase):

• Handle complex investigations with confidence.

• Consistently drive improvements in automation, detection, and response procedures.

• Initiate threat hunting based on available threat intelligence.

SailPoint is an equal opportunity employer and we welcome all qualified candidates to apply to join our team. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status, or any other category protected by applicable law.

Alternative methods of applying for employment are available to individuals unable to submit an application through this site because of a disability. Contact applicationassistance@sailpoint.com or mail to 11120 Four Points Dr, Suite 100, Austin, TX 78726, to discuss reasonable accommodations. NOTE: Any unsolicited resumes sent by candidates or agencies to this email will not be considered for current openings at SailPoint.