Global Security PSIRT Engineer

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related field (or equivalent experience).
• 5+ years of experience in security engineering, vulnerability management, incident response, or product security.
• Strong technical knowledge of operating systems (Linux/Unix), networking, storage systems, and cloud platforms (AWS, Azure, GCP).
• Hands-on experience reproducing and analyzing security vulnerabilities.
• Solid understanding of CVSS, CVE, CWE, responsible disclosure, and coordinated vulnerability disclosure practices.
• Excellent written and verbal communication skills — able to explain complex issues clearly to both technical and non-technical audiences.
• Proven ability to work independently and collaboratively in a global team environment.

Nice To Haves

• Previous experience working in a PSIRT, Product Security, or Vulnerability Management program.
• Familiarity with NetApp products (e.g., ONTAP, StorageGRID) or enterprise storage/data management technologies.
• Scripting and automation skills (Python, Bash, PowerShell).
• Knowledge of SBOMs, software composition analysis, and supply chain security.
• Industry certifications such as CISSP, OSCP, or GIAC.
• Experience with bug bounty platforms (e.g., HackerOne).

Responsibilities

• Triage, verify, and conduct in-depth technical analysis of vulnerability reports from external researchers, customers, internal teams, and security tools.
• Reproduce vulnerabilities in lab environments and assess risk using CVSS (v3.1/v4.0) along with NetApp-specific business and customer context.
• Collaborate with engineering teams to drive root cause analysis, develop fixes, mitigations, and workarounds, and validate their effectiveness.
• Manage the full vulnerability lifecycle, including embargo handling, coordinated disclosure (CVD), CVE-ID requests, and publication of Security Advisories.
• Work with external stakeholders such as security researchers, CERT/CC, and other vendors for multi-party coordination.
• Support proactive vulnerability monitoring, threat intelligence, third-party component tracking, and integration with the Secure Development Lifecycle (SDL).
• Create clear technical documentation, customer advisories, and leadership briefings.
• Mentor junior PSIRT engineers and participate in team on-call rotation.
• Contribute to process improvements, tooling, metrics, and PSIRT maturity initiatives.

Benefits

• Health Insurance
• Life Insurance
• Retirement or Pension Plans
• Paid Time Off
• various Leave options
• employee stock purchase plan
• restricted stocks (RSU’s)