Senior Product Vulnerability Manager

About The Position

Requirements

• Experience designing, building, or scaling a vulnerability management or PSIRT program within a product security or application security context.
• Strong understanding of the vulnerability lifecycle, including detection, triage, prioritization, remediation tracking, and disclosure.
• Working knowledge of application security principles and common vulnerability classes (e.g., OWASP Top 10).
• Experience with vulnerability detection tooling (SAST, DAST, SCA, container scanning) and integration into development pipelines.
• Experience defining or applying vulnerability scoring methodologies (e.g., CVSS) in a product context.
• Familiarity with Coordinated Vulnerability Disclosure (CVD) processes and external researcher engagement.
• Familiarity with regulatory requirements related to product security and vulnerability management, such as the EU Cyber Resilience Act (CRA).
• Experience working within or supporting Secure Software Development Lifecycle (SSDL/SSDLC) programs.
• Strong ability to define processes, standards, and governance models that scale across large organizations.
• Excellent communication skills with the ability to translate technical risk into business impact.

Nice To Haves

• Experience operating in large-scale, multi-product environments with distributed engineering teams is preferred.
• Experience establishing or managing SBOM and software supply chain vulnerability programs is preferred.
• Experience with vulnerability disclosure programs or bug bounty platforms is preferred.
• Experience working in regulated industries or environments with strong compliance requirements is preferred.
• Experience with Agile/SAFe methodologies is preferred.
• Experience leading or mentoring small, high-impact teams is preferred.

Responsibilities

• Defining and maintaining the enterprise Product Vulnerability Management framework, including processes for intake, triage, prioritization, remediation tracking, and disclosure.
• Establishing standardized vulnerability triage and risk prioritization methodologies that work across the organization.
• Defining and implementing the corporate-wide vulnerability management policies and standards ensuring our Product Security Incident Response processes are appropriate with the organization’s expectations and regulatory requirements.
• Owning the Coordinated Vulnerability Disclosure (CVD) program, including external intake channels, researcher engagement, and coordination.
• Translating regulatory requirements (e.g., EU Cyber Resilience Act) into operational processes, controls, and reporting obligations.
• Defining and managing the enterprise tooling strategy for vulnerability detection (e.g., SAST, DAST, SCA, container scanning), including selection, configuration, and integration into CI/CD pipelines.
• Establishing minimum tooling and coverage baselines across product types and ensure consistent adoption.
• Defining and operationalize SBOM-driven vulnerability management practices, including monitoring and response to third-party component vulnerabilities.
• Developing scalable playbooks, guidance, and decision frameworks enabling product teams to independently triage and respond to vulnerabilities.
• Defining training requirements and developing enablement materials for product teams on vulnerability identification, triage, and response processes.
• Establishing metrics, reporting, and dashboards to measure vulnerability management effectiveness, including SLA adherence, backlog, and remediation timelines.
• Providing executive-level reporting and insights on product vulnerability risk posture.
• Defining governance processes, including exception handling, risk acceptance, and escalation pathways.
• Leading audit and assessment readiness related to vulnerability management processes and outputs.
• Building and leading a small team responsible for program operations, tooling, and disclosure coordination.
• Partnering with Product Security Architects, Engineering, Legal, and Compliance teams to ensure alignment and effective execution across the organization.
• Acting as the central authority for product vulnerability management practices across the organization.
• Enabling a federated operating model where product teams own remediation while adhering to centralized standards and processes.
• Driving consistency in vulnerability handling across a large and diverse product portfolio.
• Ensuring vulnerability management practices scale effectively across hundreds of products and multiple technology domains.
• Providing strategic direction for continuous improvement of vulnerability management capabilities, tooling, and processes.
• Supporting regulatory audits and customer inquiries related to vulnerability management and disclosure practices.

Benefits

• Competitive salary and rewards package
• Competitive benefits and annual leave offering, allowing for work-life balance
• A vibrant, welcoming & inclusive culture
• Extensive career development opportunities and resources to maximize your potential
• To be a part of a global organization that is pioneering the hardware, software and services that allow people to confidently navigate the physical and digital worlds