Manager, Product Security Incident Response (PSIRT)

Demonstrated experience leading vulnerability triage, remediation, and disclosure processes in a software security context. Strong understanding of application and code security. Experience using data and metrics to assess vulnerability risk, measure the impact of security initiatives, and inform prioritization. Experience driving down vulnerability volume and recurrence through root cause analysis. A track record of successfully leading cross-functional initiatives involving product, engineering, and security teams. Experience coaching, mentoring, or managing security engineers. Demonstrated ability to quickly learn new technical concepts and product areas, and to lead a distributed, remote team.

Drive the strategy and execution of how the PSIRT analyzes, validates, prioritizes, and coordinates remediation of product vulnerabilities. Partner closely with Security and Engineering leaders to define effective remediation and mitigation approaches. Oversee and improve the team’s processes for validating vulnerability fixes prior to release. Lead and support planning and execution for security releases. Identify, prioritize, and sponsor automation and tooling efforts that streamline vulnerability triage and response workflows. Own and continuously improve the vulnerability response lifecycle, including coordinated vulnerability disclosure activities, stakeholder communications, and post-incident reviews. Champion high-quality, actionable communication from the PSIRT by reviewing and guiding documentation.