[Remote] Senior Product Vulnerability Manager

Note: The job is a remote job and is open to candidates in USA. HID is a high-tech software company headquartered in Austin, TX, empowering trusted identities for people, places, and things. The Senior Product Vulnerability Manager will own the corporate-wide Product Vulnerability Management program, establishing capabilities to detect and respond to product vulnerabilities while ensuring compliance with regulatory standards.

Responsibilities

• Defining and maintaining the enterprise Product Vulnerability Management framework, including processes for intake, triage, prioritization, remediation tracking, and disclosure
• Establishing standardized vulnerability triage and risk prioritization methodologies that work across the organization
• Defining and implementing the corporate-wide vulnerability management policies and standards ensuring our Product Security Incident Response processes are appropriate with the organization’s expectations and regulatory requirements
• Owning the Coordinated Vulnerability Disclosure (CVD) program, including external intake channels, researcher engagement, and coordination
• Translating regulatory requirements (e.g., EU Cyber Resilience Act) into operational processes, controls, and reporting obligations
• Defining and managing the enterprise tooling strategy for vulnerability detection (e.g., SAST, DAST, SCA, container scanning), including selection, configuration, and integration into CI/CD pipelines
• Establishing minimum tooling and coverage baselines across product types and ensure consistent adoption
• Defining and operationalize SBOM-driven vulnerability management practices, including monitoring and response to third-party component vulnerabilities
• Developing scalable playbooks, guidance, and decision frameworks enabling product teams to independently triage and respond to vulnerabilities
• Defining training requirements and developing enablement materials for product teams on vulnerability identification, triage, and response processes
• Establishing metrics, reporting, and dashboards to measure vulnerability management effectiveness, including SLA adherence, backlog, and remediation timelines
• Providing executive-level reporting and insights on product vulnerability risk posture
• Defining governance processes, including exception handling, risk acceptance, and escalation pathways
• Leading audit and assessment readiness related to vulnerability management processes and outputs
• Building and leading a small team responsible for program operations, tooling, and disclosure coordination
• Partnering with Product Security Architects, Engineering, Legal, and Compliance teams to ensure alignment and effective execution across the organization
• Acting as the central authority for product vulnerability management practices across the organization
• Enabling a federated operating model where product teams own remediation while adhering to centralized standards and processes
• Driving consistency in vulnerability handling across a large and diverse product portfolio
• Ensuring vulnerability management practices scale effectively across hundreds of products and multiple technology domains
• Providing strategic direction for continuous improvement of vulnerability management capabilities, tooling, and processes
• Supporting regulatory audits and customer inquiries related to vulnerability management and disclosure practices

Skills

• Experience designing, building, or scaling a vulnerability management or PSIRT program within a product security or application security context
• Strong understanding of the vulnerability lifecycle, including detection, triage, prioritization, remediation tracking, and disclosure
• Working knowledge of application security principles and common vulnerability classes (e.g., OWASP Top 10)
• Experience with vulnerability detection tooling (SAST, DAST, SCA, container scanning) and integration into development pipelines
• Experience defining or applying vulnerability scoring methodologies (e.g., CVSS) in a product context
• Familiarity with Coordinated Vulnerability Disclosure (CVD) processes and external researcher engagement
• Familiarity with regulatory requirements related to product security and vulnerability management, such as the EU Cyber Resilience Act (CRA)
• Experience working within or supporting Secure Software Development Lifecycle (SSDL/SSDLC) programs
• Strong ability to define processes, standards, and governance models that scale across large organizations
• Excellent communication skills with the ability to translate technical risk into business impact
• Experience operating in large-scale, multi-product environments with distributed engineering teams
• Experience establishing or managing SBOM and software supply chain vulnerability programs
• Experience with vulnerability disclosure programs or bug bounty platforms
• Experience working in regulated industries or environments with strong compliance requirements
• Experience with Agile/SAFe methodologies
• Experience leading or mentoring small, high-impact teams

Benefits

• Competitive salary and rewards package
• Competitive benefits and annual leave offering, allowing for work-life balance
• A vibrant, welcoming & inclusive culture
• Extensive career development opportunities and resources to maximize your potential
• To be a part of a global organization that is pioneering the hardware, software and services that allow people to confidently navigate the physical and digital worlds
• You’ll work as part of a global team in a flexible work environment, learning and enhancing your expertise.
• We welcome an opportunity to meet you and learn about your unique talents, skills, and experiences.
• We are open to ideas, including flexible work arrangements, job sharing or part-time job seekers.
• We want all our employees to be themselves, to feel appreciated and accepted.
• Flexible working arrangements
• Regular feedback, training, and development opportunities
• Supporting them with regular feedback, training, and development opportunities
• We empower our people to build their career around their aspirations and our ambitions – supporting them with regular feedback, training, and development opportunities.

Company Overview

Company H1B Sponsorship