[Remote] Senior Product Vulnerability Manager
Note: The job is a remote job and is open to candidates in USA. HID is a high-tech software company headquartered in Austin, TX, empowering trusted identities for people, places, and things. The Senior Product Vulnerability Manager will own the corporate-wide Product Vulnerability Management program, establishing capabilities to detect and respond to product vulnerabilities while ensuring compliance with regulatory standards.ResponsibilitiesDefining and maintaining the enterprise Product Vulnerability Management framework, including processes for intake, triage, prioritization, remediation tracking, and disclosureEstablishing standardized vulnerability triage and risk prioritization methodologies that work across the organizationDefining and implementing the corporate-wide vulnerability management policies and standards ensuring our Product Security Incident Response processes are appropriate with the organizationâs expectations and regulatory requirementsOwning the Coordinated Vulnerability Disclosure (CVD) program, including external intake channels, researcher engagement, and coordinationTranslating regulatory requirements (e.g., EU Cyber Resilience Act) into operational processes, controls, and reporting obligationsDefining and managing the enterprise tooling strategy for vulnerability detection (e.g., SAST, DAST, SCA, container scanning), including selection, configuration, and integration into CI/CD pipelinesEstablishing minimum tooling and coverage baselines across product types and ensure consistent adoptionDefining and operationalize SBOM-driven vulnerability management practices, including monitoring and response to third-party component vulnerabilitiesDeveloping scalable playbooks, guidance, and decision frameworks enabling product teams to independently triage and respond to vulnerabilitiesDefining training requirements and developing enablement materials for product teams on vulnerability identification, triage, and response processesEstablishing metrics, reporting, and dashboards to measure vulnerability management effectiveness, including SLA adherence, backlog, and remediation timelinesProviding executive-level reporting and insights on product vulnerability risk postureDefining governance processes, including exception handling, risk acceptance, and escalation pathwaysLeading audit and assessment readiness related to vulnerability management processes and outputsBuilding and leading a small team responsible for program operations, tooling, and disclosure coordinationPartnering with Product Security Architects, Engineering, Legal, and Compliance teams to ensure alignment and effective execution across the organizationActing as the central authority for product vulnerability management practices across the organizationEnabling a federated operating model where product teams own remediation while adhering to centralized standards and processesDriving consistency in vulnerability handling across a large and diverse product portfolioEnsuring vulnerability management practices scale effectively across hundreds of products and multiple technology domainsProviding strategic direction for continuous improvement of vulnerability management capabilities, tooling, and processesSupporting regulatory audits and customer inquiries related to vulnerability management and disclosure practicesSkillsExperience designing, building, or scaling a vulnerability management or PSIRT program within a product security or application security contextStrong understanding of the vulnerability lifecycle, including detection, triage, prioritization, remediation tracking, and disclosureWorking knowledge of application security principles and common vulnerability classes (e.g., OWASP Top 10)Experience with vulnerability detection tooling (SAST, DAST, SCA, container scanning) and integration into development pipelinesExperience defining or applying vulnerability scoring methodologies (e.g., CVSS) in a product contextFamiliarity with Coordinated Vulnerability Disclosure (CVD) processes and external researcher engagementFamiliarity with regulatory requirements related to product security and vulnerability management, such as the EU Cyber Resilience Act (CRA)Experience working within or supporting Secure Software Development Lifecycle (SSDL/SSDLC) programsStrong ability to define processes, standards, and governance models that scale across large organizationsExcellent communication skills with the ability to translate technical risk into business impactExperience operating in large-scale, multi-product environments with distributed engineering teamsExperience establishing or managing SBOM and software supply chain vulnerability programsExperience with vulnerability disclosure programs or bug bounty platformsExperience working in regulated industries or environments with strong compliance requirementsExperience with Agile/SAFe methodologiesExperience leading or mentoring small, high-impact teamsBenefitsCompetitive salary and rewards packageCompetitive benefits and annual leave offering, allowing for work-life balanceA vibrant, welcoming & inclusive cultureExtensive career development opportunities and resources to maximize your potentialTo be a part of a global organization that is pioneering the hardware, software and services that allow people to confidently navigate the physical and digital worldsYouâll work as part of a global team in a flexible work environment, learning and enhancing your expertise.We welcome an opportunity to meet you and learn about your unique talents, skills, and experiences.We are open to ideas, including flexible work arrangements, job sharing or part-time job seekers.We want all our employees to be themselves, to feel appreciated and accepted.Flexible working arrangementsRegular feedback, training, and development opportunitiesSupporting them with regular feedback, training, and development opportunitiesWe empower our people to build their career around their aspirations and our ambitions â supporting them with regular feedback, training, and development opportunities.Company OverviewHID powers the trusted identities of the world's people, places and things. It was founded in 1991, and is headquartered in Irvine, California, USA, with a workforce of 1001-5000 employees. Its website is http://www.hidglobal.com.Company H1B SponsorshipHID has a track record of offering H1B sponsorships, with 17 in 2025, 6 in 2024, 9 in 2023, 25 in 2022, 19 in 2021, 7 in 2020. Please note that this does not guarantee sponsorship for this specific role.