[Remote] Senior Product Vulnerability Manager

Remote Full-time
Note: The job is a remote job and is open to candidates in USA. HID is a high-tech software company headquartered in Austin, TX, empowering trusted identities for people, places, and things. The Senior Product Vulnerability Manager will own the corporate-wide Product Vulnerability Management program, establishing capabilities to detect and respond to product vulnerabilities while ensuring compliance with regulatory standards.ResponsibilitiesDefining and maintaining the enterprise Product Vulnerability Management framework, including processes for intake, triage, prioritization, remediation tracking, and disclosureEstablishing standardized vulnerability triage and risk prioritization methodologies that work across the organizationDefining and implementing the corporate-wide vulnerability management policies and standards ensuring our Product Security Incident Response processes are appropriate with the organization’s expectations and regulatory requirementsOwning the Coordinated Vulnerability Disclosure (CVD) program, including external intake channels, researcher engagement, and coordinationTranslating regulatory requirements (e.g., EU Cyber Resilience Act) into operational processes, controls, and reporting obligationsDefining and managing the enterprise tooling strategy for vulnerability detection (e.g., SAST, DAST, SCA, container scanning), including selection, configuration, and integration into CI/CD pipelinesEstablishing minimum tooling and coverage baselines across product types and ensure consistent adoptionDefining and operationalize SBOM-driven vulnerability management practices, including monitoring and response to third-party component vulnerabilitiesDeveloping scalable playbooks, guidance, and decision frameworks enabling product teams to independently triage and respond to vulnerabilitiesDefining training requirements and developing enablement materials for product teams on vulnerability identification, triage, and response processesEstablishing metrics, reporting, and dashboards to measure vulnerability management effectiveness, including SLA adherence, backlog, and remediation timelinesProviding executive-level reporting and insights on product vulnerability risk postureDefining governance processes, including exception handling, risk acceptance, and escalation pathwaysLeading audit and assessment readiness related to vulnerability management processes and outputsBuilding and leading a small team responsible for program operations, tooling, and disclosure coordinationPartnering with Product Security Architects, Engineering, Legal, and Compliance teams to ensure alignment and effective execution across the organizationActing as the central authority for product vulnerability management practices across the organizationEnabling a federated operating model where product teams own remediation while adhering to centralized standards and processesDriving consistency in vulnerability handling across a large and diverse product portfolioEnsuring vulnerability management practices scale effectively across hundreds of products and multiple technology domainsProviding strategic direction for continuous improvement of vulnerability management capabilities, tooling, and processesSupporting regulatory audits and customer inquiries related to vulnerability management and disclosure practicesSkillsExperience designing, building, or scaling a vulnerability management or PSIRT program within a product security or application security contextStrong understanding of the vulnerability lifecycle, including detection, triage, prioritization, remediation tracking, and disclosureWorking knowledge of application security principles and common vulnerability classes (e.g., OWASP Top 10)Experience with vulnerability detection tooling (SAST, DAST, SCA, container scanning) and integration into development pipelinesExperience defining or applying vulnerability scoring methodologies (e.g., CVSS) in a product contextFamiliarity with Coordinated Vulnerability Disclosure (CVD) processes and external researcher engagementFamiliarity with regulatory requirements related to product security and vulnerability management, such as the EU Cyber Resilience Act (CRA)Experience working within or supporting Secure Software Development Lifecycle (SSDL/SSDLC) programsStrong ability to define processes, standards, and governance models that scale across large organizationsExcellent communication skills with the ability to translate technical risk into business impactExperience operating in large-scale, multi-product environments with distributed engineering teamsExperience establishing or managing SBOM and software supply chain vulnerability programsExperience with vulnerability disclosure programs or bug bounty platformsExperience working in regulated industries or environments with strong compliance requirementsExperience with Agile/SAFe methodologiesExperience leading or mentoring small, high-impact teamsBenefitsCompetitive salary and rewards packageCompetitive benefits and annual leave offering, allowing for work-life balanceA vibrant, welcoming & inclusive cultureExtensive career development opportunities and resources to maximize your potentialTo be a part of a global organization that is pioneering the hardware, software and services that allow people to confidently navigate the physical and digital worldsYou’ll work as part of a global team in a flexible work environment, learning and enhancing your expertise.We welcome an opportunity to meet you and learn about your unique talents, skills, and experiences.We are open to ideas, including flexible work arrangements, job sharing or part-time job seekers.We want all our employees to be themselves, to feel appreciated and accepted.Flexible working arrangementsRegular feedback, training, and development opportunitiesSupporting them with regular feedback, training, and development opportunitiesWe empower our people to build their career around their aspirations and our ambitions – supporting them with regular feedback, training, and development opportunities.Company OverviewHID powers the trusted identities of the world's people, places and things. It was founded in 1991, and is headquartered in Irvine, California, USA, with a workforce of 1001-5000 employees. Its website is http://www.hidglobal.com.Company H1B SponsorshipHID has a track record of offering H1B sponsorships, with 17 in 2025, 6 in 2024, 9 in 2023, 25 in 2022, 19 in 2021, 7 in 2020. Please note that this does not guarantee sponsorship for this specific role.

Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Entry-Level Remote Medical Transcriptionist Opportunity with Rev.com - Work from Home and Launch Your Career in Healthcare Documentation

Remote

**Experienced Part-Time Remote Data Entry Associate – Flexible Hours, No Experience Required**

Remote

**Immediate Hiring: arenaflex Data Entry Specialist – Remote Part-Time Opportunity**

Remote

UK I Chief Financial Officer

Remote

Virtual Assistant - Appointment Setter

Remote

Client Monitoring Field Specialist job at Conduent in Baton Rouge, LA

Remote

Experienced Customer Support Specialist – Apple Home Advisor – Remote Work Opportunity at careerzynith

Remote

Experienced Data Analyst – Content Insights and Analytics

Remote

Part‑Time Bilingual Call Center Representative – Customer Service, Order Processing & Growth Opportunities with arenaflex

Remote

[Work From Home] Customer Service Representative - Full Time

Remote
← Back