As a Product Security Response Manager, you will be responsible for managing a portion of PSIRTs global headcount. You will direct the day-to-day activities of product security engineers you lead, including processing root cause analysis of product security vulnerabilities reported as part of the bug bounty and responsible disclosure program, vulnerability remediation collaboration with internal development teams, research projects for reported vulnerability patterns, and process improvements. As a Product Security Response Manager, you will work with pool of talented external researchers (i.e., our bug bounty and responsible disclosure programs) to ensure they are equipped to succeed and mitigate uncoordinated disclosures. You will also make hands-on contributions to reducing security risks in products and services by partnering with other teams in the development and security organisations.
What you get to do in this role:
Serve as a people leader.
Serve as a project manager for PSIRT-led research projects.
Oversee product security incidents, small and large.
Stay updated on industry best practices, including the CVE program and FIRST.org special interest groups.
Recommend and develop new product security policies and procedures.
Partner with key contacts outside of our department.
Requirements:
An analytical mind for problem solving, abstract thought, and challenging product security problems and solutions.
Strong interpersonal skills (written and oral communication) and the ability to work collaboratively in a team environment, both in real-time and asynchronously, and remotely across ServiceNows regions.
Accountability and the ability to take feedback as a member of a continuous improvement culture.
Autonomy and ability to make practical decisions and recommendations in the face of uncertainty and imperfect information.
Flexibility in working hours is needed to assist with a global team and product security incident response.
Comfort with change as part of being on a growing team.
2+ years of experience managing or supervising individual contributors.
5+ years of experience working in a role focused on web application security.
B.S. Degree in Computer Science / STEM field or equivalent job experience.
In-depth experience with exploiting OWASP Top 10 application vulnerabilities, such as deserialization and injection attacks.
Experience performing Threat Modelling and Penetration Testing.
Strong code reading comprehension and code tracing skills, and experience performing source code reviews for security issues.
Experience in a fast-paced and demanding security environment.
Experience with bounty programs preferred.
An analytical mind for problem solving, abstract thought, and challenging product security problems and solutions.
Strong interpersonal skills (written and oral communication) and the ability to work collaboratively in a team environment, both in real-time and asynchronously, and remotely across ServiceNows regions.
Accountability and the ability to take feedback as a member of a continuous improvement culture.
Autonomy and ability to make practical decisions and recommendations in the face of uncertainty and imperfect information.
Flexibility in working hours is needed to assist with a global team and product security incident response.
Comfort with change as part of being on a growing team.
2+ years of experience managing or supervising individual contributors.
5+ years of experience working in a role focused on web application security.
B.S. Degree in Computer Science / STEM field or equivalent job experience.
In-depth experience with exploiting OWASP Top 10 application vulnerabilities, such as deserialization and injection attacks.
Experience performing Threat Modelling and Penetration Testing.
Strong code reading comprehension and code tracing skills, and experience performing source code reviews for security issues.
Experience in a fast-paced and demanding security environment.
Experience with bounty programs preferred.
This position is open to all candidates.
