Job Description

Locations

• Canada, Remote, EMEA, Remote, US (Remote)

Salary

Skills Required

• Vulnerability triage and analysis.intermediate
• Application and code security assessment.intermediate
• Root cause analysis for vulnerabilities.intermediate
• Cross-functional stakeholder management.intermediate
• Security engineering coaching and mentoring.intermediate
• Technical documentation and communication.intermediate
• Automation and tooling development.intermediate
• Coordinated vulnerability disclosure.intermediate
• Post-incident review processes.intermediate
• Secure development practices.intermediate

Required Qualifications

• Demonstrated experience leading vulnerability triage, remediation, and disclosure processes in software security. (experience)
• Strong understanding of application and code security for detecting, prioritizing, and remediating defects. (experience)
• Experience driving down vulnerability volume through root cause analysis and prevention strategies. (experience)
• Track record leading cross-functional initiatives with product, engineering, and security teams. (experience)
• Experience coaching, mentoring, or managing security engineers with focus on growth and inclusion. (experience)
• Ability to quickly learn new technical concepts and product areas. (experience)
• Flexible, inclusive communication skills to influence across organizational levels. (experience)
• Proven skills in managing stakeholder expectations and navigating security tradeoffs. (experience)
• Experience with secure development practices, automation, and developer education. (experience)
• Background in bug bounty or security response team operations. (experience)

Preferred Qualifications

• Experience in a product security incident response team (PSIRT). (experience)
• Familiarity with AI-powered DevSecOps platforms. (experience)
• Skills in vulnerability research and external researcher partnerships. (experience)
• Expertise in security release planning and cross-functional coordination. (experience)
• Knowledge of post-incident review processes for systemic improvements. (experience)
• Ability to champion scalable PSIRT practices organization-wide. (experience)
• Experience with distributed team leadership. (experience)
• Proficiency in translating security concepts for non-technical audiences. (experience)
• Background in automation tooling for vulnerability workflows. (experience)
• Participation in open-core software security initiatives. (experience)

Responsibilities

• Drive strategy and execution for analyzing, validating, prioritizing, and remediating product vulnerabilities.
• Partner with Security and Engineering leaders on remediation approaches and timely delivery.
• Oversee processes for validating vulnerability fixes with technical rigor and documentation.
• Lead planning and execution of security releases with cross-functional alignment.
• Sponsor automation and tooling to streamline triage and response workflows.
• Own and improve the vulnerability response lifecycle and disclosure activities.
• Conduct post-incident reviews to drive systemic prevention.
• Review and guide high-quality communication on vulnerability impact and remediation.
• Manage Coordinated Vulnerability Disclosure program with stakeholders.
• Collaborate with engineers and product teams to mitigate security issues.

Benefits

• general: Comprehensive benefits supporting health, finances, and well-being.
• general: Flexible Paid Time Off.
• general: Team Member Resource Groups for inclusion and belonging.
• general: Equity Compensation and Employee Stock Purchase Plan.
• general: Growth and Development Fund for career advancement.
• general: Generous Parental Leave.
• general: Home office support and equipment.
• general: Bonuses and incentive pay opportunities.
• general: Continuous learning through knowledge exchange.
• general: Inclusive culture with psychological safety and collaboration.

Tags & Categories