Palo Alto Senior Manager PSIRT 

United States, California 

744504341

Being the cybersecurity partner of choice, protecting our digital way of life.

Your Career

As a Senior Manager, you'll lead strategic planning and execution of incident response activities, including vulnerability triage, investigation, mitigation, and communication. Interpersonal communication will be key to your success in aligning the PSIRT's work with stakeholder needs. Securing our products against known and anticipated threats is a mission-critical outcome for the company. Your intention must be to effectively persuade, convince, or influence all relevant stakeholders to achieve this desired outcome. You’ll need to empower and maintain high morale across your team. Preserving the inclusive culture must be the crux of your organizational development strategy.

Your Impact

• Lead a team to respond to new security vulnerabilities in products and cloud offerings as reported via bug bounty programs and external security researchers.
• Oversee root-cause analysis of product vulnerabilities, ensuring complete remediation by collaborating with product teams on solution development and review.
• Act as the senior product security subject-matter expert, engaging with diverse stakeholders, including executives, engineering, infosec, privacy, legal, support, sales, customers, security researchers, and industry partners.
• Engage directly with a diverse customer base, including enterprises of all sizes and government organizations, to transparently communicate our vulnerability remediation strategies and reinforce trust in our product security.
• Foster a growth mindset within the team, encouraging continuous learning about the latest cybersecurity trends.
• Drive cross-functional partnerships to evolve security testing methodologies and frameworks to enhance vulnerability detection efficiency.
• Mentor and guide team members in advanced security analysis techniques and tool usage.
• Present findings and recommendations to senior management, highlighting key risks and mitigation strategies.
• Track and report on vulnerability remediation progress, ensuring timely closure of security gaps.
• Collaborate with incident response teams to analyze and address security breaches and incidents.
• Stay up-to-date with industry standards and regulations related to product security, ensuring compliance.
• Participate in industry conferences and workshops to expand knowledge and network with other security professionals.

Your Experience

• Minimum 5 years experience in security leadership, specifically managing Product Security Incident Response Team (PSIRT) operations.
• Expert level experience in vulnerability analysis, remediation techniques, and coordinating disclosures related to product security incidents.
• Demonstrated understanding of common vulnerability scoring systems (CVSS), public vulnerability databases, and responsible disclosure practices.
• Strong executive communication skills, both spoken and written, with the ability to present vulnerability assessments, incident reports, and recommendations to senior management and external stakeholders.
• Proven experience engaging with organizations and standards crucial for effective vulnerability handling, including CVE Numbering Authority (CNA), National Institute of Standards and Technology (NIST), Forum of Incident Response and Security Teams (FIRST), ISO/IEC 29147, ISO/IEC 30111, and Open Source Software Security Foundation (OpenSSF), along with familiarity with industry-specific regulations for vulnerability disclosure and handling.
• Proven people management and leadership experience in building and leading a PSIRT, with a focus on training, mentoring, and developing incident response capabilities.
• Ability to manage and prioritize multiple security incidents in a fast-paced and dynamic environment, adhering to established SLAs.
• Experience engaging with security researchers, customers, and other external parties during vulnerability disclosure and incident response processes.
• BS or MS Degree in Engineering or Computer Science, related to computer security, application security, information security, network security, or cryptography, with a strong focus on incident response.

Education

• BS or MS Degree in Engineering or Computer Science related to computer security, application security, information security, network security, or cryptography or equivalent military experience required

Compensation Disclosure

The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/commissioned roles) is expected to be between $162000/yr - $263000/yr. The offered compensation may also include restricted stock units and a bonus. A description of our employee benefits may be found .

All your information will be kept confidential according to EEO guidelines.