Hid Jobs (NOW HIRING)

Job Summary:
HID is a high-tech software company headquartered in Austin, TX, empowering trusted identities for people, places, and things. The Senior Product Vulnerability Manager will own the corporate-wide Product Vulnerability Management program, establishing capabilities to detect and respond to product vulnerabilities while ensuring compliance with regulatory standards.
Responsibilities:
• Defining and maintaining the enterprise Product Vulnerability Management framework, including processes for intake, triage, prioritization, remediation tracking, and disclosure.
• Establishing standardized vulnerability triage and risk prioritization methodologies that work across the organization
• Defining and implementing the corporate-wide vulnerability management policies and standards ensuring our Product Security Incident Response processes are appropriate with the organization’s expectations and regulatory requirements.
• Owning the Coordinated Vulnerability Disclosure (CVD) program, including external intake channels, researcher engagement, and coordination.
• Translating regulatory requirements (e.g., EU Cyber Resilience Act) into operational processes, controls, and reporting obligations.
• Defining and managing the enterprise tooling strategy for vulnerability detection (e.g., SAST, DAST, SCA, container scanning), including selection, configuration, and integration into CI/CD pipelines.
• Establishing minimum tooling and coverage baselines across product types and ensure consistent adoption.
• Defining and operationalize SBOM-driven vulnerability management practices, including monitoring and response to third-party component vulnerabilities.
• Developing scalable playbooks, guidance, and decision frameworks enabling product teams to independently triage and respond to vulnerabilities.
• Defining training requirements and developing enablement materials for product teams on vulnerability identification, triage, and response processes.
• Establishing metrics, reporting, and dashboards to measure vulnerability management effectiveness, including SLA adherence, backlog, and remediation timelines.
• Providing executive-level reporting and insights on product vulnerability risk posture.
• Defining governance processes, including exception handling, risk acceptance, and escalation pathways.
• Leading audit and assessment readiness related to vulnerability management processes and outputs.
• Building and leading a small team responsible for program operations, tooling, and disclosure coordination.
• Partnering with Product Security Architects, Engineering, Legal, and Compliance teams to ensure alignment and effective execution across the organization.
• Acting as the central authority for product vulnerability management practices across the organization.
• Enabling a federated operating model where product teams own remediation while adhering to centralized standards and processes.
• Driving consistency in vulnerability handling across a large and diverse product portfolio.
• Ensuring vulnerability management practices scale effectively across hundreds of products and multiple technology domains.
• Providing strategic direction for continuous improvement of vulnerability management capabilities, tooling, and processes.
• Supporting regulatory audits and customer inquiries related to vulnerability management and disclosure practices.
Qualifications:
Required:
• Experience designing, building, or scaling a vulnerability management or PSIRT program within a product security or application security context
• Strong understanding of the vulnerability lifecycle, including detection, triage, prioritization, remediation tracking, and disclosure
• Working knowledge of application security principles and common vulnerability classes (e.g., OWASP Top 10)
• Experience with vulnerability detection tooling (SAST, DAST, SCA, container scanning) and integration into development pipelines
• Experience defining or applying vulnerability scoring methodologies (e.g., CVSS) in a product context
• Familiarity with Coordinated Vulnerability Disclosure (CVD) processes and external researcher engagement
• Familiarity with regulatory requirements related to product security and vulnerability management, such as the EU Cyber Resilience Act (CRA)
• Experience working within or supporting Secure Software Development Lifecycle (SSDL/SSDLC) programs
• Strong ability to define processes, standards, and governance models that scale across large organizations
• Excellent communication skills with the ability to translate technical risk into business impact
Preferred:
• Experience operating in large-scale, multi-product environments with distributed engineering teams
• Experience establishing or managing SBOM and software supply chain vulnerability programs
• Experience with vulnerability disclosure programs or bug bounty platforms
• Experience working in regulated industries or environments with strong compliance requirements
• Experience with Agile/SAFe methodologies
• Experience leading or mentoring small, high-impact teams
Company:
HID powers the trusted identities of the world's people, places and things. Founded in 1991, the company is headquartered in Irvine, USA, with a team of 1001-5000 employees. The company is currently Late Stage.