Product Security Incident Response Manager
Mountain View, CA
Applications have closed
Pure Storage
Discover a better way to interact with your data through storage that's always modern, easy to manage, and provides a flexible way to consume.BE PART OF BUILDING THE FUTURE.
Since our founding in 2009, Pure Storage has empowered innovators to build a better world with data. In less than eight years, Pure reached $1B in sales, faster than nearly every enterprise company in history, and our incredible growth continues to outpace the competition.
Our mission? Give technologists their time back by delivering a modern data experience that empowers organizations to run their operations as a true, automated, storage as-a-service model seamlessly across multiple clouds.
The secret sauce? More than 3,000 team members (and growing!) around the world who join forces to invent the next big thing. And then the next one.
We’ve only scratched the surface of our ambitions, and as we continue to gobble up market share, we’re blazing trails and setting records:
- For seven straight years, Pure has been named a leader in the Gartner Magic Quadrant (five years in the MQ for Solid-State Arrays, and two in the newly created MQ for Primary Storage).
- Our customer-first culture and unwavering commitment to innovation have earned us a 2020 Medallia Net Promoter Score, certified by Owen CX, in the top 1% of B2B companies.
If you, like us, say “bring it on” to exciting challenges that change the world, we have endless opportunities where you can make your mark.
What You Will Be Doing
Pure Storage Product Security Incident Response Team - manages and coordinates public reporting of security vulnerability information on ALL Pure products via direct and indirect (web, cve fix database, release notes..) means to Pure Storage customers, partners, and Pure internal resources
In this role, the Product Security Incident Response Manager will:
- When Pure Storage is notified/or made aware externally of a security incident or a security vulnerability risk, the successful candidate will coordinate a product impact assessment (which products are affected by the vulnerability), work cross-functionally to prioritize the vulnerability pathology, and ensure that there is a commitment to fix/ integrate – with the secured commitment of fix/release availability.
- Collaborate with Product Engineering to prioritize resolution to security vulnerability exploits, program manage Product Security Vulnerability fix, and integration (release roadmap/ and communications), document, publish internal and external messaging to communicate the status of fix/integration details to Pure Executive leadership.
- Communicate quickly and effectively with engineers, various stakeholders, and customers about security issues and write technical documentation on security issues, including mitigations and fixes, in a clear and easy-to-understand manner
- Manage Executive level customer and product escalations relating to security.
- Drive communication with senior client stakeholders on a business problem level as well as a technical level.
- Executing and delivering work towards long-term goals and initiatives to support Pure Storage overall security posture.
- Lead security initiatives and serve as the central point of contact for Pure Storage Engineering, QA, Product Management to coordinate actions associated with internally and externally identified vulnerability.
- Act as the customer advocate in managing security risk, ensuring issues are prioritized and remediated at an appropriate velocity, escalating to senior leadership as appropriate.
- Adapt to change and effectively organizing work according to business priorities.
- Manage Executive level customer and product escalations relating to security vulnerabilities, while coordinating cross-functional teams to ensure appropriate resources have been engaged to resolve all issues.
- Drive post mortem and lessons learned on all systemically impacting security vulnerabilities, which may include a full follow-through, documentation, and implementation of all associated corrective actions.
- Engage/lead wide ranging CX initiatives as required.
What You Bring To The Team
- Strong people and project management leadership skills with minimum of 10 years of experience supporting Fortune 500 companies, preferably in Enterprise storage, virtualization, networking, or Enterprise applications industry.
- Critical Incident Management experience with the ability to work in a highly-matrixed environment.
- Strong written, verbal and presentation skills including the ability to deliver technical RCA to an executive level audience.
- Able to multitask, influence, negotiate and delegate with a strong sense of urgency and manage crisis situations outside of normal working hours as needed.
- Strategic approach to managing critical situations with creative thinking and out-of-the-box approach to solving business challenges.
- Project Management skills and familiarity of Product Security Incident Response framework.
- Dedication to understanding cause and effect. Ability to unravel complicated problem statements, and work with cross-functional teams to determine required areas of improvement.
- Ability to create policies and processes where they do not exist, develop and implement governance where required, and bring order where there is complexity and uncertainty.
Domain Knowledge
- Specific technical and business problem knowledge in one or more of the following areas:
- Vendor ecosystem knowledge
- Enterprise Cyber Risk Management
- Security Strategy and Governance
- Regulatory Compliance services (FCA, PRA, GDPR)
- Security Framework (NIST, ISO27001, Cyber Essentials etc.)
- Threat Intelligence Services
Certifications
- Hold an industry-recognized certification such as CISM, CRISC, CISSP, or equivalent.
BE YOU—CORPORATE CLONES NEED NOT APPLY.
Pure is where you ask big questions, think differently, and make an impact. This is not just a job, but a place where you have a voice and can accelerate your career. We value unique thoughts and celebrate individuality, and with ample opportunity to learn, develop yourself, and expand into different roles, joining Pure is an investment in your career journey.
Through our Pure Equality program, which supports a flourishing field of employee resource groups, we nourish the personal and professional lives of our team members. And our Pure Good Foundation gives back to local and global communities through volunteering and grants.
And because we understand the value of bringing your full and best self to work, we offer a variety of perks to manage a healthy balance, including flexible time off, wellness resources, and company-sponsored team events.
PURE IS COMMITTED TO EQUALITY.
Research shows that in order to apply for a job women feel they need to meet 100% of the criteria while men usually apply after meeting about 60%. You don't have to meet all the job requirements. If you believe you can do the job and are a good match, we encourage you to apply.
Pure is proud to be an equal opportunity and affirmative action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or any other characteristic legally protected by the laws of the jurisdiction in which you are being considered for hire.
If you need assistance or an accommodation due to a disability, you may contact us at TA-Ops@purestorage.com.
APPLICANT & CANDIDATE PERSONAL INFORMATION PRIVACY NOTICE.
If you're wondering how or why Pure collects or uses information you provide, we invite you to check out our Applicant & Candidate Personal Information Protection Notice.
DEEMED EXPORT LICENSE NOTICE.
Some positions may require a deemed export license for compliance with applicable laws and regulations. Please note: Pure does not currently sponsor deemed export license applications so we are unable to proceed with applicants requiring stated sponsorship.
Tags: CISM CISSP Compliance CRISC Exploits GDPR Governance Incident response ISO 27001 NIST Privacy Product security PSIRT Risk management Security strategy Strategy Threat intelligence Vulnerabilities
Perks/benefits: Career development Flex hours Flex vacation Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs