Technical Program Manager, Security - Coordinated Vulnerability Disclosure

📋 Description

• Own end-to-end CVD program strategy and execution.
• Lead internal triage and QA of AI findings.
• Design tiered disclosure timelines by severity.
• Build pacing and submission models for findings.
• Lead external coordination with maintainers and vendors.
• Establish program metrics and reporting.

🎯 Requirements

• 10+ years in cybersecurity or vulnerability management; 4+ years leading disclosure programs.
• Deep understanding of coordinated vulnerability disclosure with CERT/CC or MITRE CVE.
• Familiar with vulnerability discovery tooling, static analysis, fuzzing (OSS-Fuzz, CodeQL), triage workflows.
• Experience engaging with open-source maintainers and governance dynamics.
• Proven TPM or similar role in security with cross-org program leadership.
• Executive communication skills; ability to influence senior leadership and C-suite.

🎁 Benefits

• Competitive compensation and benefits.
• Optional equity donation matching.
• Generous vacation and parental leave.
• Flexible working hours.
• Lovely office space.