Sr Director, Product Security Assurance and Vulnerability Remediation, PSIRT

Your CareerAre you ready to lead the charge in securing a global enterprise and building the next generation of information security leaders?At Palo Alto Networks, we are on a mission to redefine what it means to be secure in today’s digital-first world. As we continue our rapid global expansion, we are seeking a highly accomplished and visionary Senior Director to lead our Product Security Assurance and Vulnerability Remediation programs, including the Product Security Incident Response Team (PSIRT). This is an incredible opportunity to shape the future of our information security posture, collaborate with cutting-edge engineering teams, and build a world-class security organization in one of the fastest-growing markets.Your ImpactAs the Sr. Director of PSIRT, you will be at the heart of our global security strategy, with the unique opportunity to build, scale, and lead an elite PSIRT team. Your strategic leadership will drive the integration of security into all phases of the product lifecycle, manage global vulnerability response efforts, and ensure risk-based remediation processes are executed efficiently. You will inspire innovation, mentor the next generation of security leaders, and ensure that our security practices are both proactive and scalable.Leadership & StrategyDefine and lead the enterprise strategy for product security assurance, secure development lifecycle (SDL), and vulnerability remediation.Build and manage a global PSIRT function, including team structure, tooling, processes, and training.Represent the product security function in executive forums, board updates, customer meetings, and industry engagements.Vulnerability Management & RemediationOversee the end-to-end vulnerability remediation lifecycle, ensuring timely triage, risk assessment, and remediation of security vulnerabilities across product lines.Lead the vulnerability disclosure program in collaboration with legal, PR, and engineering stakeholders.Oversee the communication process for customer notifications, advisories, and regulatory disclosures.Incident Response (PSIRT)Manage the PSIRT team’s response to product security incidents, including investigation, containment, root cause analysis, and postmortem reportingManage the responsible disclosure process for product vulnerabilities, including coordination with external security researchers, government CERT teams (e.g., CISA), and industry organizations.Collaboration & ComplianceCollaborate closely with engineering, product management, legal, compliance and customer support teams to prioritize and implement security fixes and patches to meet obligations for product security disclosures (e.g., ISO/IEC 30111, NIST 800-161, SBOM)Support due diligence, customer audits, and internal/external assessments related to product security posture.Influence secure software supply chain practices, including open-source risk management and SBOM generation.