Manager, Global Vulnerability Management

We're seeking a hands-on leader in vulnerability management and threat exposure management to join SIE's Information Security organization and help protect the future of PlayStation. This role is for a technically strong security leader with deep vulnerability and remediation experience who can lead engineers, make sound technical decisions, and personally contribute to reducing material security risk across platforms, applications, websites, cloud environments, and build pipelines.

You'll lead a distributed team focused on turning security findings into measurable risk reduction by driving prioritized remediation, improving visibility across multiple finding sources, and evolving traditional vulnerability management into a more modern, exposure-focused practice grounded in exploitability, business context, and operational action.

• Lead, mentor, and develop a high-performing Global Vulnerability Management team, building technical depth, analytical rigor, and measurable security outcomes. Build team capabilities while setting a high bar for technical depth, analytical rigor, and measurable security outcomes.
• Own and improve the end-to-end vulnerability and exposure management lifecycle across diverse technology stacks, from discovery and validation through remediation and closure verification.
• Drive risk reduction by prioritizing the exposures that matter most using exploitability, asset criticality, threat intelligence, attacker tradecraft, and business context rather than severity scores alone.
• Perform and review technical analysis of vulnerabilities and exposures, including exploit research, validation, root cause analysis, compensating controls, and remediation recommendations.
• Partner with engineering, infrastructure, product security, governance/risk, security operations, incident response, and threat intelligence teams to drive remediation, improve accountability for risk treatment, and align priorities to active threats.
• Support security coverage across cloud, containers, CI/CD pipelines, internet-facing services, and application ecosystems, including areas where tooling is owned by adjacent teams.
• Drive automation and data operationalization across vulnerability ingestion, enrichment, prioritization, workflow orchestration, and reporting using Python, SQL, and platforms such as Domo and Snowflake.
• Deliver clear reporting to leadership on exposure trends, remediation progress, control gaps, and areas requiring escalation.

• Bachelor's degree in Computer Science, Information Security, or equivalent practical experience; typically 8-10+ years in security engineering, vulnerability management, offensive security, detection engineering, infrastructure security, or related technical roles.
• Experience leading or managing a technical security team with accountability for both people leadership and delivery outcomes.
• Demonstrated ability to assess whether findings are truly exploitable or materially risky and translate that analysis into prioritized remediation plans.
• Strong hands-on background in vulnerability assessment, validation, remediation strategy, and security engineering across enterprise, cloud, and application environments.
• Deep knowledge of vulnerabilities and exposures across cloud, container, CI/CD, and software supply chain environments, including common exploitation patterns, risk considerations, and remediation approaches.
• Hands-on experience with vulnerability scanning platforms, security data integrations, engineering workflows, and the use of Python and SQL to automate and operationalize security data.
• Superb communication and collaboration skills, including the ability to challenge technical assumptions, partner with engineers, and escalate risk clearly when needed.

• Prior hands-on experience in vulnerability research, exploit development, penetration testing, red teaming, security architecture, or remediation engineering.
• Experience building or maturing a risk-based vulnerability management or threat exposure management program in a large-scale environment.
• Familiarity with CTEM concepts and practical judgment on how to apply them in an enterprise context.
• Experience using analytics and data platforms to correlate vulnerability data with threat intelligence, exploit availability, asset criticality, and compensating controls to improve prioritization and measure remediation outcomes.
• Success leading geographically distributed teams and working across IT, engineering, and security operations functions.
• Strong multi-functional partnership experience across IT, engineering, and security operations functions.

#LI-TP1