Software Vulnerability Program Manager (SRO)

by | Jun 8, 2019

DELL
  • Full Time
  • Cork, Ireland
  • Applications have closed

Website Dell

Software Vulnerability Program Manager

Cork, Ireland

Dell is the world’s largest technology company, helping people with their digital transformation journey and changing society as we know it in the process.  Voted among the world’s most ethical companies and included on Fortune’s list of most admired companies, we seek men and women who share our values and want to participate in transforming the way people live and work through technology.

The Software Vulnerability Program Manager has the responsibility to oversee, manage, and report on product security incident response program adoption, operational execution, and maturity. They will work across a large, globally dispersed engineering organization to ensure vulnerability management and PSIRT activities are performed, program objectives are reached, and service level objectives are met, in order to proactively identify, assess, remediate, and respond to externally reported software vulnerabilities in proprietary and component code for 100+ software applications developed by decentralized software development teams including third party developers.

Partnering with hundreds of engineering colleagues, central SRO Product and Application Security (PAS) teams, and Dell Technologies Services leadership, the Software Vulnerability Program Manager will drive response for critical software applications that all predictive, proactive, and remote support services to our global customer base.

The ideal candidate will be adaptable and forward-leaning, and always looking for ways to enable the business in a compliant, secure, and resilient manner.

Key Responsibilities

  • Help build and manage a Vulnerability Response Team (VRT) consisting of representatives from engineering, product management, marketing, and communications who will play a key role interfacing with the Dell Technologies PSIRT and Dell leadership team
  • Create, oversee, and administer bi-annual tabletop exercises of the VRT
  • Identify and create training opportunities for the technical support personnel to learn how to handle and respond to known or suspected product vulnerability incidents – in collaboration with the SRO Product and Application Security team
  • Identify opportunities to integrate PSIRT processes into customer support services for quick detection and response.
  • Integrate vulnerability management processes into the software release model(s).
  • Keep relevant stakeholders update on any open PSIRT engagements, status of vulnerability remediation, and risks and dependencies to on time remediation.
  • Create and report on PSIRT program adoption, activity integration, and capability maturity through key metric collection and scorecard reporting and dashboard reporting.
  • Oversee and report on compliance and maturity in the creation of software bill of materials, identification, assessment, and remediation of open source and component software vulnerabilities.
  • Ensure penetration test and related third party security validation test findings are tracked and remediation program managed and reported on.
  • Assist with program management of software product end of life due to customer security requirements and vulnerability remediation – together with the Product Security Architect

Essential Requirements

  • Requires 8+ years of related experience in a professional role with a Bachelor’s degree; or 6+ years with a Master’s degree; or 3+ years with a PhD; or equivalent experience.  Preference given for candidates with management information systems, computer science, engineering or related fields of study.
  • Ability to operate effectively in a fast-paced environment with competing and shifting priorities
  • Ability to work collaboratively and effectively as part of a larger matrixed organization
  • Ability to confidently and effectively present complex technical topics to senior non-technical audiences
  • Experience performing software vulnerability management and governance
  • Results-driven and accountability-minded
  • Travel, some international, expected to be <10%

Desirable Requirements

  • Experience explaining software vulnerability remediation plans to non-technical audiences
  • Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) or related professional certification preferred.  Project Management Professional (PMP) or related certification
  • Experience with, and interpretation and consultation on the results of scans from Black Duck, WhiteSource, nexB, or related tools
  • Crisis communications experience a plus

Benefits

We offer highly competitive salaries, bonus programs, world-class benefits, and unparalleled growth and development opportunities — all to create a compelling and rewarding work environment.

If you can keep groundbreaking projects on track, this is your opportunity to develop with Dell.

Apply Now!

Dell is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Dell are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Dell will not tolerate discrimination or harassment based on any of these characteristics. Learn more about Diversity and Inclusion at Dell here.

Job Family: SRO Information-TechnologyJob ID: R76923