**Introduction** Sr. Manager - Vulnerability Management & Product Security About HashiCorp, an IBM Company HashiCorp addresses development, operations, and security challenges within infrastructure, enabling organizations to concentrate on core business initiatives. Millions of users leverage our open source software for provisioning, securing, connecting, and running infrastructure across diverse applications. The Global 2000 utilizes our enterprise software to expedite application delivery and foster innovation through software solutions. We are seeking a Sr. Manager, Vulnerability Management & Product Security to strengthen and scale our security program. This role will focus on improving how we identify, assess, and remediate vulnerabilities across our cloud and self-managed product suite — while driving automation and integration of compliance processes across our platforms and pipelines. You will work closely with engineering, product management, IT, and compliance stakeholders to embed security and compliance as a continuous, automated part of development and operations. This role is ideal for a technically proficient leader who thrives in a high-autonomy environment and is passionate about building secure, scalable systems and teams. **Your role and responsibilities** In this role, your responsibilities will include: * Lead and expand the vulnerability management and compliance automation programs across HashiCorp’s products and infrastructure. * Oversee the end-to-end lifecycle of product vulnerabilities - from discovery and triage to remediation and reporting. Ensuring timely identification, triage, and remediation across multiple environments - including CI/CD pipelines, runtime infrastructure, and third-party dependencies. * Design and implement automated compliance controls and reporting mechanisms integrated into CI/CD pipelines and cloud infrastructure that align with frameworks such as SOC 2, ISO 27001, PCI and FedRAMP. * Partner with engineering, product, and infrastructure teams to embed security into development workflows and prioritize security-related features and fixes. * Build and mentor a team of high-performing security engineers, providing technical guidance, career development, and performance feedback. * Collaborate with product and infrastructure teams to prioritize remediation work, track progress, and raise risk and impacts effectively. * Monitor and respond to emerging threats and vulnerabilities, driving rapid mitigation strategies and long-term improvements. * Develop metrics and dashboards to measure the health and maturity of vulnerability management and compliance programs. * Serve as a subject matter expert on vulnerability management, compliance automation, and secure development practices. * Contribute to strategic planning and roadmap development for vulnerability management initiatives, with a focus on automation, scalability, and measurable impact. * Lead the design and deployment of security tools and integrations that support vulnerability scanning, compliance checks, and secure development practices. * Assess and communicate risk posture to stakeholders, providing clear visibility into vulnerabilities, mitigations, and compliance status. * Oversee and contribute to product-specific and program-level security initiatives and activities being undertaken by members of the Product Security team. * Assist leadership to develop strategic plans and long-term roadmaps * Conduct threat modeling of HashiCorp’s products, services, and associated cloud infrastructure. * Manage design & implementation of security solutions across the product life-cycle, such as standalone security tools, CI/CD pipeline integrations, product security features/fixes, etc. * Act as SME on multiple information security areas (e.g. security architecture, application security, threat modeling etc.) **Required technical and professional expertise** * 14+ years of experience in product security or vulnerability management * Proven experience managing managers and/or multiple teams. * Demonstrated success building or scaling a vulnerability management, compliance automation program, and/or product security programs in a cloud-native environment. * Proven leadership and team management experience. * Strong understanding of cloud-native architectures (AWS, GCP, Azure) and containerized environments (Kubernetes, Nomad, Docker). * Experience integrating security and compliance tools into CI/CD pipelines (e.g., GitHub Actions, Jenkins, GitLab CI). * Familiarity with security scanning tools and services (SCA, SAST, DAST, CSPM, IaC scanning, etc.) and how to operationalize their results. * Excellent communication and stakeholder engagement skills. * Deep understanding of vulnerability lifecycle management, from discovery to remediation and verification. * Experience automating compliance evidence collection and control validation against industry frameworks (SOC 2, PCI, FedRAMP, etc.). * Strong leadership, communication, and stakeholder management skills — able to balance technical detail with business context. * Ability to prioritize and manage multiple projects, leading with data-driven decision-making and risk-based prioritization. **Preferred technical and professional experience** * Professional security certifications such as CISSP, CISM, or relevant cloud certifications (e.g., AWS Certified Security - Specialty). * Deep knowledge of a specific major cloud provider (e.g., AWS Security Hub, GCP Security Command Center) and optimizing native security services for cost and effectiveness. * Experience with Policy-as-Code tools like Cloud Custodian, or Sentinel for enforcing security and compliance controls at scale. * Experience in a fast-paced, high-growth environment, demonstrating the ability to rapidly adapt security strategy and tooling to meet evolving business needs. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.