Global Security PSIRT Engineer

Job Summary

Net App is looking for a skilled PSIRT Engineer (IC4) to join our Global Product Security Incident Response Team. In this role, you will independently handle complex security vulnerabilities across Net App’s storage, cloud, and data management products. You will triage reports, perform technical analysis, drive fixes, and coordinate responsible disclosure.

As an IC4 engineer, you will work on high-impact issues, mentor junior team members, and help mature Net App’s PSIRT processes in alignment with ISO/IEC 30111, ISO/IEC 29147, and FIRST best practices. This is a technical, customer-focused role that directly protects Net App customers worldwide.

• Triage, verify, and conduct in-depth technical analysis of vulnerability reports from external researchers, customers, internal teams, and security tools.
• Reproduce vulnerabilities in lab environments and assess risk using CVSS (v3.1/v4.0) along with Net App-specific business and customer context.
• Collaborate with engineering teams to drive root cause analysis, develop fixes, mitigations, and workarounds, and validate their effectiveness.
• Manage the full vulnerability lifecycle, including embargo handling, coordinated disclosure (CVD), CVE-, and publication of Security Advisories.
• Work with external stakeholders such as security researchers, CERT/CC, and other vendors for multi‑party coordination.
• Support proactive vulnerability monitoring, threat intelligence, third‑party component tracking, and integration with the Secure Development Lifecycle (SDL).
• Create clear technical documentation, customer advisories, and leadership briefings.
• Mentor junior PSIRT engineers and participate in team on‑call rotation.
• Contribute to process improvements, tooling, metrics, and PSIRT maturity initiatives.

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related field (or equivalent experience).
• 5+ years of experience in security engineering, vulnerability management, incident response, or product security.
• Strong technical knowledge of operating systems (Linux/Unix), networking, storage systems, and cloud platforms (AWS, Azure, GCP).
• Hands‑on experience reproducing and analyzing security vulnerabilities.
• Solid understanding of CVSS, CVE, CWE, responsible disclosure, and coordinated vulnerability disclosure practices.
• Excellent written and verbal communication skills — able to explain complex issues clearly to both technical and non‑technical audiences.
• Proven ability to work independently and collaboratively in a global team environment.

• Previous experience working in a PSIRT, Product Security, or Vulnerability Management program.
• Familiarity with Net App products (e.g., ONTAP, Storage GRID) or enterprise storage/data management technologies.
• Scripting and automation skills (Python, Bash, Power Shell).
• Knowledge of SBOMs, software composition analysis, and supply chain security.
• Industry certifications such as CISSP, OSCP, or GIAC.
• Experience with bug bounty platforms (e.g., Hacker One).

IC – Minimum of 8 years of related experience.

Mgr & Exec – Minimum of 6 years of related experience.

Target salary range for this position is $147,900 - $220,000 USD (On Target Earnings). Compensation may vary based on location, qualifications, experience, and education. Packages include base salary, potential commission, benefits such as health, life, retirement or pension plans, paid time off, leave options, employee stock purchase plan, and restricted stock units.

Net App is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination based on age, race, color, gender, sexual orientation, gender identity, national origin, religion, disability or genetic information, pregnancy, protected veteran status, and any other protected classification.