×
Register Here to Apply for Jobs or Post Jobs. X

Senior Manager, Vulnerability Validation & Verification - USDS

Job in San Jose, Santa Clara County, California, 95199, USA
Listing for: TikTok USDS Joint Venture
Full Time position
Listed on 2026-07-03
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 199800 - 441600 USD Yearly USD 199800.00 441600.00 YEAR
Job Description & How to Apply Below
Position: Senior Manager, Application Vulnerability Validation & Verification - USDS

Senior Manager, Application Vulnerability Validation About the Team

The Validation and Verification (VnV) organization ensures the security and reliability of our products by validating that security controls are implemented correctly, operating effectively, and delivering measurable risk reduction across the enterprise.

VnV operates across a continuous security lifecycle:
Prevent → Assure → Test → Fix → Prove, ensuring that security posture is not only designed and tested, but continuously validated in real‑world conditions.

Role Overview

We are seeking a Senior Manager to architect, scale, and lead our Application Vulnerability Validation team based in San Jose.

This is a highly strategic leadership position, moving far beyond administrative backlog management. Your organization serves as the definitive validation layer for code safety. Your team will ingest raw telemetry from SAST, DAST, and SCA tooling to answer the critical questions:
Is this vulnerability exploitable in production, and does it present a viable path for an attacker?

Strategic Pillars
  • Deep Technical Execution
    :
    Lead a specialized engineering team in manual vulnerability validation, proof‑of‑concept development, and complex attack‑path mapping across web, mobile, and API surfaces.
  • Engineering & Automation
    :
    Design the automation and tooling strategy required to scale this function. Leverage advanced workflows and agentic AI to minimize false positives at the source and convert expert human judgment into reusable code.
Responsibilities
  • Team Leadership & Capability Building
    :
    Hire, mentor, and technically direct a high‑performing team of Application Security engineers. Establish rigorous operational standards and define the benchmark for technical excellence within the function.
  • Automation & Next‑Generation Triage
    :
    Drive the strategy and hands‑on development of our automated App Sec pipeline. Architect custom tooling, scanner‑API integrations, and LLM‑assisted triage systems to drastically accelerate analysis and eliminate false positives before they require human intervention.
  • Advanced Vulnerability Verification
    :
    Oversee deep‑dive technical analysis across web, mobile (iOS/Android), and API endpoints, ensuring the team moves beyond automated scanner outputs to confirm true production exploitability.
  • Attack Path & Blast Radius Analysis
    :
    Drive contextual, systemic analysis of how vulnerabilities chain across a massive software supply chain, proactively identifying risks to sensitive data or critical infrastructure.
  • Cross‑Functional Collaboration
    :
    Build durable, collaborative relationships with U.S. and global engineering product teams to implement strategic, systemic mitigations rather than temporary patches.
  • Technical Advisory
    :
    Serve as a principal internal consultant, providing precise, actionable, and architecturally sound secure‑coding guidance to product and platform teams.
Qualifications

Minimum Qualifications

  • Proven App Sec Leadership
    : A demonstrable track record of leadership within Application Security, Product Security, or Software Security Engineering. Candidates typically bring 5 years of domain experience, including formal team management.
  • Engineering & Scripting Fluency
    :
    Strong proficiency in software development and scripting (Python, Go, Java, or JavaScript) to interface with scanner APIs and build scalable internal automation platforms.
  • Tooling & Ecosystem Expertise
    :
    Deep familiarity with orchestrating and optimizing enterprise SAST/DAST/SCA platforms (e.g., Checkmarx, Veracode, Burp Suite Enterprise, Snyk, Git Hub Advanced Security).
  • Modern Architecture Literacy
    : A strong conceptual and practical understanding of microservices, service mesh, CI/CD pipelines, Kubernetes, Docker, and API gateways.

Preferred Qualifications

  • Advanced technical certifications demonstrating deep hands‑on expertise (e.g., OSWE, OSWA, GWE, CASE, CSSLP).
  • Experience navigating massive, highly distributed architectures and coordinating remediation across multi‑national engineering organizations.
  • Experience utilizing formal threat‑modeling frameworks on complex features to proactively map systemic risk.
  • Exceptional communication and influence skills—the ability…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary