Senior Manager, Vulnerability Validation & Verification - USDS
Listed on 2026-07-03
-
IT/Tech
Cybersecurity, Systems Engineer
Senior Manager, Application Vulnerability Validation About the Team
The Validation and Verification (VnV) organization ensures the security and reliability of our products by validating that security controls are implemented correctly, operating effectively, and delivering measurable risk reduction across the enterprise.
VnV operates across a continuous security lifecycle:
Prevent → Assure → Test → Fix → Prove, ensuring that security posture is not only designed and tested, but continuously validated in real‑world conditions.
We are seeking a Senior Manager to architect, scale, and lead our Application Vulnerability Validation team based in San Jose.
This is a highly strategic leadership position, moving far beyond administrative backlog management. Your organization serves as the definitive validation layer for code safety. Your team will ingest raw telemetry from SAST, DAST, and SCA tooling to answer the critical questions:
Is this vulnerability exploitable in production, and does it present a viable path for an attacker?
- Deep Technical Execution
:
Lead a specialized engineering team in manual vulnerability validation, proof‑of‑concept development, and complex attack‑path mapping across web, mobile, and API surfaces. - Engineering & Automation
:
Design the automation and tooling strategy required to scale this function. Leverage advanced workflows and agentic AI to minimize false positives at the source and convert expert human judgment into reusable code.
- Team Leadership & Capability Building
:
Hire, mentor, and technically direct a high‑performing team of Application Security engineers. Establish rigorous operational standards and define the benchmark for technical excellence within the function. - Automation & Next‑Generation Triage
:
Drive the strategy and hands‑on development of our automated App Sec pipeline. Architect custom tooling, scanner‑API integrations, and LLM‑assisted triage systems to drastically accelerate analysis and eliminate false positives before they require human intervention. - Advanced Vulnerability Verification
:
Oversee deep‑dive technical analysis across web, mobile (iOS/Android), and API endpoints, ensuring the team moves beyond automated scanner outputs to confirm true production exploitability. - Attack Path & Blast Radius Analysis
:
Drive contextual, systemic analysis of how vulnerabilities chain across a massive software supply chain, proactively identifying risks to sensitive data or critical infrastructure. - Cross‑Functional Collaboration
:
Build durable, collaborative relationships with U.S. and global engineering product teams to implement strategic, systemic mitigations rather than temporary patches. - Technical Advisory
:
Serve as a principal internal consultant, providing precise, actionable, and architecturally sound secure‑coding guidance to product and platform teams.
Minimum Qualifications
- Proven App Sec Leadership
: A demonstrable track record of leadership within Application Security, Product Security, or Software Security Engineering. Candidates typically bring 5 years of domain experience, including formal team management. - Engineering & Scripting Fluency
:
Strong proficiency in software development and scripting (Python, Go, Java, or JavaScript) to interface with scanner APIs and build scalable internal automation platforms. - Tooling & Ecosystem Expertise
:
Deep familiarity with orchestrating and optimizing enterprise SAST/DAST/SCA platforms (e.g., Checkmarx, Veracode, Burp Suite Enterprise, Snyk, Git Hub Advanced Security). - Modern Architecture Literacy
: A strong conceptual and practical understanding of microservices, service mesh, CI/CD pipelines, Kubernetes, Docker, and API gateways.
Preferred Qualifications
- Advanced technical certifications demonstrating deep hands‑on expertise (e.g., OSWE, OSWA, GWE, CASE, CSSLP).
- Experience navigating massive, highly distributed architectures and coordinating remediation across multi‑national engineering organizations.
- Experience utilizing formal threat‑modeling frameworks on complex features to proactively map systemic risk.
- Exceptional communication and influence skills—the ability…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).