Technical Program Manager, Vulnerability

Veeam is the Data and AI Trust Company, specializing in helping organizations ensure their data and AI are fully understood, secured, and resilient to enable the acceleration of safe AI at scale. As the market leader in both data resilience and data security posture management, Veeam is built for the convergence of identity, data, security, and AI risk. Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, who trust Veeam to keep their businesses running. Join us as we go fearlessly forward together, growing, learning, and making a real impact for some of the world’s biggest brands. About the Role We are looking for a Technical Program Manager (TPM) who can think like a security architect and execute like an engineering program lead. As Veeam Data Cloud scales, vulnerabilities are discovered across multiple layers: cloud infrastructure, containers, and product application services. This role ensures those signals are centralized, prioritized, and remediated – not just reported. You will own the end‑to‑end vulnerability management program for Veeam Data Cloud, partnering with product engineering, platform/SRE, and security engineers. You’ll shape strategy and process, but you’ll also dive into technical details with teams to understand impact, negotiate trade‑offs, and drive closure across both infrastructure and application layers. What You’ll Do Own the end‑to‑end vulnerability management lifecycle across cloud infrastructure, platforms, containers, operating systems, and application services Lead intake and triage of vulnerabilities from scanners, cloud security tools, AppSec testing, penetration tests, bug bounty, and manual reports Drive risk‑based prioritization by combining technical severity with business context such as service criticality, data sensitivity, and exposure Act as the single‑threaded owner coordinating remediation across engineering, platform, and security teams, with clear ownership and SLAs Partner with infrastructure and application security teams to reduce recurring risk through hardened baselines, shared libraries, and design improvements Build and maintain dashboards and executive‑ready reporting on vulnerability exposure, aging, trends, and remediation progress Continuously improve vulnerability processes and tooling by integrating workflows into CI/CD, issue tracking, and release processes Technologies You'll Work With Cloud‑native, multi‑tenant SaaS environments using Azure, AWS, GCP, Kubernetes, containers, and microservices A broad set of security tooling, including vulnerability scanners, SAST/DAST, SCA, cloud security posture tools, and vulnerability management platforms Modern engineering languages and frameworks such as GoLang, Python, React, Vue, TypeScript and Pulumi What You’ll Bring 5+ years of experience in security, cloud infrastructure, or platform‑focused technical roles Proven experience leading complex, cross‑team technical programs in security, cloud infrastructure, or platform engineering Ability to turn a large, ambiguous vulnerability backlog into a clear, prioritized roadmap with owners, milestones, and measurable outcomes Strong understanding of infrastructure/cloud and application‑level vulnerabilities, including misconfigurations, dependency risk, and authn/authz issues Comfort working closely with security engineers and developers on architectures, designs, and vulnerability findings Technical fluency without a daily coding requirement; you are not expected to write production code, but can engage deeply with technical details and scanner output Data‑driven mindset, using metrics such as vulnerability aging, SLAs, and repeat findings to influence priorities and explain risk to non‑security stakeholders Strong communication and influence skills, with a track record of aligning teams and driving outcomes without direct authority #LI-SO2 What you'll get Unlimited paid time off, 12 paid hol ... (truncated, view full listing at source)