Security Program Specialist

About the Role: We are a team that brought you Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner, dedicated to providing cybersecurity, privacy, and identity protection to over 500 million users in 150 countries. At Gen, we offer flexible working options, generous time off, and competitive benefits in a diverse and inclusive environment where every team member is valued and celebrated. If you are smart, fearless, and dedicated, join us to power Digital Freedom and help consumers take control of their digital lives. We’re looking for an independent, driven security professional who thrives at the intersection of security, DevOps, and delivery. In this role, you will translate legal and security framework requirements into clear, actionable vulnerability management and remediation programs that operate across multiple Security and DevOps teams. You’ll help design, operationalize, and continually improve our vulnerability management lifecycle, from identification and triage through prioritization and remediation to validation and reporting. This includes secure development practices within regulatory frameworks guiding vulnerability handling, coordinated disclosure, SBOM transparency, patch management, and post-deployment monitoring. You will track, report, and escalate progress, risks, and dependencies, partnering closely with a Senior Project Manager and reporting to senior leadership. If you enjoy making complex requirements practical, measurable, and delivered—this is for you. Key Responsibilities: Translate requirements → action: Break down legal, regulatory (including Cyber Resiliency Act), and security framework obligations into prioritized, testable tasks for engineering and platform teams. Define concrete technical control requirements across vulnerability detection, remediation SLAs, secure configuration baselines, SBOM management, and coordinated disclosure processes. Own the vulnerability management lifecycle: Drive end-to-end vulnerability management across infrastructure, cloud, applications, containers, and third-party components—including scanning, triage, risk-based prioritization (CVSS exploitability business impact), remediation tracking, validation, and closure. Integrate security into CI/CD: Partner closely with the Application Security team to support SAST, DAST, SCA, container, IaC, and cloud configuration scanning into CI/CD pipelines. Ensure findings are automatically ticketed, risk-ranked, and tracked to resolution with measurable SLAs. Orchestrate implementation: Coordinate work across multiple security domains (e.g., IAM, vuln mgmt, cloud security, appsec) and DevOps/Platform teams to drive consistent adoption. Plan & track delivery: Build delivery plans, track milestones, manage dependencies, and maintain a single source of truth (e.g., Jira/Azure Boards). Stakeholder management: Align with product owners, architects, and security SMEs; resolve blockers and facilitate decisions. Metrics & reporting: Develop actional dashboards that show vulnerability aging, SLA compliance, backlog trends, recurring vulnerability patterns, report status, risks exposure, and remediation plans to senior leadership in concise dashboards. Control mapping & evidence: Help map vulnerability management practices to regulatory frameworks and collect/curate evidence for audits. Continuous improvement: Standardize templates, automate playbooks and evidence collection, and reduce manual triage effort to advance processes and program maturity. Partner with PM: Work hand-in-hand with a Senior PM to align scope, timelines, compliance deadlines, and cross-team execution. About You: Practical exposure or experience (typically 3–5 years) in vulnerability management, security engineering, or security program delivery in a cloud/software environment. Demonstrated ability to work independently and drive outcomes across multiple teams. Working understanding of regulatory security requirements and dem ... (truncated, view full listing at source)