Technical Program Manager, Vulnerability

About the Role

We are looking for a Technical Program Manager (TPM) who can think like a security architect and execute like an engineering program lead. As Veeam Data Cloud scales, vulnerabilities are discovered across multiple layers: cloud infrastructure, containers, and product application services. This role ensures those signals are centralized, prioritized, and remediated – not just reported.

You will own the end‑to‑end vulnerability management program for Veeam Data Cloud, partnering with product engineering, platform/SRE, and security engineers. You’ll shape strategy and process, but you’ll also dive into technical details with teams to understand impact, negotiate trade‑offs, and drive closure across both infrastructure and application layers.

What You’ll Do

• Own the end‑to‑end vulnerability management lifecycle across cloud infrastructure, platforms, containers, operating systems, and application services
• Lead intake and triage of vulnerabilities from scanners, cloud security tools, AppSec testing, penetration tests, bug bounty, and manual reports
• Drive risk‑based prioritization by combining technical severity with business context such as service criticality, data sensitivity, and exposure
• Act as the single‑threaded owner coordinating remediation across engineering, platform, and security teams, with clear ownership and SLAs
• Partner with infrastructure and application security teams to reduce recurring risk through hardened baselines, shared libraries, and design improvements
• Build and maintain dashboards and executive‑ready reporting on vulnerability exposure, aging, trends, and remediation progress
• Continuously improve vulnerability processes and tooling by integrating workflows into CI/CD, issue tracking, and release processes

Technologies You'll Work With

• Cloud‑native, multi‑tenant SaaS environments using Azure, AWS, GCP, Kubernetes, containers, and microservices
• A broad set of security tooling, including vulnerability scanners, SAST/DAST, SCA, cloud security posture tools, and vulnerability management platforms
• Modern engineering languages and frameworks such as GoLang, Python, React, Vue, TypeScript and Pulumi

What You’ll Bring

• 5+ years of experience in security, cloud infrastructure, or platform‑focused technical roles
• Proven experience leading complex, cross‑team technical programs in security, cloud infrastructure, or platform engineering
• Ability to turn a large, ambiguous vulnerability backlog into a clear, prioritized roadmap with owners, milestones, and measurable outcomes
• Strong understanding of infrastructure/cloud and application‑level vulnerabilities, including misconfigurations, dependency risk, and authn/authz issues
• Comfort working closely with security engineers and developers on architectures, designs, and vulnerability findings
• Technical fluency without a daily coding requirement; you are not expected to write production code, but can engage deeply with technical details and scanner output
• Data‑driven mindset, using metrics such as vulnerability aging, SLAs, and repeat findings to influence priorities and explain risk to non‑security stakeholders
• Strong communication and influence skills, with a track record of aligning teams and driving outcomes without direct authority

#LI-SO2