Technical Program Manager, Product Security

BeyondTrust is a place where you can bring your purpose to life through the work that you do, creating a safer world through our cybersecurity SaaS portfolio.

Our culture of flexibility, trust, and continual learning means you will be recognized for your growth, and for the impact you make on our success. You will be surrounded by people who challenge, support, and inspire you to be the best version of yourself.

The Role

We're hiring a Technical Program Manager to own the operational backbone of Product Security: the processes, tracking, metrics, and cross-org coordination that keep vulnerability remediation moving from finding to fix at scale.

You'll report to the VP of Product Security and own the remediation lifecycle end to end: making sure validated findings get prioritized, tracked, driven to closure, and reported accurately. You're the person who knows where every critical finding is, what's blocking it, and who needs to do what by when.

This role sits at the center of the Product Security organization. You'll work daily with Security Architects, the Product Security Engineering Manager, and Product Security Engineers internally, and with Engineering, Product Management, Customer Support, Customer Trust, and Cyber Defense externally. When a pen test report lands, a bug bounty submission comes in, or a security exception is requested, you own the process that drives it to resolution.

Our Product Security organization operates AI-first. The remediation processes and workflows you own will be built on Claude and LLM-driven automation. You'll drive AI-first approaches to triage routing, status tracking, metrics generation, stakeholder reporting, and exception management

What You’ll Do

• Vulnerability Remediation Program Own the end-to-end remediation process from validated finding through fix verification. Define and enforce SLAs by severity, track progress across engineering teams, escalate aging findings, and drive blockers to resolution. When something stalls, you find out why and fix the process or escalate.
• Pen Test & Bug Bounty Coordination Organize third-party penetration tests: scoping, scheduling, vendor coordination, finding intake, and tracking through remediation. Own the operational side of the bug bounty program, ensuring researcher submissions are acknowledged, triaged, validated, and resolved within committed timelines.
• Security Kanban & Tracking Build and maintain security kanban boards that give the entire organization visibility into vulnerability status: internal findings, pen test results, bug bounty submissions, and security exceptions. These boards are the single source of truth. Engineering knows what's on their plate, security leadership knows the posture, and Customer Trust has what they need for customer conversations.
• AI-First Process Automation Use Claude and LLM platforms to automate finding intake and routing, generate status reports, flag at-risk SLAs, draft stakeholder communications, and surface patterns that indicate systemic issues. Focus your time on judgment and coordination by letting AI handle the repetitive tracking.
• Exception Management Own the security exception process: intake, risk documentation, approval routing, time-bound tracking, and expiration enforcement. When an engineering team requests an exception, you ensure it's documented with clear risk context, reviewed by the right people, and actively tracked to expiration.
• Metrics & Reporting Own Product Security metrics: mean time to remediate, SLA compliance, finding aging, exception counts, recurrence rates, coverage by product. Build reporting that serves the VP (portfolio posture), engineering leaders (their team's queue), and Customer Trust (defensible data for customer security reviews).
• Stakeholder Coordination Coordinate with Engineering and Product Management on remediation prioritization and release planning. Work with Customer Support and Customer Trust on vulnerability status for customer inquiries and security questionnaires. Partner with Cyber Defense on findings that cross product and infrastructure boundaries. Keep Security Architects and Product Security Engineers aligned on remediation status.

What You’ll Bring

Required

• 5+ years in Technical Program Management, Security Program Management, or a similar role driving cross-functional security programs
• Experience owning vulnerability management processes end to end: intake, triage, tracking, SLA enforcement, exception management, and reporting
• You've coordinated pen tests, bug bounty programs, or external security assessments and driven findings through remediation across multiple engineering teams
• Hands-on experience using LLM platforms (Claude, OpenAI, or similar) to automate program management workflows such as reporting, triage routing, status tracking, or stakeholder communications
• Strong stakeholder management across technical and non-technical audiences. You can drive an engineering team to hit an SLA, brief a VP on portfolio risk, and give Customer Trust what they need for a customer call
• Experience building and maintaining tracking systems (Jira, kanban boards, dashboards) that serve as a reliable single source of truth
• You understand security vulnerabilities well enough to have credible conversations about severity, risk, and remediation priority, and to evaluate whether pushback from engineering on a finding is technically sound

Preferred

• Experience in a Product Security or Application Security organization
• Background building AI-native program management workflows or process automation
• Familiarity with SAST, DAST, SCA, and pen testing outputs and how findings flow into remediation
• Experience working with Customer Trust, Customer Support, or GRC teams on security questionnaires and customer-facing vulnerability communications
• Background in enterprise security products, endpoint security, identity platforms, or SaaS security

How We'll Measure Success

• Remediation SLAs are met consistently across severity levels.
• Security kanban boards are the trusted single source of truth that engineering, security, and Customer Trust reference directly.
• Pen test and bug bounty findings are tracked from intake to closure with full coverage.
• AI-driven workflows handle the bulk of status tracking, reporting, and stakeholder communications.
• Security exceptions are documented, time-bound, and actively managed through expiration.
• Stakeholders across Engineering, Product Management, Customer Trust, and Cyber Defense have the information they need when they need it.

Better Together

Diversity. Inclusion. They’re more than just words for us. They are the guiding values of how we build our teams, cultivate leaders, and create a culture where people feel connected.

We take care of our employees so they can take care of our customers. Customers who come from all walks of life just like us. We hire incredible people from diverse backgrounds because when we are different together, we are stronger together.

About Us

BeyondTrust is the global identity security leader protecting Paths to Privilege™. Our identity-centric approach goes beyond securing privileges and access, empowering organizations with the most effective solution to manage the entire identity attack surface and neutralize threats, whether from external attacks or insiders.

BeyondTrust is leading the charge in transforming identity security to prevent breaches and limit the blast radius of attacks, while creating a superior customer experience and operational efficiencies. We are trusted by 20,000 customers, including 75 of the Fortune 100, and our global ecosystem of partners.

Learn more at www.beyondtrust.com. 

#LI-DF1