Product Security Incident Response Expert

Location: 100% remote (Poland)

Responsibilities:

• Design and implement the operational PSIRT vulnerability lifecycle: intake, triage, risk assessment, remediation tracking, disclosure, closure

• Lead vulnerability triage and risk assessment activities: exploitability analysis, product/system exposure, operational impact evaluation, and mapping CVE/CVSS data to engineering remediation priorities

• Define and operationalize severity assessment frameworks combining CVSS scoring with contextual impact modifiers such as safety, reliability, regulatory exposure, and operational risk

• Create triage workflows, prioritization criteria, escalation models, and decision frameworks balancing remediation urgency with business and engineering constraints

• Advise on tooling and workflow architecture (ServiceNow VM or equivalent, vulnerability management platforms, SIEM/SOAR integration), including ticket/state life cycles, metadata schemas, and engineering handover points

• Define required metadata and taxonomy: product lineage, firmware versions, asset hierarchies, ownership, exploitability flags, and incident/event taxonomies

• Develop PSIRT process artifacts: SOPs, triage playbooks, classification criteria, RACI models, escalation trees, remediation SLAs, disclosure workflows, regulatory notification procedures

• Coordinate integration with SOC, SIEM/SOAR pipelines, DevOps, R&D engineering, product security, and operations; design alert triggers and remediation handoff processes

• Support tooling configuration and rollout: data model requirements, required fields, escalation triggers, dashboards, metrics, audit evidence requirements

• Translate strategic PSIRT frameworks into practical operational practices and backlog integration models (SLAs, remediation prioritization, engineering handover)

• Provide training, onboarding, and knowledge transfer to internal teams and local delivery leads; act as a PSIRT subject matter authority

• Monitor and improve PSIRT KPIs, dashboards, and post incident/lessons learned processes

  
  

Requirements:

• Deep expertise in PSIRT, product security, or pre CERT operations; experience with industrial, embedded/OT/IoT, safety critical, or complex software products

• Strong hands on experience in vulnerability triage, CVE analysis, exploitability assessment, and prioritized remediation planning

• Proficiency with CVSS and building severity models incorporating contextual modifiers

• Experience with ServiceNow Vulnerability Management (preferred) or tools such as Kenna, Tenable, Qualys, Jira workflows, or other VM platforms

• Ability to design data models and metadata taxonomies for vulnerabilities, assets, firmware/product lineage, and ownership

• Understanding of SOC/SIEM/SOAR interactions and alert to PSIRT pipeline design

• Experience translating security processes into engineering backlog models, SLAs, and remediation tracking

• Ability to create operational documentation: SOPs, playbooks, RACI matrices, escalation flows, disclosure and regulatory workflows

• Capability to define metrics, dashboards, and audit evidence requirements for governance and compliance

  
  

Soft Skills:

• Strong stakeholder management across security, engineering, operations, and product organizations

• Excellent analytical skills and attention to operational detail

• Ability to translate strategic direction into actionable, repeatable operational practices

• Clear and concise communicator; strong technical writing skills for playbooks, SOPs, tooling requirements

• Consulting mindset with adaptability to distributed leadership and collaborative delivery models

• Coaching and mentoring skills to upskill teams and engineers

• Fluent English; additional language skills beneficial

  
  

Offer:

• Multisport card

• Private healthcare (Medicover)

• Access to an e-learning platform

• Group life insurance