Product Security Incident Response Manager - Remote Eligible

Product Security Incident Response Manager

Our team of security experts helps Autodesk design, build, deploy, and maintain secure products. We are embedding security in the full spectrum of how we build our products from inception, design, development, testing to how we are running them in the cloud as well as how we are responding to any existing or emerging threats to our products or the building blocks of our products and services. Our job is to be one step ahead of the bad guys and use expertise, technology, and other resources to thwart their efforts to compromise our products and the environment in which they operate. Our team keeps a single-minded focus on protecting our customer's data and their investment in our products by strengthening our applications, underlying services, and network.

As part of this team, you will help strengthen Autodesk's products by leading and scaling our external security assessments program. You will work closely with product, platform, and Trust partners to proactively identify security weaknesses through penetration testing, coordinate responsible vulnerability disclosure and security advisories, and operate a bug bounty program. In this role, you will balance hands-on technical work with people leadership, helping grow both our security engineers and Autodesk's overall security posture while staying ahead of emerging threats.

Responsibilities:

• Lead and evolve Autodesk's external security assessments program, including penetration testing, vulnerability disclosure, security advisories, and the bug bounty program
• Manage and mentor a team of application security engineers, setting clear goals, providing technical guidance, and supporting career growth
• Plan, execute, and oversee penetration testing activities across Autodesk products and services, including scoping, execution, reporting, and remediation tracking
• Act as a hands-on contributor by performing penetration tests, vulnerability validation, and technical reviews as needed
• Own Autodesk's vulnerability disclosure process, including intake, triage, coordination with product teams, and publication of security advisories
• Partner closely with PSIRT, Legal, Trust, and Product teams to ensure vulnerabilities are handled consistently and responsibly
• Manage and continuously improve the bug bounty program, including researcher engagement, triage workflows, reward strategy, and signal-to-noise optimization
• Develop metrics and reporting that communicate risk, trends, and program effectiveness to engineering leadership and senior stakeholders
• Drive improvements in tooling, automation, and processes to scale penetration testing and vulnerability management across the organization
• Serve as a trusted advisor to product teams by providing guidance on secure design, remediation strategies, and risk-based decision making

Minimum Qualifications:

• Strong experience in application security, offensive security, or vulnerability management
• Hands-on experience conducting penetration tests for web applications, APIs, or cloud services
• Experience managing or significantly contributing to a vulnerability disclosure program and/or bug bounty platform
• Prior experience leading, mentoring, or managing engineers in a technical security role
• Ability and willingness to perform individual contributor work alongside management responsibilities
• Solid understanding of common vulnerability classes and exploitation techniques (e.g., OWASP Top 10)
• Strong communication skills and comfort working with customers, engineers, product managers, and executive stakeholders
• Demonstrates high levels of ownership, sound judgment, and accountability

Preferred Qualifications:

• Experience operating a public bug bounty program (e.g., HackerOne, Bugcrowd), including researcher interaction and reward strategy
• Experience authoring or reviewing security advisories and coordinating external disclosure
• Familiarity with CI/CD pipelines, cloud-native architectures, and modern development practices
• Experience automating security workflows, testing, or reporting using scripting languages such as Python
• Exposure to regulatory, compliance, or trust-driven security requirements
• Proven ability to balance strategic program leadership with deep technical execution

About Autodesk:

Welcome to Autodesk! Amazing things are created every day with our software – from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made. We take great pride in our culture here at Autodesk – it's at the core of everything we do. Our culture guides the way we work and treat each other, informs how we connect with customers and partners, and defines how we show up in the world. When you're an Autodesker, you can do meaningful work that helps build a better world designed and made for all. Ready to shape the world and your future? Join us!

Salary is one part of Autodesk's competitive compensation package. Offers are based on the candidate's experience and geographic location. In addition to base salaries, our compensation package may include annual cash bonuses, commissions for sales roles, stock grants, and a comprehensive benefits package.

We take pride in cultivating a culture of belonging where everyone can thrive. Learn more here: https://www.autodesk.com/company/diversity-and-belonging

Are you an existing contractor or consultant with Autodesk? Please search for open jobs and apply internally (not on this external site).