Manager, Global Vulnerability Management
Why PlayStation?
PlayStation isn’t just the Best Place to Play — it’s also the Best Place to Work. Today, we’re recognized as a global leader in entertainment producing The PlayStation family of products and services including PlayStation®5, PlayStation®4, PlayStation®VR, PlayStation®Plus, acclaimed PlayStation software titles from PlayStation Studios, and more.
PlayStation also strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team.
The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Group Corporation.
We’re seeking a hands-on leader in Vulnerability Management to join SIE’s Information Security organization — and help us protect the future of PlayStation! You’ll lead a distributed team responsible for identifying, prioritizing, and remediating vulnerabilities across our platforms, applications, websites, and cloud environments, while evolving traditional vulnerability management into a modern threat exposure management practice. Together, we’ll unify security findings across multiple sources and ensure our partners have the visibility and context needed to take timely action on the risks that matter most.
This is a hands-on leadership role: while you will guide people and tasks to help scale leadership capacity, you’ll also stay directly engaged in technical work. From vulnerability assessments and exploit research to collaborating with engineers on remediation strategies, you’ll balance leadership with hands-on contributions. Ideal for an experienced engineer ready to step into management, or for a technical manager who wants to stay hands-on while leading a distributed team!
Responsibilities
- Lead, mentor, and develop a high-performing Global Vulnerability Management team, providing both strategic direction and day-to-day support. Build team capabilities while fostering a collaborative, pragmatic, and results-driven culture.
- Own the full vulnerability lifecycle - from discovery to remediation - and ensure processes are scalable and effective across diverse technology stacks.
- Guide the team’s transition from traditional vulnerability management toward a more advanced, exposure-focused approach that prioritizes true business risk and operational impact.
- Personally contribute to technical analysis, conducting vulnerability scans, security reviews, and exploit research. Provide actionable guidance on mitigation strategies and ensure findings are validated before being shared with stakeholders.
- Collaborate with partners across information security disciplines - such as engineering, governance and risk management, product/application security - to unify findings, improve reporting, and ensure accountability for remediation.
- Partner with security operations teams, including incident response and threat intelligence teams, to align vulnerability data with active threats, strengthen detection, and support response efforts.
- Support and collaborate on container security and build pipeline scanning initiatives, applying full-spectrum vulnerability management practices even when tools or processes are owned by other teams.
- Drive the integration of automation and intelligence into vulnerability workflows, enabling smarter prioritization and faster response.
- Leverage data analytics platforms such as Domo and Snowflake to deliver enriched vulnerability insights, ensuring findings and recommendations are clearly presented to stakeholders and leadership.
- Remain current with emerging threats, continuously research evolving exploit techniques, and assess their potential impact on the business. Use this insight to inform prioritization decisions and strengthen remediation guidance.
- Provide clear, contextualized reporting on vulnerability trends, remediation progress, and overall exposure posture to security leadership and business stakeholders, ensuring that risks are communicated in both technical and executive terms.
Basic Qualifications
- Bachelor’s degree in Computer Science, Information Security, or equivalent experience (8–10+ years).
- Previous experience managing or leading a technical team, with responsibility for people and program outcomes.
- Demonstrable experience in vulnerability management, exposure management, or related areas within large-scale enterprise environments.
- Demonstrated ability to lead or mentor teams while also remaining actively engaged in technical execution.
- Strong knowledge of vulnerabilities across operating systems, applications, cloud services, and hybrid infrastructure.
- Hands-on experience with vulnerability scanning platforms and integrations.
- Proficiency in Python and SQL for automation, analysis, and reporting of vulnerability data.
- Superb communication and collaboration skills, with the ability to influence both technical staff and senior leaders.
Preferred Qualifications
- Experience evolving a traditional vulnerability management function into a more advanced exposure management capability.
- Familiarity with continuous threat exposure management (CTEM) or equivalent frameworks for scoping, discovery, prioritization, validation, and mobilization.
- Experience with container security, build pipeline scanning, and integration of vulnerability management into CI/CD workflows.
- Practical experience using data analytics platforms (Domo, Snowflake) to present and operationalize security findings.
- Proven success managing global or distributed teams, particularly through organizational or program transformation.
- Strong multi-functional partnership experience across IT, engineering, and security operations functions.
Please refer to our Candidate Privacy Notice for more information about how we process your personal information, and your data protection rights.
At SIE, we consider several factors when setting each role’s base pay range, including the competitive benchmarking data for the market and geographic location.
Please note that the base pay range may vary in line with our hybrid working policy and individual base pay will be determined based on job-related factors which may include knowledge, skills, experience, and location.
In addition, this role is eligible for SIE’s top-tier benefits package that includes medical, dental, vision, matching 401(k), paid time off, wellness program and coveted employee discounts for Sony products. This role also may be eligible for a bonus package. Click here to learn more.
This is a flexible role that can be remote, with varying pay ranges based on geographic location. For example, if you are based out of Seattle, the estimated base pay range for this role is listed below.
$179,300 - $268,900 USD
Equal Opportunity Statement:
Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to gender (including gender identity, gender expression and gender reassignment), race (including colour, nationality, ethnic or national origin), religion or belief, marital or civil partnership status, disability, age, sexual orientation, pregnancy, maternity or parental status, trade union membership or membership in any other legally protected category.
We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond.
PlayStation is a Fair Chance employer and qualified applicants with arrest and conviction records will be considered for employment.
Apply for this job
*
indicates a required field