Manager, Global Vulnerability Management
Why PlayStation?
PlayStation isn’t just the Best Place to Play — it’s also the Best Place to Work. Today, we’re recognized as a global leader in entertainment producing The PlayStation family of products and services including PlayStation®5, PlayStation®4, PlayStation®VR, PlayStation®Plus, acclaimed PlayStation software titles from PlayStation Studios, and more.
PlayStation also strives to create an inclusive environment that empowers employees and embraces diversity. We welcome and encourage everyone who has a passion and curiosity for innovation, technology, and play to explore our open positions and join our growing global team.
The PlayStation brand falls under Sony Interactive Entertainment, a wholly-owned subsidiary of Sony Group Corporation.
We’re seeking a hands-on leader in vulnerability management and threat exposure management to join SIE’s Information Security organization and help protect the future of PlayStation. This role is for a technically strong security leader with deep vulnerability and remediation experience who can lead engineers, make sound technical decisions, and personally contribute to reducing material security risk across platforms, applications, websites, cloud environments, and build pipelines.
You’ll lead a distributed team focused on turning security findings into measurable risk reduction by driving prioritized remediation, improving visibility across multiple finding sources, and evolving traditional vulnerability management into a more modern, exposure-focused practice grounded in exploitability, business context, and operational action.
Responsibilities
- Lead, mentor, and develop a high-performing Global Vulnerability Management team, building technical depth, analytical rigor, and measurable security outcomes. Build team capabilities while setting a high bar for technical depth, analytical rigor, and measurable security outcomes.
- Own and improve the end-to-end vulnerability and exposure management lifecycle across diverse technology stacks, from discovery and validation through remediation and closure verification.
- Drive risk reduction by prioritizing the exposures that matter most using exploitability, asset criticality, threat intelligence, attacker tradecraft, and business context rather than severity scores alone.
- Perform and review technical analysis of vulnerabilities and exposures, including exploit research, validation, root cause analysis, compensating controls, and remediation recommendations.
- Partner with engineering, infrastructure, product security, governance/risk, security operations, incident response, and threat intelligence teams to drive remediation, improve accountability for risk treatment, and align priorities to active threats.
- Support security coverage across cloud, containers, CI/CD pipelines, internet-facing services, and application ecosystems, including areas where tooling is owned by adjacent teams.
- Drive automation and data operationalization across vulnerability ingestion, enrichment, prioritization, workflow orchestration, and reporting using Python, SQL, and platforms such as Domo and Snowflake.
- Deliver clear reporting to leadership on exposure trends, remediation progress, control gaps, and areas requiring escalation.
Basic Qualifications
- Bachelor’s degree in Computer Science, Information Security, or equivalent practical experience; typically 8–10+ years in security engineering, vulnerability management, offensive security, detection engineering, infrastructure security, or related technical roles.
- Experience leading or managing a technical security team with accountability for both people leadership and delivery outcomes.
- Demonstrated ability to assess whether findings are truly exploitable or materially risky and translate that analysis into prioritized remediation plans.
- Strong hands-on background in vulnerability assessment, validation, remediation strategy, and security engineering across enterprise, cloud, and application environments.
- Deep knowledge of vulnerabilities and exposures across cloud, container, CI/CD, and software supply chain environments, including common exploitation patterns, risk considerations, and remediation approaches.
- Hands-on experience with vulnerability scanning platforms, security data integrations, engineering workflows, and the use of Python and SQL to automate and operationalize security data.
- Superb communication and collaboration skills, including the ability to challenge technical assumptions, partner with engineers, and escalate risk clearly when needed.
Preferred Qualifications
- Prior hands-on experience in vulnerability research, exploit development, penetration testing, red teaming, security architecture, or remediation engineering.
- Experience building or maturing a risk-based vulnerability management or threat exposure management program in a large-scale environment.
- Familiarity with CTEM concepts and practical judgment on how to apply them in an enterprise context.
- Experience using analytics and data platforms to correlate vulnerability data with threat intelligence, exploit availability, asset criticality, and compensating controls to improve prioritization and measure remediation outcomes.
- Success leading geographically distributed teams and working across IT, engineering, and security operations functions.
- Strong multi-functional partnership experience across IT, engineering, and security operations functions.
#LI-TP1
Please refer to our Candidate Privacy Notice for more information about how we process your personal information, and your data protection rights.
At SIE, we consider several factors when setting each role’s base pay range, including the competitive benchmarking data for the market and geographic location.
Please note that the base pay range may vary in line with our hybrid working policy and individual base pay will be determined based on job-related factors which may include knowledge, skills, experience, and location.
In addition, this role is eligible for SIE’s top-tier benefits package that includes medical, dental, vision, matching 401(k), paid time off, wellness program and coveted employee discounts for Sony products. This role also may be eligible for a bonus package. Click here to learn more.
This is a flexible role that can be remote, with varying pay ranges based on geographic location. For example, if you are based out of Seattle, the estimated base pay range for this role is listed below.
$163,000 - $244,400 USD
Please note, Sony Interactive Entertainment conducts background checks at the offer stage for all new employees (which may include criminal background checks for some roles) and will need to process personal information to support these checks.
Please refer to our Candidate Privacy Notice for more information about what personal information we collect, how we use it, who we share it with, and your data protection rights.
Equal Opportunity Statement:
Sony is an Equal Opportunity Employer. All persons will receive consideration for employment without regard to gender (including gender identity, gender expression and gender reassignment), race (including colour, nationality, ethnic or national origin), religion or belief, marital or civil partnership status, disability, age, sexual orientation, pregnancy, maternity or parental status, trade union membership or membership in any other legally protected category.
We strive to create an inclusive environment, empower employees and embrace diversity. We encourage everyone to respond.
PlayStation is a Fair Chance employer and qualified applicants with arrest and conviction records will be considered for employment.
Apply for this job
*
indicates a required field