Global Security PSIRT Engineer

Job Description

## Job Summary NetApp is looking for a skilled PSIRT Engineer (IC4) to join our Global Product Security Incident Response Team. In this role, you will independently handle complex security vulnerabilities across NetApp’s storage, cloud, and data management products. You will triage reports, perform technical analysis, drive fixes, and coordinate responsible disclosure. As an IC4 engineer, you will work on high-impact issues, mentor junior team members, and help mature NetApp’s PSIRT processes in alignment with ISO/IEC 30111, ISO/IEC 29147, and FIRST best practices. This is a technical, customer-focused role that directly protects NetApp customers worldwide ## Job Responsibilities Triage, verify, and conduct in-depth technical analysis of vulnerability reports from external researchers, customers, internal teams, and security tools. Reproduce vulnerabilities in lab environments and assess risk using CVSS (v3.1/v4.0) along with NetApp-specific business and customer context. Collaborate with engineering teams to drive root cause analysis, develop fixes, mitigations, and workarounds, and validate their effectiveness. Manage the full vulnerability lifecycle, including embargo handling, coordinated disclosure (CVD), CVE-ID requests, and publication of Security Advisories. Work with external stakeholders such as security researchers, CERT/CC, and other vendors for multi-party coordination. Support proactive vulnerability monitoring, threat intelligence, third-party component tracking, and integration with the Secure Development Lifecycle (SDL). Create clear technical documentation, customer advisories, and leadership briefings. Mentor junior PSIRT engineers and participate in team on-call rotation. Contribute to process improvements, tooling, metrics, and PSIRT maturity initiatives. ## Job Requirements Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related field (or equivalent experience). 5 years of experience in security engineering, vulnerabi…