Product Security Incident Response Manager

About the Role

The Product Security Incident Response Manager at Autodesk leads efforts to protect customer data and investment in Autodesk products by managing external security assessments and guiding a team of security engineers. This role balances hands-on technical work with leadership, ensuring proactive identification of vulnerabilities and effective incident response.

Key Responsibilities

• Lead and evolve external security assessments including penetration tests.
• Manage and mentor a team of application security engineers.
• Oversee vulnerability disclosure, security advisories, and bug bounty program.
• Collaborate with PSIRT, Legal, Trust, and Product teams for consistent risk handling.
• Drive improvements in testing, reporting, tooling, and automation.

Qualifications

Candidates should have strong experience in application security, offensive security, or vulnerability management with hands-on penetration testing experience, a proven track record in vulnerability disclosure programs, and prior leadership experience in technical security roles. Solid understanding of common vulnerability classes (eg, OWASP Top 10) and excellent communication skills are essential.

Preferred Qualifications

• Experience managing public bug bounty programs (HackerOne, Bugcrowd).
• Familiarity with CI/CD pipelines and cloud-native architectures.
• Experience automating security workflows using scripting languages such as Python.

About Autodesk

Autodesk is a leader in software that transforms ideas into reality. Our culture is built on innovation, diversity, and a commitment to a better future.

Key skills/competency

• Penetration Testing
• Vulnerability Management
• Bug Bounty
• Security Advisories
• Application Security
• Leadership
• Risk Management
• Cloud Security
• OWASP
• Automation