Global Security PSIRT Engineer

NetApp Inc

Morrisville, NC

JOB DETAILS
SALARY
$147,900–$220,000 Per Year
SKILLS
Amazon Web Services (AWS), Analysis Skills, Artificial Intelligence (AI), Bash Scripting, Best Practices, CISSP - Certified Information Systems Security Professional, Cloud Computing, Cloud Storage, Communication Skills, Computer Science, Computer Security, Customer Relations, Data Management, Data Storage, Embedded Systems, GCP (Good Clinical Practices), GIAC - Global Information Assurance Certification, ISO (International Organization for Standardization), Incident Response, Integrated Circuits (ICs), International Electro-Technical Commission (IEC), Internet Security, Laboratory Analysis, Leadership, Linux Operating System, Machine Tool, Mentoring, Metrics, Microsoft Windows Azure, NetApp Storage Systems, On Call, Operating Systems, Presentation/Verbal Skills, Problem Solving Skills, Process Improvement, Product Lifecycle, Publications, Python Programming/Scripting Language, Risk Analysis, Root Cause Analysis, SDL (Specification and Description Language), Scripting (Scripting Languages), Security Analysis, Supply Chain, Technical Analysis, Technical Writing, Unix Operating Systems, Windows PowerShell, Writing Skills
LOCATION
Morrisville, NC
POSTED
11 days ago

Job Summary

NetApp is looking for a skilled PSIRT Engineer (IC4) to join our Global Product Security Incident Response Team.

In this role, you will independently handle complex security vulnerabilities across NetApp's storage, cloud, and data management products. You will triage reports, perform technical analysis, drive fixes, and coordinate responsible disclosure.

As an IC4 engineer, you will work on high-impact issues, mentor junior team members, and help mature NetApp's PSIRT processes in alignment with ISO/IEC 30111, ISO/IEC 29147, and FIRST best practices. This is a technical, customer-focused role that directly protects NetApp customers worldwide

Job Responsibilities

Triage, verify, and conduct in-depth technical analysis of vulnerability reports from external researchers, customers, internal teams, and security tools.

Reproduce vulnerabilities in lab environments and assess risk using CVSS (v3.1/v4.0) along with NetApp-specific business and customer context.

Collaborate with engineering teams to drive root cause analysis, develop fixes, mitigations, and workarounds, and validate their effectiveness.

Manage the full vulnerability lifecycle, including embargo handling, coordinated disclosure (CVD), CVE-ID requests, and publication of Security Advisories.

Work with external stakeholders such as security researchers, CERT/CC, and other vendors for multi-party coordination.

Support proactive vulnerability monitoring, threat intelligence, third-party component tracking, and integration with the Secure Development Lifecycle (SDL).

Create clear technical documentation, customer advisories, and leadership briefings.

Mentor junior PSIRT engineers and participate in team on-call rotation.

Contribute to process improvements, tooling, metrics, and PSIRT maturity initiatives.

Job Requirements

Bachelor's degree in Computer Science, Cybersecurity, Engineering, or a related field (or equivalent experience).

5+ years of experience in security engineering, vulnerability management, incident response, or product security.

Strong technical knowledge of operating systems (Linux/Unix), networking, storage systems, and cloud platforms (AWS, Azure, GCP).

Hands-on experience reproducing and analyzing security vulnerabilities.

Solid understanding of CVSS, CVE, CWE, responsible disclosure, and coordinated vulnerability disclosure practices.

Excellent written and verbal communication skills - able to explain complex issues clearly to both technical and non-technical audiences.

Proven ability to work independently and collaboratively in a global team environment.

Preferred Qualifications

Previous experience working in a PSIRT, Product Security, or Vulnerability Management program.

Familiarity with NetApp products (e.g., ONTAP, StorageGRID) or enterprise storage/data management technologies.

Scripting and automation skills (Python, Bash, PowerShell).

Knowledge of SBOMs, software composition analysis, and supply chain security.

Industry certifications such as CISSP, OSCP, or GIAC.

Experience with bug bounty platforms (e.g., HackerOne).

Education

IC - Typically requires a minimum of 8 years of related experience.Mgr & Exec - Typically requires a minimum of 6 years of related experience.

Compensation:

The target salary range for this position is 147,900 - 220,000 USD. The salary offered will be determined by the candidate's location, qualifications, experience, and education and may be outside of this range. The range is based on 'On Target Earnings' (OTE) representing the total potential earnings, which is the sum of the base salary and potential commission earned when performance targets are achieved. Final compensation packages are competitive and in line with industry standards, reflecting a variety of factors, and include a comprehensive benefits package. This may cover Health Insurance, Life Insurance, Retirement or Pension Plans, Paid Time Off, various Leave options, employee stock purchase plan, and/or restricted stocks (RSU's). These offerings are subject to regional variations and governed by local laws, regulations, and company policies. We will provide detailed information about the specific benefits for your region during the recruitment process.

At NetApp, we embrace a hybrid working environment designed to strengthen connection, collaboration, and culture for all employees. This means that most roles will have some level of in-office and/or in-person expectations, which will be shared during the recruitment process.

Equal Opportunity Employer:

NetApp is firmly committed to Equal Employment Opportunity (EEO) and to compliance with all federal, state and local laws that prohibit employment discrimination based on age, race, color, gender, sexual orientation, gender identity, national origin, religion, disability or genetic information, pregnancy, protected veteran status, and any other protected classification.

Why You'll Thrive at NetApp

At NetApp, you won't wait for the perfect moment-you'll make it. The early planning, the extra thought, the bold idea that turns good into great: That's how our people operate and how we continue to push the boundaries of data infrastructure.

NetApp is the trusted partner for organizations transforming data into opportunity. As the only enterprise-grade storage service natively embedded in Google Cloud, AWS, and Microsoft Azure, we empower customers to run everything from traditional workloads to enterprise AI with unmatched performance, resilience, and security.

Our culture

We celebrate mold breakers, bold thinkers, and problem solvers. We reward initiative, impact, and ownership. We provide flexibility so you can balance professional ambition with your personal life. Here, differences are not just welcomed-they drive everything we do.

If you're ready to innovate, rise to the challenge, and own every moment - make your next move your best one. Apply now.

About the Company

N

NetApp Inc