Product Security Operations Engineer (14)

Title: Product Security Operations Engineer

Location: Remote in Bay area

Duration: 2+ Months
About the Role

As the Member of Technical Staff focused on Product Security Operations, you will be a primary driver for managing and remediating third-party and open-source risk across the Nutanix portfolio. This is a high-impact engineering role that combines technical depth with the ability to navigate complex organizational structures. The mission is to move beyond triage and lead the strategic management of our external dependencies. We are looking for a solutions-oriented engineer who can translate security requirements into actionable goals and dismantle the bottlenecks that prevent large-scale library upgrades and patches.
About the Team

The Nutanix PSIRT is a growing center of excellence dedicated to the security of our products and the trust of our customers. We focus on "doing the right thing" by our users, investing in proactive defense, data-driven decisions, and long-term vision for product integrity. Our team values collaborative engineering and the pursuit of operational excellence. As we scale to meet hyperscale demands, we are looking for people who are passionate about building resilient security systems and driving cross-functional alignment to keep our products secure.
Responsibilities

• Third-Party Library Management: Act as a technical lead for managing external dependencies, driving the strategy and execution for upgrades and patching across multiple product lines.
• Cross-Functional Orchestration: Work closely with stakeholders across Engineering, Product Management, and DevOps to prioritize security requirements and align them with existing release roadmaps.
• Policy & Requirements Articulations: Translate high-level security policies into clear, actionable product requirements and technical guidance that development teams can implement effectively.
• Operational Visibility: Leverage data, including Software BIll of Materials (SBOM) and asset intelligence, to identify systemic risks in the supply chain and report on remediation progress to leadership.
• Initiative Management: Drive security projects with a focus on clear ownership, milestone tracking, and proactively resolving conflicts in priority to ensure successful delivery.

Qualifications
What you'll bring to the team:

• Remediation & Ops Experience: 5+ years in Security Operations, DevSecOps, or Product Security, with a track record of managing and reducing security debt in complex environments.
• Stakeholder Influence: A proven ability to communicate technical security risks to various audiences and build consensus across disparate engineering teams.
• Strategic Thinking: Experience interpreting security policies and turning them into practical, technical requirements for developers.
• Technical Breadth: A deep understanding of the software development lifecycle (SDLC) and the complexities involved in upgrading core libraries in a large-scale environment.
• Programmatic Mindset: Exceptional organizational skills and the ability to manage complex, multi-quarter security initiatives from start to finish.

Bonus points if you have:

• Proficiency in scripting (e.g., Python, Go) to automate the tracking of library versions and vulnerability status.
• Familiarity with supply chain security standards (such as SBOM/VEX) and SCA (Software Composition Analysis) tooling.
• Experience in a global, distributed environment where managing cross-functional dependencies is a core part of the culture.
• A background in Technical Program Management (TPM) or Engineering Management.