Director/Sr Director of Product Management RBVM, CTEM, ASM Risk Operation Center (ROC)
Qualys is seeking a Director / Sr. Director of Product Management to lead its flagship Risk-Based Vulnerability Management (RBVM) product powered by Qualys VMDR and drive the evolution toward Continuous Threat Exposure Management (CTEM) via Qualys ETM.
Location: Foster City, CA, USA Organization: Product GTM & SME Reports To: SVP of Product Management
Role Overview
This leader will own the end-to-end product strategy, execution, and business performance of VMDR, serving 8,000+ global customers, while driving the transition from vulnerability management ? risk-based prioritization ? autonomous remediation ? CTEM platform adoption.
You will lead a team of 5+ product managers, partner with engineering, GTM, and field teams, and directly influence revenue growth, customer retention, and platform expansion.
What You Will Be Doing
Product Ownership: VMDR (RBVM)
This role sits at the intersection of VMDR (execution) ? ETM (risk platform), part of ROC (Risk Operation Center)
What Makes This Role Unique
- Own Qualys' flagship product (VMDR) used by thousands of enterprises
- Drive transition from VM ? CTEM platform leadership
- Build Agentic AIpowered security workflows
- Direct impact on revenue, growth, and company strategy
- Lead the next evolution of cybersecurity: autonomous risk reduction
Strategic Mandate (What You'll Really Be Doing)
- Turning VMDR into the front door of Qualys platform growth
- Using AI + workflows to drive customer expansion into ETM
- Building the industry's first autonomous RemOps + CTEM platform
Key Responsibilities
Product Leadership - Own VMDR as a Business (P&L Mindset)
- Own product strategy, roadmap, and execution for VMDR
- Lead and mentor a team of 5+ Product Managers
- Drive innovation across:
- vulnerability prioritization (RBVM)
- remediation workflows
- asset-risk correlation
- Deliver features that reduce MTTR and improve risk reduction outcomes
Business Ownership (Revenue + Growth)
- Own end-to-end business metrics:
- ARR / revenue growth for VMDR product line
- Customer renewals and retention
- Cross-sell and upsell into:
- ETM
- CSAM
- Patch / Remediation solutions
- Partner with GTM teams to:
- Drive pipeline generation
- Enable Sales with product positioning
- Define pricing and packaging strategy
Customer-Centric Innovation (ShortMid Term)
- Drive customer deal-breaker capabilities including:
- Scalable remediation workflows and automation
- Better prioritization beyond CVSS (business context, exploitability)
- Improved reporting, dashboards, and executive insights
- Seamless ITSM / DevOps integrations
- Cross-asset visibility (cloud, endpoint, identity)
- Translate customer friction ? product wins ? revenue growth
- Lead RBVM ? CTEM Evolution
- Define roadmap to evolve VMDR into:
- Risk-based vulnerability management (RBVM)
- Exposure management platform
- CTEM-aligned workflows
- Build tight integration with:
- CSAM (asset context)
- ETM (risk aggregation and prioritization)
- Drive VMDR "Deal Breaker" Requirements (018 months)
- Identify and deliver top customer gaps blocking large deals, such as:
- Faster prioritization accuracy (TruRisk improvements)
- Better remediation workflows (ownership, SLA tracking)
- Reporting and executive dashboards
- Scalable performance for large enterprises
- Partner with field (SEs, TAMs) to capture:
- Competitive losses
- Renewal risks
- Enterprise feature gaps
- Design Agentic AI Workflows (Next-Gen Differentiation)
- Lead innovation in Agentic AI-driven vulnerability remediation, including:
- Intelligent prioritization agents (what to fix first)
- Remediation planning agents (patch vs mitigate vs isolate)
- Workflow orchestration agents (who should fix it)
- Autonomous nudges and recommendations
Success Metrics
- VMDR revenue growth and market share
- ETM attach rate (VMDR ? ETM conversion)
- Customer retention and renewal rates
- MTTR reduction across customer base
- Adoption of new AI-driven features
- Pipeline contribution and deal acceleration
Experience required
Experience working with platforms like Qualys and competitive vendor landscape focusing on RBVM, CTEM, AppSec, ASPM, CNAPP etc.
- 1015+ years in Product Management (cybersecurity preferred)
- Deep expertise in:
- Vulnerability Management
- Risk-Based VM (RBVM)
- Exposure Management / CTEM
- Proven experience owning large-scale enterprise products
- Strong understanding of:
- cloud, endpoint, identity, and application security
- Experience working with:
- CISOs, CIOs, and security teams
Preferred
- Experience building AI/ML-driven security products
- Knowledge of:
- attack surface management
- remediation workflows
- ITSM / DevOps integrations
- Track record of:
- scaling products from platform ? ecosystem
- driving upsell / cross-sell motions
Product Context
Qualys VMDR
- Unified platform to discover, assess, prioritize, and remediate vulnerabilities across hybrid environments
- AI-driven prioritization and integrated patch workflows
- Core revenue engine and entry point for Qualys customers
Qualys CSAM
- Continuous asset discovery across IT, cloud, containers, identities
- Provides business context and asset criticality for risk prioritization
Qualys ETM
- Aggregates risk signals across Qualys and third-party tools
- Delivers unified risk scoring, prioritization, and remediation orchestration
***************************************************************************************************************
The salary range for this position is $210,000 - $240,0