Lead/Staff Engineer-Vulnerability management and security Automation, AI

Company:Qualcomm India Private Limited
Job Area:Engineering Group, Engineering Group > Software Engineering

General Summary:

As a leading technology innovator, Qualcomm pushes the boundaries of what's possible to enable next-generation experiences and drives digital transformation to help create a smarter, connected future for all. As a Qualcomm Software Engineer, you will design, develop, create, modify, and validate embedded and cloud edge software, applications, and/or specialized utility programs that launch cutting-edge, world class products that meet and exceed customer needs. Qualcomm Software Engineers collaborate with systems, hardware, architecture, test engineers, and other teams to design system-level software solutions and obtain information on performance requirements and interfaces.

Minimum Qualifications:

• Bachelor's degree in Engineering, Information Systems, Computer Science, or related field and 4+ years of Software Engineering or related work experience.
OR
Master's degree in Engineering, Information Systems, Computer Science, or related field and 3+ years of Software Engineering or related work experience.
OR
PhD in Engineering, Information Systems, Computer Science, or related field and 2+ years of Software Engineering or related work experience.
• 2+ years of work experience with Programming Language such as C, C++, Java, Python, etc.

• Title: Product Security Engineer -- Vulnerability Management

  
  
  

  About the Role:

  
  
  

  As a Product Security Engineer focused on vulnerability management, you will play a critical role in strengthening the security posture of our software systems by owning the end‑to‑end vulnerability lifecycle, from identification and assessment through remediation and reporting. This role is well suited for a hands‑on security professional with strong experience in vulnerability tracking, risk‑based prioritization, and cross‑functional execution in fast‑paced environments.

  
  
  

  Your primary focus will be managing the intake and triage of vulnerabilities across internal and third‑party software components. You will work closely with engineering teams to assess severity, impact, and exposure, prioritize remediation efforts based on risk, and drive timely resolution in alignment with organizational security policies, SLAs, and compliance requirements. You will also engage in the design, development, and maintenance of infrastructure and systems for scaling up such activities.

  
  
  

  You will work extensively with the vulnerability management infrastructure, including scanning tools, ticketing systems, and reporting dashboards that provide visibility into remediation progress and risk trends. This includes leveraging commercial platforms and custom‑built tooling to automate vulnerability tracking, analysis, and reporting, with a strong emphasis on scaling these workflows through automation and AI‑assisted capabilities.

  
  
  

  You will enable rapid and effective remediation by working directly with developers to recommend practical fixes, mitigations, and secure implementation patterns that can be readily adopted across teams.

  
  
  

  A core responsibility of the role is ensuring that vulnerability assessment and remediation prioritization are driven by real‑world risk. You will perform applicability and exploitability analysis to determine true product impact and ensure informed, risk‑based decision‑making rather than reliance on severity scores alone.

  
  
  

  You will collaborate closely with development, infrastructure, and incident response teams to ensure vulnerabilities are not only resolved but also prevented through improved processes, secure coding practices, and architectural guidance. You will also monitor external threat intelligence sources, including CVE disclosures, vendor advisories, and zero‑day reports, to identify relevant exposures and coordinate appropriate response actions.

  
  
  

  This is a hands‑on, operationally focused role that combines deep technical expertise with strong execution and collaboration. You will play a key role in driving consistent, scalable, and accountable vulnerability remediation practices across the organization.

  
  
  

  Required Qualifications

  
  
  
• Strong proven experience managing the end‑to‑end vulnerability lifecycle, including intake, triage, risk assessment, remediation tracking, and reporting.
• Demonstrated ability to perform risk‑based vulnerability prioritization, including applicability and exploitability analysis beyond raw CVSS scoring.
• Solid understanding of secure software development practices and common vulnerability classes (e.g., injection flaws, insecure dependencies, misconfigurations).
• Experience scaling vulnerability management programs through automation, custom tooling, or AI‑assisted analysis.
• Hands‑on experience with vulnerability scanning tools and remediation tracking workflows (e.g., scanners, ticketing systems, dashboards).
• Experience analyzing vulnerabilities in third‑party and open‑source software, including CVE review and vendor advisory intake.
• Ability to provide clear, actionable remediation guidance to developers, including recommended fixes and mitigation strategies.
• Proficiency in C and C++.
• Strong analytical and problem-solving skills, with the ability to assess complex technical environments.
• Excellent written and verbal communication skills.
• Ability to operate effectively in fast‑paced environments with multiple stakeholders and competing priorities.
• Familiarity with AI advances in this area.
• 
  

  Preferred Qualifications

  
  
  
• Knowledge of regulatory or compliance‑driven security requirements impacting software products (e.g., SDLC, CRA).
• Familiarity with software composition analysis (SCA), SBOMs, and vulnerability metadata such as VEX.
• Experience integrating vulnerability management with CI/CD pipelines or engineering workflows.
• Familiarity with external threat intelligence sources, including zero‑day disclosures and coordinated vulnerability response.

• Education qualifications:

  
  
  
• Bachelor’s degree in computer science, electrical engineering, or a related technical field, or equivalent practical experience.
• 2+ years of hands‑on experience in product security, vulnerability management, or other relevant application security roles.

Applicants: Qualcomm is an equal opportunity employer. If you are an individual with a disability and need an accommodation during the application/hiring process, rest assured that Qualcomm is committed to providing an accessible process. You may e-mail disability-accomodations@qualcomm.com or call Qualcomm's toll-free number found here. Upon request, Qualcomm will provide reasonable accommodations to support individuals with disabilities to be able participate in the hiring process. Qualcomm is also committed to making our workplace accessible for individuals with disabilities. (Keep in mind that this email address is used to provide reasonable accommodations for individuals with disabilities. We will not respond here to requests for updates on applications or resume inquiries).

Qualcomm expects its employees to abide by all applicable policies and procedures, including but not limited to security and other requirements regarding protection of Company confidential information and other confidential and/or proprietary information, to the extent those requirements are permissible under applicable law.

To all Staffing and Recruiting Agencies:Our Careers Site is only for individuals seeking a job at Qualcomm. Staffing and recruiting agencies and individuals being represented by an agency are not authorized to use this site or to submit profiles, applications or resumes, and any such submissions will be considered unsolicited. Qualcomm does not accept unsolicited resumes or applications from agencies. Please do not forward resumes to our jobs alias, Qualcomm employees or any other company location. Qualcomm is not responsible for any fees related to unsolicited resumes/applications.

If you would like more information about this role, please contact Qualcomm Careers.