Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Job Description: Senior Director of Subject Matter Expert – CTEM, RBVM, ASPM – Risk Operation Center (ROC)
Date posted: March 2026
About the job
Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!
Senior Director of Subject Matter Expert – CTEM, RBVM, CAASM – Risk Operation Center
Location: Foster City, CA, USA
Organization: Product GTM & SME
Reports To: SVP of Product Management
Role Overview
We are seeking a Senior Director – Subject Matter Expert (SME) to lead deep technical expertise and field architecture & deployment for the Qualys Enterprise TruRisk Management (ETM) platform and Risk Operations Center (ROC) operating model.
This role is a hands-on technical SME leadership position responsible for driving the architecture, deployment strategy, and customer adoption of Qualys exposure management solutions including:
• Enterprise TruRisk Management (ETM)
• Risk Operations Center (ROC)
• Cyber Risk Quantification (CRQ)
• VMDR (Vulnerability Management Detection & Response)
• CyberSecurity Asset Management (CSAM)
• External Attack Surface Management (EASM)
The Senior Director will serve as a technical authority and practitioner working directly with engineering, product management, and enterprise customers to operationalize Continuous Threat Exposure Management (CTEM) and modern risk-centric security operations - ROC
This role will lead a small elite team of 5–6 technical SMEs responsible for architecture guidance, field enablement, customer advisory, leading POC/POV and feedback into the product roadmap.
Key Responsibilities
Technical Leadership & Architecture
Act as the deep technical authority for Qualys exposure management architecture including:
• ETM risk correlation and prioritization
• ROC operational workflows
• Vulnerability management and remediation orchestration
• ASPM & CNAPP integration to Exposure Management Platform (ETM)
• Cross-domain exposure analytics across infrastructure, cloud, identity, and applications
Design and guide enterprise implementations that integrate:
• VMDR vulnerability telemetry
• Asset intelligence from CSAM
• External attack surface data from EASM
• Cloud posture insights from TotalCloud
• Application security insights from ASPM / TotalAppSec
• 3rd Party (Non-Qualys) Ecosystems such as CNAPP, AppSec, IoT/OT, Identity, CMDB, etc.
Lead the development of reference architectures and deployment models for large global enterprises.
Outbound Customer and Sales enablement Responsibilities:
Hands-On Platform Expertise
Work directly with engineering and product teams to:
• Prototype new ETM and ROC capabilities
• Validate exposure management workflows
• Test integrations with DevSecOps pipelines and CI/CD environments
• Provide technical feedback on product architecture and scalability
Provide deep expertise in:
• Vulnerability lifecycle management
• Exposure prioritization and TruRisk scoring
• Attack path analysis
• Cyber Risk quantification
• Remediation orchestration
• ASPM and application risk correlation.
Risk Operations Center (ROC) Strategy
Define how enterprises implement the Risk Operations Center model using Qualys ETM.
Develop best practices and implementation playbooks for:
• Cross-team risk prioritization
• Exposure triage workflows
• Remediation SLAs
• Executive risk reporting
• Operationalizing CTEM across security teams.
Customer Advisory & Strategic Engagement
Act as a trusted technical advisor to CISOs, security architects, and DevSecOps leaders.
Lead architecture workshops, executive technical briefings, strategic customer advisory sessions and proof-of-concept deployments.
Support major strategic and enterprise accounts globally and complex deployments
Team Leadership
Lead, mentor, and grow a team of 5–6 highly skilled technical SMEs, setting clear priorities, fostering a high-performance culture, and ensuring a strong execution rhythm.
Build and deliver scalable and repeatable playbooks for:
• Field architecture guidance
• ETM and ROC technical enablement
• ASPM, CNAPP adoption and DevSecOps integration
• Product feedback and innovation.
Build a center of excellence for exposure management architecture within the company
Product Collaboration
Partner closely with Product Management and Engineering to:
• Influence product roadmap
• Validate new capabilities
• Translate customer needs into platform improvements
• Accelerate innovation across exposure management and application security.
Required Qualifications
• 12–15+ years’ experience in cybersecurity architecture, product strategy, or technical leadership
• Deep expertise in vulnerability management and exposure management platforms
• Strong hands-on experience with application security,ASPM, and CNAPP ecosystems
• Experience designing security architectures for large enterprise environments
• Strong knowledge of cloud platforms (AWS, Azure, GCP)
• Familiarity with DevSecOps pipelines and developer security workflows
• Experience integrating security platforms across:
• Demonstrated ability to lead technical teams and influence cross-functional stakeholders.
Preferred Experience
• Experience working with platforms similar to Qualys and competitive vendor landscape focusing on RBVM, CTEM, AppSec, ASPM, CNAPP etc.
• Familiarity with frameworks such as:
• Experience working directly with enterprise CISOs and security leadership teams.
**********************************************************************************************************************
The salary range for this position is $200,000 - $235,000 per year. Final compensation will be determined based on several factors, including but not limited to skills, relevant experience, and work location. Please note this range reflects base salary and does not include incentive compensation or potential equity grants. We also offer a comprehensive and highly competitive benefits package.
Qualys is an Equal Opportunity Employer, please see our EEO policy.