Senior Director of Subject Matter Expert - CTEM, RBVM, ASPM - Risk Operation Center (ROC)

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!Job Description: Senior Director of Subject Matter Expert - CTEM, RBVM, ASPM - Risk Operation Center (ROC)Date posted: March 2026About the jobCome work at a place where innovation and teamwork come together to support the most exciting missions in the world!Senior Director of Subject Matter Expert - CTEM, RBVM, CAASM - Risk Operation CenterLocation: Foster City, CA, USAOrganization: Product GTM & SMEReports To: SVP of Product ManagementRole OverviewWe are seeking a Senior Director - Subject Matter Expert (SME) to lead deep technical expertise and field architecture & deployment for the Qualys Enterprise TruRisk Management (ETM) platform and Risk Operations Center (ROC) operating model.This role is a hands-on technical SME leadership position responsible for driving the architecture, deployment strategy, and customer adoption of Qualys exposure management solutions including:Enterprise TruRisk Management (ETM)Risk Operations Center (ROC)Cyber Risk Quantification (CRQ)VMDR (Vulnerability Management Detection & Response)CyberSecurity Asset Management (CSAM)External Attack Surface Management (EASM)The Senior Director will serve as a technical authority and practitioner working directly with engineering, product management, and enterprise customers to operationalize Continuous Threat Exposure Management (CTEM) and modern risk-centric security operations - ROCThis role will lead a small elite team of 5-6 technical SMEs responsible for architecture guidance, field enablement, customer advisory, leading POC/POV and feedback into the product roadmap.Key ResponsibilitiesTechnical Leadership & ArchitectureAct as the deep technical authority for Qualys exposure management architecture including:ETM risk correlation and prioritizationROC operational workflowsVulnerability management and remediation orchestrationASPM & CNAPP integration to Exposure Management Platform (ETM)Cross-domain exposure analytics across infrastructure, cloud, identity, and applicationsDesign and guide enterprise implementations that integrate:VMDR vulnerability telemetryAsset intelligence from CSAMExternal attack surface data from EASMCloud posture insights from TotalCloudApplication security insights from ASPM / TotalAppSec3rd Party (Non-Qualys) Ecosystems such as CNAPP, AppSec, IoT/OT, Identity, CMDB, etc.Lead the development of reference architectures and deployment models for large global enterprises.Outbound Customer and Sales enablement Responsibilities:Develop sales enablement collateral, including customer product presentations, decks and demo scripts.Help develop messaging and product positioning in collaboration with PM and PMMs leads.Research the competitive landscape, determine how competitors are positioned and develop optimized positioning strategies and support documents for the CTEM, CAASM, CRQ, and RBVM.Educate the sales team on how to address competitors in the field with Qualys' unique positioning.Develop collateral and be an expert on CTEM and RBVM technology and terminology.Be an expert in explaining the product to sales and be involved with demos and presentations to customers.Foster strong relationships with customers to gather feedback, understand pain points, and translate insights into product requirements.Design, deliver, and train the Qualys Sales Team on value-based demonstration of our productsHands-On Platform ExpertiseWork directly with engineering and product teams to:Prototype new ETM and ROC capabilitiesValidate exposure management workflowsTest integrations with DevSecOps pipelines and CI/CD environmentsProvide technical feedback on product architecture and scalabilityProvide deep expertise in:Vulnerability lifecycle managementExposure prioritization and TruRisk scoringAttack path analysisCyber Risk quantificationRemediation orchestrationASPM and application risk correlation.Risk Operations Center (ROC) StrategyDefine how enterprises implement the Risk Operations Center model using Qualys ETM.Develop best practices and implementation playbooks for:Cross-team risk prioritizationExposure triage workflowsRemediation SLAsExecutive risk reportingOperationalizing CTEM across security teams.Customer Advisory & Strategic EngagementAct as a trusted technical advisor to CISOs, security architects, and DevSecOps leadersLead architecture workshops, executive technical briefings, strategic customer advisory sessions and proof-of-concept deployments.Support major strategic and enterprise accounts globally and complex deploymentsTeam LeadershipLead, mentor, and grow a team of 5-6 highly skilled technical SMEs, setting clear priorities, fostering a high-performance culture, and ensuring a strong execution rhythm.Build and deliver scalable and repeatable playbooks for:Field architecture guidanceETM and ROC technical enablementASPM, CNAPP adoption and DevSecOps integrationProduct feedback and innovation.Build a center of excellence for exposure management architecture within the companyProduct CollaborationPartner closely with Product Management and Engineering to:Influence product roadmapValidate new capabilitiesTranslate customer needs into platform improvementsAccelerate innovation across exposure management and application security.Required Qualifications12-15+ years' experience in cybersecurity architecture, product strategy, or technical leadershipDeep expertise in vulnerability management and exposure management platformsStrong hands-on experience with application security,ASPM, and CNAPP ecosystemsExperience designing security architectures for large enterprise environmentsStrong knowledge of cloud platforms (AWS, Azure, GCP)Familiarity with DevSecOps pipelines and developer security workflowsExperience integrating security platforms across:Exposure ManagementVulnerability managementApplication securityCloud securityAsset managementIdentity security.Demonstrated ability to lead technical teams and influence cross-functional stakeholders.Preferred ExperienceExperience working with platforms similar to Qualys and competitive vendor landscape focusing on RBVM, CTEM, AppSec, ASPM, CNAPP etc.Familiarity with frameworks such as:Continuous Threat Exposure Management (CTEM)Zero TrustNIST Cybersecurity FrameworkMITRE ATT&CK.Experience working directly with enterprise CISOs and security leadership teams.The salary range for this position is $200,000 - $235,000 per year. Final compensation will be determined based on several factors, including but not limited to skills, relevant experience, and work location. Please note this range reflects base salary and does not include incentive compensation or potential equity grants. We also offer a comprehensive and highly competitive benefits package.Qualys is an Equal Opportunity Employer, please see our EEO policy.