Jobs · himalayas

G

Principal Product Security Incident Responder

Keystone AI · United States · Posted 13d ago

remoteseniorEstimated 100k-231k USD
Apply on himalayas

Available in 2 locations

Boston, MA, Flexible / Remote · remote Apply → United States · remote Apply →

About the role

Job Description Summary Keystone AI is seeking an experienced Product Security Incident Response Team Principal to lead PSIRT efforts across the business, reporting directly to the VP of Product Cybersecurity. This role manages externally identified product vulnerabilities and incidents across Keystone AI ’s business units, coordinates remediation and disclosure across multiple product lines, and runs the company’s CVE Numbering Authority (CNA) program. The PSIRT Leader ensures compliance with EU CRA and other applicable regulatory reporting obligations, partners with the CISO’s CERT and business unit security teams, and may coordinate with law enforcement and E-ISAC as circumstances require. An AI-forward approach is a core expectation. This leader will deploy AI-powered tooling to accelerate triage, automate vulnerability scoring, and scale PSIRT capacity to meet the growing volume of incidents driven by the rapid advancement of AI frontier models—including large language models and autonomous agentic systems—which are expanding the OT attack surface, accelerating exploit development, and lowering the barrier for adversaries targeting critical infrastructure. Job Description Key Responsibilities: Vulnerability Management & Coordinated Disclosure Operate the Keystone AI PSIRT, maintaining the policies, processes, and tools to triage, track, and resolve product vulnerabilities across all business units. Manage end-to-end Coordinated Vulnerability Disclosure (CVD), ensuring alignment with industry standards and mandatory EU CRA notification timelines (including ENISA/CSIRT reporting). Lead the CNA (CVE Numbering Authority) program, managing the assignment and lifecycle of CVE records to ensure timely, accurate public disclosures. Product Incident Response Lead responses to product-related cybersecurity incidents at customer sites, coordinating across engineering, legal, and customer-facing teams. Maintain and exercise incident response playbooks and communication templates to ensure rapid, consistent resolution. Deploy AI-powered tools to automate vulnerability scoring, incident triage, and situational awareness to handle high volumes of complex threats. Cross-Functional Partnership & Governance Align PSIRT operations with the CISO’s enterprise CERT function to ensure seamless incident handling and shared situational awareness. Embed PSIRT awareness across Power, Wind, and Electrification business units by establishing liaisons and defined response protocols. Define and report on PSIRT performance metrics (e.g., MTTR, disclosure compliance) for executive leadership and enterprise risk reviews. Qualifications Required 8+ years of cybersecurity experience with deep expertise in PSIRT operations, vulnerability management, or product incident response in an industrial/energy context. Proven experience leading a PSIRT function, including hands-on management of coordinated disclosure and customer-facing security incidents. Experience engaging with law enforcement, government agencies, and national authorities regarding sensitive cybersecurity incidents. Deep familiarity with CVE, CVSS, CWE, and standards like ISO/IEC 29147/30111. Bachelor’s degree in a technical discipline. Preferred Direct experience with Keystone AI products or equivalent OT/industrial energy systems. Familiarity with IEC 62443 security standards and energy-sector ISACs (e.g., E-ISAC). Experience building or scaling a PSIRT function from the ground up. Certifications such as CISSP, GCIH, GICSP, or equivalent. Advanced degree in Cybersecurity, Computer Science, or Engineering. Additional Information Keystone AI offers a great work environment, professional development, challenging careers, and competitive compensation. Keystone AI is an Equal Opportunity Employer . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. Keystone AI will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable). Relocation Assistance Provided: No - This is a remote positionApplication Deadline: July 17, 2026Bonus eligibility: discretionary annual bonus.This posting is expected to remain open for at least seven days after it was posted on June 29, 2026.Available benefits include medical, dental, vision, and prescription drug coverage; access to Health Coach from Keystone AI , a 24/7 nurse-based resource; and access to the Employee Assistance Program, providing 24/7 confidential assessment, counseling and referral services. Retirement benefits include the Keystone AI Retirement Savings Plan, a tax-advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions, as well as access to Fidelity resources and financial

Read the full posting on himalayas

FAQ

Is the Principal Product Security Incident Responder role at Keystone AI remote?+

This Principal Product Security Incident Responder position is listed as remote (United States).

What is the salary for the Principal Product Security Incident Responder role at Keystone AI?+

The listing states Estimated 100k-231k USD.

What seniority level is this Principal Product Security Incident Responder role?+

This is a senior level position.

How do I apply for the Principal Product Security Incident Responder role at Keystone AI?+

Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Keystone AI.