Director, Product Security

About The Position

Requirements

• 7 to 10 years of proven track record of managing high-performing security engineering teams in a modern SaaS or microservices environment.
• Extensive experience integrating security tooling (SAST, DAST, SCA) directly into automated developer workflows and container orchestration.
• Hands-on experience with emerging AI security standards and securing data pipelines for LLM-powered features.
• Experience leading a PSIRT, managing public disclosures (CVEs/VEX), and triaging production vulnerabilities under pressure.
• Strong understanding of security control requirements for FedRAMP, STIG, and other major enterprise compliance frameworks.
• A bachelor’s degree or equivalent related working experience is required.
• US citizen who resides on US soil.

Nice To Haves

• Able to explain complex security vulnerabilities to non-technical stakeholders in Legal, Sales, and Marketing without losing them.
• Skilled at translating technical debt into business risk to help executives make informed investment decisions.
• Dedicated to building a culture of technical excellence and career growth within a hybrid team environment.
• Calm and structured when leading responses to production threats or high-stakes customer escalations.
• Someone who looks at software through the eyes of an attacker to identify flaws before they reach production.

Responsibilities

• Partnering with engineering teams to embed automated security testing (SAST/DAST/SCA) into CI/CD workflows and IDEs, driving adoption through developer-friendly tooling and technical guardrails for multi-cloud and Kubernetes environments.
• Implementing NIST and OWASP AI frameworks for LLM features and managing the Software Bill of Materials (SBOM) to mitigate supply chain risks.
• Leading the PSIRT process, managing the Bug Bounty program, and overseeing offensive security efforts like penetration testing and threat modeling.
• Owning product security controls for FedRAMP, SOC 2, and ISO 27001, ensuring all practices are audit-ready and operationalized.
• Managing the product security budget, vendor relationships, and developer enablement programs to ensure security is a shared responsibility across the org.
• Mentoring your team to technical excellence while holding them accountable for the security of every line of code.
• Translating complex technical threats into clear business risks for executive stakeholders.
• Representing Collibra’s security posture to the world’s most demanding enterprise customers.

Benefits

• equity ownership at every level
• bonus potential
• a Flex Fund monthly stipend
• pension/401k plans
• competitive compensation
• health coverage
• time off