Senior Product Security Engineer

Collibra•Raleigh, NC

4d•Hybrid

About The Position

Collibra is seeking a Senior Product Security Engineer to join their high-impact team. The role involves identifying vulnerabilities and providing expert remediation consulting for global product development teams. This position offers critical technical leadership and oversight to ensure Collibra delivers secure and resilient products and services. The engineer will act as an application security evangelist, partnering with engineers to accelerate secure time-to-value and leverage AI and MCP for security automation. This is a hybrid role based in the Raleigh office, requiring at least two days per week in the office.

Requirements

5+ years of application/product security experience.
2+ years of experience securing Java, Python, and/or JavaScript web applications.
Knowledge of enterprise-level software architecture components and cloud infrastructure.
Experience building trusted advisor relationships with engineers, product owners, and engineering management (up to director level).
Experience with AI security tooling, context-aware automation for SSDLC.
Understanding of AI privacy and governance in developer workflows.
Experience using and building agentic AI systems that work collaboratively.
Experience advocating for the remediation of application security risk and, simultaneously, the associated development/engineering team(s).
Experience in identifying vulnerabilities in source code, providing detailed steps to reproduce exploitation, and providing recommendations to engineering teams on how to remediate issues.
A bachelor’s degree or equivalent related working experience is required.
Must be a US citizen residing on US soil.
Knowledgeable of CI/CD concepts and experience with integrated SAST, SCA, and DAST tooling.
Proficient at triaging application vulnerabilities associated with source code, open-source library dependencies, and 3rd party containers.
Able to assess and communicate the impact of Common Vulnerability Weaknesses (CVEs) on custom application software and advise on risk acceptance/deferment for false positive scenarios, severity adjustments, and acceptable reasoning for operational requirements.
Experienced in executing as a matrixed/embedded security resource (within a development team) responsible for product, application, or feature group vulnerability assessments, ensuring they are appropriately enumerated and executed.
Possess a working knowledge of Python, Java, and/or JavaScript software development languages.
Experienced in Linux and containerization in a cloud environment.
Experienced in communicating the impact of security vulnerabilities to engineering teams and product leaders.
Experienced in using SAST, DAST, and SCA tooling.
Experienced in being a point of contact for outside/3rd party security assessments (pen tests, questionnaires, etc.).
Knowledgeable of vulnerability management concepts, challenges, and reporting.
Possess a working knowledge of the OWASP Top 10 and can explain its concepts to a diverse audience of engineers and people leaders.
Familiarity with AI standards and regulations, EU AI Act, SAIF and ISO 42001.

Responsibilities

Application security for products and/or features supported by assigned development teams.
Performing security testing and triaging findings identified by SAST, SCA, IAST, DAST, and penetration tests.
Leveraging AI and MCP to create intelligent, context-aware security guidance and automation.
Providing remediation consulting services to assigned development teams.
Assisting with vulnerability management reporting and tracking.
Coordinating third-party penetration testing engagements, analyzing reports, and opening tickets for remediation.
Contributing to the configuration and management of security tools.