[Hiring] Director, Product Security @Collibra

Role Description

Joining Collibra’s Product Security team, you will lead the high-stakes mission of embedding security into the very DNA of our software development lifecycle. As the primary champion of our security guardrails, you will manage a high-performing engineering team dedicated to protecting our LLM-powered features, Kubernetes clusters, and the brand trust our customers rely on. You are the shield ensuring our platforms are Secure-by-Design and Secure-by-Default at an enterprise scale.

• Strategic Engineering Partnership: Partnering with engineering teams to embed automated security testing (SAST/DAST/SCA) into CI/CD workflows and IDEs, driving adoption through developer-friendly tooling and technical guardrails for multi-cloud and Kubernetes environments.
• AI & Supply Chain Security: Implementing NIST and OWASP AI frameworks for LLM features and managing the Software Bill of Materials (SBOM) to mitigate supply chain risks.
• Vulnerability & Threat Management: Leading the PSIRT process, managing the Bug Bounty program, and overseeing offensive security efforts like penetration testing and threat modeling.
• Compliance & Audit Readiness: Owning product security controls for FedRAMP, SOC 2, and ISO 27001, ensuring all practices are audit-ready and operationalized.
• Leadership & Enablement: Managing the product security budget, vendor relationships, and developer enablement programs to ensure security is a shared responsibility across the org.
• Give-and-Get: You mentor your team to technical excellence while holding them accountable for the security of every line of code.
• Embrace Ambiguity: You translate complex technical threats into clear business risks for executive stakeholders.
• Lead with Confidence: You represent Collibra’s security posture to the world’s most demanding enterprise customers.

Qualifications

• Technical Leadership Experience: 7 to 10 years of proven track record of managing high-performing security engineering teams in a modern SaaS or microservices environment.
• Deep SDLC Expertise: Extensive experience integrating security tooling (SAST, DAST, SCA) directly into automated developer workflows and container orchestration.
• AI/ML Security Knowledge: Hands-on experience with emerging AI security standards and securing data pipelines for LLM-powered features.
• Incident Response Mastery: Experience leading a PSIRT, managing public disclosures (CVEs/VEX), and triaging production vulnerabilities under pressure.
• Regulatory Fluency: Strong understanding of security control requirements for FedRAMP, STIG, and other major enterprise compliance frameworks.
• A bachelor’s degree or equivalent related working experience is required.
• This position is not eligible for visa sponsorship.
• Because this role supports the US government, it is required that this candidate be a US citizen who resides on US soil.

Requirements

• A Technical Diplomat: Able to explain complex security vulnerabilities to non-technical stakeholders in Legal, Sales, and Marketing without losing them.
• Risk-Oriented: Skilled at translating technical debt into business risk to help executives make informed investment decisions.
• A High-Trust Mentor: Dedicated to building a culture of technical excellence and career growth within a hybrid team environment.
• Composed Under Fire: Calm and structured when leading responses to production threats or high-stakes customer escalations.
• Architecturally Minded: Someone who looks at software through the eyes of an attacker to identify flaws before they reach production.

Measures of success

• Within your first month: You will audit our current SDLC security integrations, establish relationships with key Engineering leads, and take over the management of our existing security tooling portfolio.
• Within your third month: You will have optimized our vulnerability ingestion pipelines, refreshed the threat modeling program for our AI initiatives, and established a clear roadmap for security of AI powered development, as well as our AI native and Agentic AI empowered products.
• Within your sixth month: You will drive a measurable reduction in manual security toil through automation, successfully lead a major penetration testing cycle, and serve as the primary security signatory for all production releases.

Compensation for this role

The standard base salary range for this position is $224,000.00 - $280,000.00 per year. This position is not eligible for additional commission-based compensation. Salary offers are based on a combination of factors, including, but not limited to, experience, skills, and location.

• In addition to base salary, we offer equity ownership at every level.
• Bonus potential.
• Flex Fund monthly stipend.
• Pension/401k plans.
• And more.