Director, Product Security

You will lead the high-stakes mission of embedding security into the very DNA of our software development lifecycle. As the primary champion of our security guardrails, you will manage a high-performing engineering team dedicated to protecting our LLM-powered features, Kubernetes clusters, and the brand trust our customers rely on. You are the shield ensuring our platforms are Secure-by-Design and Secure-by-Default at an enterprise scale.

This is a hybrid role based in our Raleigh office. Our hybrid model means you'll work from the office at least two days each week. This setup helps us stay connected, work more closely together, and keep making progress as a team.

• Strategic Engineering Partnership: Partnering with engineering teams to embed automated security testing (SAST/DAST/SCA) into CI/CD workflows and IDEs, driving adoption through developer-friendly tooling and technical guardrails for multi-cloud and Kubernetes environments.
• AI & Supply Chain Security: Implementing NIST and OWASP AI frameworks for LLM features and managing the Software Bill of Materials (SBOM) to mitigate supply chain risks.
• Vulnerability & Threat Management: Leading the PSIRT process, managing the Bug Bounty program, and overseeing offensive security efforts like penetration testing and threat modeling.
• Compliance & Audit Readiness: Owning product security controls for FedRAMP, SOC 2, and ISO 27001, ensuring all practices are audit-ready and operationalized.
• Leadership & Enablement: Managing the product security budget, vendor relationships, and developer enablement programs to ensure security is a shared responsibility across the org.
• Give-and-Get: You mentor your team to technical excellence while holding them accountable for the security of every line of code.
• Embrace Ambiguity: You translate complex technical threats into clear business risks for executive stakeholders.
• Lead with Confidence: You represent Collibra's security posture to the world's most demanding enterprise customers.

• Technical Leadership Experience: 7 to 10 years of proven track record of managing high-performing security engineering teams in a modern SaaS or microservices environment.
• Deep SDLC Expertise: Extensive experience integrating security tooling (SAST, DAST, SCA) directly into automated developer workflows and container orchestration.
• AI/ML Security Knowledge: Hands-on experience with emerging AI security standards and securing data pipelines for LLM-powered features.
• Incident Response Mastery: Experience leading a PSIRT, managing public disclosures (CVEs/VEX), and triaging production vulnerabilities under pressure.
• Regulatory Fluency: Strong understanding of security control requirements for FedRAMP, STIG, and other major enterprise compliance frameworks.
• A bachelor's degree or equivalent related working experience is required.
• This position is not eligible for visa sponsorship.
• Because this role supports the US government, it is required that this candidate be a US citizen who resides on US soil.

• A Technical Diplomat: Able to explain complex security vulnerabilities to non-technical stakeholders in Legal, Sales, and Marketing without losing them.
• Risk-Oriented: Skilled at translating technical debt into business risk to help executives make informed investment decisions.
• A High-Trust Mentor: Dedicated to building a culture of technical excellence and career growth within a hybrid team environment.
• Composed Under Fire: Calm and structured when leading responses to production threats or high-stakes customer escalations.
• Architecturally Minded: Someone who looks at software through the eyes of an attacker to identify flaws before they reach production.

• Within your first month, you will audit our current SDLC security integrations, establish relationships with key Engineering leads, and take over the management of our existing security tooling portfolio.
• Within your third month, you will have optimized our vulnerability ingestion pipelines, refreshed the threat modeling program for our AI initiatives, and established a clear roadmap for security of AI powered development, as well as our AI native and Agentic AI empowered products.
• Within your sixth month, you will drive a measurable reduction in manual security toil through automation, successfully lead a major penetration testing cycle, and serve as the primary security signatory for all production releases.

The standard base salary range for this position is $204,000.00 - $255,000.00 per year. This position is not eligible for additional commission-based compensation. Salary offers are based on a combination of factors, including, but not limited to, experience, skills, and location.

In addition to base salary, we offer equity ownership at every level, bonus potential, a Flex Fund monthly stipend, pension/401k plans, and more.