Director, Product Security

Joining Collibra’s Product Security team 

You will lead the high-stakes mission of embedding security into the very DNA of our software development lifecycle. As the primary champion of our security guardrails, you will manage a high-performing engineering team dedicated to protecting our LLM-powered features, Kubernetes clusters, and the brand trust our customers rely on. You are the shield ensuring our platforms are Secure-by-Design and Secure-by-Default at an enterprise scale.

The Director, Product Security at Collibra is responsible for

• Strategic Engineering Partnership: Partnering with engineering teams to embed automated security testing (SAST/DAST/SCA) into CI/CD workflows and IDEs, driving adoption through developer-friendly tooling and technical guardrails for multi-cloud and Kubernetes environments.


• AI & Supply Chain Security: Implementing NIST and OWASP AI frameworks for LLM features and managing the Software Bill of Materials (SBOM) to mitigate supply chain risks.


• Vulnerability & Threat Management: Leading the PSIRT process, managing the Bug Bounty program, and overseeing offensive security efforts like penetration testing and threat modeling.


• Compliance & Audit Readiness: Owning product security controls for FedRAMP, SOC 2, and ISO 27001, ensuring all practices are audit-ready and operationalized.


• Leadership & Enablement: Managing the product security budget, vendor relationships, and developer enablement programs to ensure security is a shared responsibility across the org.


• Give-and-Get: You mentor your team to technical excellence while holding them accountable for the security of every line of code.


• Embrace Ambiguity: You translate complex technical threats into clear business risks for executive stakeholders.


• Lead with Confidence: You represent Collibra’s security posture to the world’s most demanding enterprise customers.

You have

• Technical Leadership Experience: 7 to 10 years of proven track record of managing high-performing security engineering teams in a modern SaaS or microservices environment.


• Deep SDLC Expertise: Extensive experience integrating security tooling (SAST, DAST, SCA) directly into automated developer workflows and container orchestration.


• AI/ML Security Knowledge: Hands-on experience with emerging AI security standards and securing data pipelines for LLM-powered features.


• Incident Response Mastery: Experience leading a PSIRT, managing public disclosures (CVEs/VEX), and triaging production vulnerabilities under pressure.


• Regulatory Fluency: Strong understanding of security control requirements for FedRAMP, STIG, and other major enterprise compliance frameworks.


• A bachelor’s degree or equivalent related working experience is required.


• This position is not eligible for visa sponsorship.


• Because this role supports the US government, it is required that this candidate be a US citizen who resides on US soil.

You are

• A Technical Diplomat: Able to explain complex security vulnerabilities to non-technical stakeholders in Legal, Sales, and Marketing without losing them.


• Risk-Oriented: Skilled at translating technical debt into business risk to help executives make informed investment decisions.


• A High-Trust Mentor: Dedicated to building a culture of technical excellence and career growth within a hybrid team environment.


• Composed Under Fire: Calm and structured when leading responses to production threats or high-stakes customer escalations.


• Architecturally Minded: Someone who looks at software through the eyes of an attacker to identify flaws before they reach production.

Measures of success

• Within your first month, you will audit our current SDLC security integrations, establish relationships with key Engineering leads, and take over the management of our existing security tooling portfolio.


• Within your third month, you will have optimized our vulnerability ingestion pipelines, refreshed the threat modeling program for our AI initiatives, and established a clear roadmap for security of AI powered development, as well as our AI native and Agentic AI empowered products.


• Within your sixth month, you will drive a measurable reduction in manual security toil through automation, successfully lead a major penetration testing cycle, and serve as the primary security signatory for all production releases.

Compensation for this role

The standard base salary range for this position is $224,000.00 - $280,000.00 per year. This position is not eligible for additional commission-based compensation. Salary offers are based on a combination of factors, including, but not limited to, experience, skills, and location.

In addition to base salary, we offer equity ownership at every level, bonus potential, a Flex Fund monthly stipend, pension/401k plans, and more.