Director, Product Security

at Collibra

📍 Raleigh, United States

USD 204,000-255,000 per year

SENIOR

✅ Hybrid

Used Tools & Technologies

Machine Learning

Required Skills & Competences
Tag name is followed by "@" symbol and proficiency level value. About proficiency levels:

1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;

3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;

7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;

10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.

Security @ 4 Software Development @ 4 Kubernetes @ 4 CI/CD @ 4 Microservices @ 8 OWASP @ 4 LLM @ 4 Audit @ 4 Compliance @ 7 AI @ 4 Data Pipelines @ 4

Details

You will lead the high-stakes mission of embedding security into the software development lifecycle, managing a high-performing engineering team dedicated to protecting LLM-powered features, Kubernetes clusters, and enterprise-scale platforms. This is a hybrid role based in the Raleigh office (office attendance at least two days per week).

Responsibilities

Partner with engineering teams to embed automated security testing (SAST/DAST/SCA) into CI/CD workflows and IDEs.
Drive adoption of developer-friendly tooling and technical guardrails for multi-cloud and Kubernetes environments.
Implement AI and supply chain security controls, including NIST and OWASP AI frameworks and managing the Software Bill of Materials (SBOM).
Lead vulnerability and threat management: run PSIRT processes, manage the Bug Bounty program, and oversee offensive security (penetration testing, threat modeling).
Own product security controls and audit readiness for FedRAMP, SOC 2, and ISO 27001.
Manage product security budget, vendor relationships, and developer enablement programs.
Mentor and hold the team accountable for secure engineering practices; translate technical threats into business risks for executives; represent Collibra’s security posture to enterprise customers.

Requirements

7 to 10 years of proven experience managing high-performing security engineering teams in a modern SaaS or microservices environment.
Extensive experience integrating security tooling (SAST, DAST, SCA) into automated developer workflows and container orchestration.
Hands-on experience with AI/ML security standards and securing data pipelines for LLM-powered features.
Experience leading a PSIRT, managing public disclosures (CVEs/VEX), and triaging production vulnerabilities.
Strong understanding of security control requirements for FedRAMP, STIG, SOC 2, ISO 27001, and other enterprise compliance frameworks.
Bachelor’s degree or equivalent experience is required.
This position is not eligible for visa sponsorship. Because this role supports the US government, the candidate must be a US citizen residing on US soil.

Measures of success

Within first month: audit SDLC security integrations, establish relationships with engineering leads, and take over security tooling portfolio.
Within third month: optimize vulnerability ingestion pipelines, refresh threat modeling for AI initiatives, and establish roadmap for AI security.
Within sixth month: reduce manual security toil via automation, lead a major penetration testing cycle, and serve as primary security signatory for production releases.

Compensation

Base salary range: $204,000 - $255,000 per year.
Eligible for equity ownership, bonus potential, a Flex Fund monthly stipend, pension/401(k) plans, and other benefits.

Benefits

Competitive compensation, health coverage, time off, flexible offerings, and employee support programs. Information and details available via Collibra’s careers pages linked in the posting.