Used Tools & Technologies
Machine LearningRequired Skills & Competences
Tag name is followed by "@" symbol and proficiency level value.
About proficiency levels:
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Marketing @ 4
Security @ 4
Software Development @ 4
Kubernetes @ 4
CI/CD @ 4
Leadership @ 4
Microservices @ 8
Technical Leadership @ 8
OWASP @ 4
LLM @ 4
Audit @ 4
Compliance @ 4
AI @ 4
Data Pipelines @ 4
- 1-2 — basic awareness. Minimal hands-on experience, and a rudimentary understanding of the technology's purpose;
- 3-6 — daily use. Comfortable and regular usage, capable of handling common tasks and challenges related to the technology;
- 7-9 — you are an expert, you can teach others, you know all the pitfalls and tricks;
- 10 — exceptional knowledge, comprehensive understanding, and adeptness in all aspects of the technology, including advanced problem-solving. Think twice before claiming or demanding such level.
Details
Joining Collibra’s Product Security team
You will lead the high-stakes mission of embedding security into the very DNA of our software development lifecycle. As the primary champion of our security guardrails, you will manage a high-performing engineering team dedicated to protecting our LLM-powered features, Kubernetes clusters, and the brand trust our customers rely on. You are the shield ensuring our platforms are Secure-by-Design and Secure-by-Default at an enterprise scale.
Responsibilities
- Strategic Engineering Partnership: Partner with engineering teams to embed automated security testing (SAST/DAST/SCA) into CI/CD workflows and IDEs, driving adoption through developer-friendly tooling and technical guardrails for multi-cloud and Kubernetes environments.
- AI & Supply Chain Security: Implement NIST and OWASP AI frameworks for LLM features and manage the Software Bill of Materials (SBOM) to mitigate supply chain risks.
- Vulnerability & Threat Management: Lead the PSIRT process, manage the Bug Bounty program, and oversee offensive security efforts such as penetration testing and threat modeling.
- Compliance & Audit Readiness: Own product security controls for FedRAMP, SOC 2, and ISO 27001, ensuring practices are audit-ready and operationalized.
- Leadership & Enablement: Manage the product security budget, vendor relationships, and developer enablement programs to ensure security is a shared responsibility across the organization.
- Mentorship & Accountability: Mentor and hold the team accountable for the security of every line of code; translate complex technical threats into clear business risks for executive stakeholders; represent Collibra’s security posture to enterprise customers.
Requirements
- Technical Leadership Experience: 7 to 10 years of proven track record managing high-performing security engineering teams in a modern SaaS or microservices environment.
- Deep SDLC Expertise: Extensive experience integrating security tooling (SAST, DAST, SCA) directly into automated developer workflows and container orchestration.
- AI/ML Security Knowledge: Hands-on experience with emerging AI security standards and securing data pipelines for LLM-powered features.
- Incident Response Mastery: Experience leading a PSIRT, managing public disclosures (CVEs/VEX), and triaging production vulnerabilities under pressure.
- Regulatory Fluency: Strong understanding of security control requirements for FedRAMP, STIG, and other major enterprise compliance frameworks.
- Education: A bachelor’s degree or equivalent related working experience is required.
- Eligibility: This position is not eligible for visa sponsorship. Because this role supports the US government, it is required that the candidate be a US citizen who resides on US soil.
You Are
- A Technical Diplomat: Able to explain complex security vulnerabilities to non-technical stakeholders in Legal, Sales, and Marketing.
- Risk-Oriented: Skilled at translating technical debt into business risk for executive decision-making.
- A High-Trust Mentor: Dedicated to building technical excellence and career growth within a hybrid team environment.
- Composed Under Fire: Calm and structured when leading responses to production threats or high-stakes customer escalations.
- Architecturally Minded: Able to view software through the eyes of an attacker to identify flaws before they reach production.
Measures of success
- Within your first month: Audit current SDLC security integrations, establish relationships with key Engineering leads, and take over management of the existing security tooling portfolio.
- Within your third month: Optimize vulnerability ingestion pipelines, refresh threat modeling for AI initiatives, and establish a roadmap for security of AI-powered development and AI-native products.
- Within your sixth month: Drive measurable reduction in manual security toil through automation, lead a major penetration testing cycle, and serve as the primary security signatory for all production releases.
Compensation
The standard base salary range for this position is $224,000.00 - $280,000.00 per year. This position is not eligible for additional commission-based compensation. Salary offers are based on a combination of factors, including, but not limited to, experience, skills, and location.
In addition to base salary, Collibra offers equity ownership, bonus potential, a Flex Fund monthly stipend, pension/401(k) plans, and more.
Benefits
Collibra provides flexible benefits designed to support employees and their families, including competitive compensation, health coverage, time off, and programs for inclusion, diversity, equity, and accommodation for applicants with needs.