Sr. Director, Product Security

#
** As passionate about our people as we are about our mission.
** Q2 is a leading provider of digital banking and lending solutions to banks, credit unions, alternative finance companies, and fintechs in the U.S. and internationally. Our mission is simple: build strong and diverse communities through innovative financial technology—and we do that by empowering our people to help create success for our customers.

Being as passionate about our people as we are about our mission. We celebrate our employees in many ways, including our “Circle of Awesomeness” award ceremony and day of employee celebration among others! We invest in the growth and development of our team members through ongoing learning opportunities, mentorship programs, internal mobility, and meaningful leadership relationships. We also know that nothing builds trust and collaboration like having fun.

We hold an annual Dodgeball for Charity event at our Q2 Stadium in Austin, inviting other local companies to play, and community organizations we support to raise money and awareness together.
** The Job At-A-Glance:
** We are seeking a Senior Director of Product Security to lead and scale our product security, PSIRT, and product integrity capabilities across a modern, cloud-native, and AI-enabled technology platform. This leader will work directly with Product and Engineering leadership to embed security while ensuring our products remain resilient against real-world adversaries, abuse, and emerging AI-driven threats.

This role serves as the primary technical bridge between Security, Products and Engineering, owning secure and defense by design scanning and prioritization, vulnerability and product incident response.  The leader in this role will also partner with architecture to secure the use and development of AI and agentic AI solutions. The Senior Director Of Product Security will also act as a deputy to the CISO, providing technical depth during product incidents and serving as a potential succession our CISO.
** A Typical Day:
**** Product Security Leadership & Engineering Partnership
*** Define and translate security requirements into practical, scalable engineering or product roadmap guidance amongst our Digital Banking products and services
* Champion Embedded security-by-design into product architecture, secure coding practices, CI/CD pipelines, and cloud-native platforms
* Partner with engineering leadership to drive Dev Sec Ops  adoption and measurable security outcomes
** Product Security Incident Response & PSIRT
*** Own and mature the Product Security Incident Response Team (PSIRT) function
* Lead vulnerability intake, triage, remediation, and coordinated disclosure processes
* Working with infrastructure, evolve emergency patch/config release process
* Drive post-incident learning through root-cause analysis and systemic improvements
* Partner with Legal, Communications, and Customer teams during high-impact security events
** Product Integrity, Abuse & Threat Modeling
*** Ensure products are resilient against business logic abuse, misuse, fraud, and adversarial behavior
* Lead threat modeling for new products, features, and AI-enabled capabilities
* Collaborate with Fraud, Risk, and Trust teams to address cross-functional threats
* Champion secure architecture reviews at design and pre-launch phases
** AI & Agentic AI Security Governance
*** Partner with architecture to oversee security standards and defense response program for AI and agentic AI systems
* Ensure secure model development, deployment, and inference pipelines
* Address AI-specific risks including:  + Prompt injection and jailbreaks  + Training data poisoning and leakage  + Model extraction and inversion  + Agent autonomy, identity, and privilege boundaries
* Lead AI red-teaming and adversarial testing efforts
* Align AI security practices with emerging regulatory and risk frameworks
** Security Operations & Engineering Enablement
*** Provide oversight and technical leadership across:  + Application Security  + SOC and detection engineering  + Red, blue, and purple team programs  + Penetration testing and continuous assurance
* Ensure logging, monitoring, and telemetry are…