Senior Product Security Engineer: AI-Powered Security Lead

Joining Collibra’s Product Security team

Collibra is seeking a Senior Product Security Engineer to join our high-impact team. You will be a key individual responsible for identifying vulnerabilities and providing expert remediation consulting for our global product development teams. This role provides critical technical leadership and oversight, ensuring Collibra continues to deliver secure, resilient products and services to our customers. You will act as an application security evangelist, partnering with engineers to accelerate secure time-to-value while leveraging cutting-edge AI and MCP to create context-aware security automation.

• Application security for products and/or features supported by your assigned development teams.
• Performing security testing and triaging findings identified by SAST, SCA, IAST, DAST, and penetration tests.
• Leverage AI and MCP to create intelligent, context-aware security guidance and automation.
• Providing remediation consulting services to assigned development teams.
• Assist with vulnerability management reporting and tracking.
• Coordinating third-party penetration testing engagements, analyzing reports, and opening tickets for remediation.
• Contribute to the configuration and management of security tools.

• 5+ years of application/product security experience.
• 2+ years of experience securing Java, Python, and/or JavaScript web applications.
• Knowledge of enterprise-level software architecture components and cloud infrastructure.
• Experience building trusted advisor relationships with engineers, product owners, and engineering management (up to director level).
• Experience with AI security tooling, context-aware automation for SSDLC.
• Understanding of AI privacy and governance in developer workflows.
• Experience using and building agentic AI systems that work collaboratively.
• Experience advocating for the remediation of application security risk and, simultaneously, the associated development/engineering team(s).
• Experience in identifying vulnerabilities in source code, providing detailed steps to reproduce exploitation, and providing recommendations to engineering teams on how to remediate issues.
• A bachelor’s degree or equivalent related working experience is required.

• Knowledgeable of CI/CD concepts and experience with integrated SAST, SCA, and DAST tooling.
• Proficient at triaging application vulnerabilities associated with source code, open-source library dependencies, and 3rd party containers.
• Able to assess and communicate the impact of Common Vulnerability Weaknesses (CVEs) on custom application software and advise on risk acceptance/deferment for false positive scenarios, severity adjustments, and acceptable reasoning for operational requirements.
• Experienced in executing as a matrixed/embedded security resource (within a development team) responsible for product, application, or feature group vulnerability assessments, ensuring they are appropriately enumerated and executed.
• Possess a working knowledge of Python, Java, and/or JavaScript software development languages.
• Experienced in Linux and containerization in a cloud environment.
• Experienced in communicating the impact of security vulnerabilities to engineering teams and product leaders.
• Experienced in using SAST, DAST, and SCA tooling.
• Experienced in being a point of contact for outside/3rd‑party security assessments (pen tests, questionnaires, etc.).
• knowledgeable of vulnerability management concepts, challenges, and reporting.
• Possess a working knowledge of the OWASP Top 10 and can explain its concepts to a diverse audience of engineers and people leaders.
• Familiarity with AI standards and regulations, EU AI Act, SAIF and ISO 42001.

• Within your first month, you will absorb fundamental knowledge about Collibra processes/tools and SDLC.
• Within your third month, you will own application security engineering tasks for one or more development teams responsible for product features.
• Within your sixth month, you will be responsible for managing triaging efforts for 3rd‑party pen testing and be able to resolve customer product security inquiries…