The intelligent heart of customer experience.
Senior Director, Product Security
Location
California + 2 moreAll locations: California | New York | Texas
Posted
2 days ago
Salary
$278K - $416K / year
Seniority
Senior
Job Description
Senior Director, Product Security
Zendesk
• Set the Product Security Vision and Operating Model • Define and drive Zendesk’s product security strategy across our products, AI capabilities, platform services, APIs, integrations, and developer ecosystem. • Build a roadmap that reduces customer-impacting risk, improves engineering velocity, and establishes clear outcomes, metrics, and accountability. • Partner with leaders across Product, Engineering, AI, Infrastructure, Privacy, Legal, and GRC to align security priorities with business strategy and customer trust. • Lead with Technical Credibility • Serve as a senior technical authority on product security for SaaS, cloud-native, and AI-enabled systems. • Engage directly in high-risk architecture reviews, threat modeling, vulnerability analysis, and incident remediation decisions, helping teams make pragmatic trade-offs across identity, authorization, API security, encryption, tenant isolation, and secure design. • Build Secure-by-Design Systems • Shift product security from reactive review to secure-by-design engineering by driving reusable patterns, paved roads, automation, platform controls, and developer self-service. • Strengthen secure SDLC practices and improve security tooling coverage across code, dependencies, APIs, infrastructure as code, and CI/CD pipelines. • Secure AI and Agentic Product Surfaces • Partner with AI and product engineering teams to identify and mitigate risks in AI agents, copilots, LLM integrations, retrieval systems, and autonomous workflows. • Define secure design principles for authorization, action scoping, auditability, human oversight, data minimization, model/provider boundaries, and abuse prevention. • Own Product Vulnerability Management and Response • Own the full lifecycle of product vulnerability management and security response, from discovery and prioritization through remediation, validation, customer-impact assessment, and durable prevention. • Leverage automation and AI-assisted analysis to identify, triage, and remediate vulnerabilities across Zendesk codebases, while partnering on bug bounty reports, customer-reported issues, external penetration testing, and product security incidents. • Build and Develop a High-Performing Team • Lead, mentor, and grow a global high-performing Product Security team, including managers and senior technical ICs, with the technical depth, strategic judgment, and cross-functional influence needed to support Zendesk at scale. • Build a rigorous, pragmatic, inclusive culture that is trusted by Engineering and helps accelerate secure product delivery. • Communicate Risk Clearly • Translate complex technical risks into clear business, customer, and engineering trade-offs. • Provide crisp metrics, trends, and recommendations to executive leadership, and support customer trust conversations, security reviews, RFPs, and enterprise escalations with credible product security expertise.
Job Requirements
- 12+ years of experience across product security, application security, software engineering, security architecture, cloud security, offensive security, or related technical security roles, including 7+ years leading high-performing security or engineering teams.
- Deep experience securing large-scale, cloud-native, enterprise, or AI-enabled products that handle sensitive customer data, operate in multi-tenant environments, and carry high customer trust expectations.
- Strong product engineering credibility, with the ability to partner effectively with Engineering and Product teams and embed security into how software is designed, built, tested, deployed, and operated.
- Hands-on technical depth across areas such as web and API security, authentication and authorization, identity systems, tenant isolation, cloud and container security, CI/CD, software supply chain security, secrets management, vulnerability management, secure SDLC, and incident response.
- Demonstrated ability to lead or meaningfully contribute to threat models, architecture reviews, vulnerability triage, exploitability analysis, secure design decisions, and product security incident reviews.
- Experience building secure-by-default patterns, developer tooling, platform controls, automation, and paved roads that scale security across engineering organizations without slowing product delivery.
- Working knowledge of AI, LLM, and agentic security risks, including prompt injection, data leakage, tool abuse, unsafe autonomous actions, model and provider trust boundaries, RAG security, and guardrail design.
- Strong executive communication skills, with the ability to translate technical risk into clear business impact, customer implications, trade-offs, and investment priorities.
- A pragmatic, product-minded approach to risk, with a track record of protecting customers while helping teams ship securely and quickly.
- Preferred qualifications: Experience securing SaaS products with marketplace apps and third-party integrations.
- Familiarity with security, compliance, and assurance frameworks such as SOC 2, ISO 27001, FedRAMP, HIPAA, PCI, NIST, OWASP ASVS/SAMM, SLSA, SSDF, or OpenSSF.
- Experience partnering with Customer Trust, Privacy, Legal, Support, and go-to-market teams on enterprise security reviews, customer escalations, and assurance activities.
- Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, Information Systems, or a related technical field, or equivalent practical experience.
- A master’s degree or other advanced technical education is a plus, but not required.
- Relevant certifications such as CISSP, CSSLP, OSCP, OSWE, GIAC GWAPT, GIAC GWEB, GIAC GCPN, CCSP, cloud security certifications, or other product, application, and cloud security certifications are helpful but not required.
- Security research, open-source security contributions, conference talks, published writing, or demonstrated community involvement are a plus.
Benefits
- Bonus
- Benefits
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
• Serve as the lead architect and subject matter expert for enterprise security strategy, design, and modernization across on-premises, managed hosting, hybrid, and cloud environments. • Define and maintain a cohesive, layered security architecture that clearly establishes trust boundaries, control placement, security responsibilities, and where prevention, detection, response, and visibility should occur throughout the environment. • Establish standardized front-door patterns for externally accessible applications and services using technologies such as F5 BIG-IP, Akamai, cloud-native web application firewalls, and other approved edge-security controls. • Develop phased migration strategies to place existing public-facing websites and applications behind approved enterprise ingress and application-security services, including workloads hosted in data centers, managed hosting environments, Microsoft Azure, and Amazon Web Services. • Identify and address direct-to-origin exposure and other paths that could allow traffic to bypass approved application delivery, certificate management, logging, or security controls. • Design secure and resilient enterprise ingress and egress architectures, including additional egress capabilities, security service chaining, load-balancer-based architectures, centralized certificate management, and highly available traffic-management patterns. • Evaluate the effectiveness of border, upstream, mid-tier, and downstream firewall controls. Identify opportunities to simplify rule sets, eliminate unnecessarily permissive access, improve early-path blocking, and reduce the operational burden placed on downstream security platforms. • Validate whether network and application-security controls are operating as intended through architecture reviews, configuration analysis, traffic-flow validation, and telemetry assessment. Collaborate with service providers and engineering teams to identify enforcement, visibility, and ownership gaps across security layers. • Establish and lead an enterprise PKI architecture, including certificate authority and trust models, certificate enrollment and issuance, key protection, revocation, lifecycle management, governance, automation, and integration with enterprise and cloud-hosted systems. • Define enterprise IAM architecture patterns addressing authentication, authorization, identity federation, privileged access, machine and workload identities, network access control, and the integration of identity context with infrastructure and application-security controls. • Provide architectural oversight and hands-on technical guidance for technologies including Cisco ASA, Cisco Identity Services Engine, Palo Alto Networks next-generation firewalls, F5 BIG-IP, IAM platforms, web application firewalls, and related enterprise security capabilities. • Define reusable security architecture patterns for Azure and AWS, including secure ingress and egress, network segmentation, cloud WAF services, identity integration, certificate management, security logging, and connectivity to enterprise security platforms. • Provide security architecture leadership for the modernization of large-scale WAN and MPLS-based network environments, including segmentation, resiliency, routing, inspection points, traffic flows, availability requirements, and future-state security objectives. • Develop an enterprise strategy for encrypted traffic inspection and TLS decryption at scale. Determine appropriate inspection locations while accounting for security value, application compatibility, privacy, performance, availability, certificate handling, and exception management. • Define and optimize the role of Gigamon and similar network-packet-brokering technologies within the enterprise visibility architecture, including traffic collection points, filtering, replication, optimization, and distribution to SIEM, NDR, threat-hunting, and analytics platforms. • Lead the development of a future-state SIEM, logging, and security-telemetry architecture. Evaluate centralized logging, security data lakes, telemetry pipelines, and platforms such as Cribl while balancing security value, signal quality, scalability, retention, cost, and operational overhead. • Incorporate infrastructure-as-code, policy-as-code, configuration management, version control, automated testing, and repeatable deployment principles into enterprise security architecture and operational patterns. • Develop current-state and target-state architecture diagrams, security reference architectures, technical standards, data-flow diagrams, decision records, implementation guidance, and phased modernization roadmaps. • Communicate complex security architecture concepts, risks, tradeoffs, and recommendations to executive leadership, engineering teams, security operations personnel, application owners, service providers, and other technical and nontechnical stakeholders.
Electrical III – Cyber Security
CannonDesignWe design solutions that help people continuously flourish. Living-Centered Design is how we do it.
• Participate in project teamwork planning sessions and may take a lead role. • May assume project engineering responsibilities and adhere to financial and work goals. • Initiate project designs and help to develop design goals and systems. Perform electrical engineering systems design for building construction. • Design lighting, power distribution, signaling, communications and/or telecommunication systems for healthcare, education/higher education and commercial clients per applicable codes. • Prepare construction documents including drawings and specifications. Guide less experienced team members in execution of drawings. Specify electrical equipment. • Complete quality control checks of engineering documents and layout systems in regard to components and parts. • Participate in value engineering sessions with Architectural/Engineering team. • Recommend improvements with reference standards and processes to improve quality, coordination, and to streamline production efforts. • Review and markup of shop drawings and submittals. Respond to RFI’s and review of change orders in the preparation of construction documents. • Conduct job site visits to verify existing conditions and observe construction progress. Attend and participate in construction meetings. Site visits frequently require a physical walk-through of site. • Familiarity with operational technology systems, cyber-informed design principles, NIST SP 800-82, or critical infrastructure security considerations preferred. • May perform other related tasks as needed.
• Assess and implement risk controls for facilities, events, and operations • Manage security projects from vision to completion • Engage and develop customer security knowledge and capabilities • Resource and manage vendor relationships • Provide direct support and leadership to ensure security at events and business functions • Translate security principles into plans, frequently assessing the effectiveness of control measures and adapting plans as needed • Maintain strong internal relationships through partnership with stakeholders in the assigned region • Implement security control measures based on principle-based thinking
Role Description At Rho Nutrition, technology is a critical enabler of our growth. As we continue to scale, we are looking for an experienced IT and Information Security leader who can build secure, reliable, and efficient technology operations while partnering closely with teams across the business. The IT & Information Security Director (or Senior Manager with Director-level potential) will lead the strategy, implementation, and day-to-day management of Rho's IT infrastructure, cybersecurity program, and end-user technology experience. This role will ensure our systems are secure, compliant, and scalable while providing exceptional support to employees in a fast-paced, remote-first environment. You'll serve as both a strategic leader and a hands-on problem solver—developing long-term technology roadmaps while also rolling up your sleeves when needed. You'll partner with leaders across Operations, Finance, People, Legal, and Product to strengthen our technology ecosystem, manage vendor relationships, and mitigate business risk. What You'll Own - Develop and execute Rho's overall IT and Information Security strategy. - Lead all corporate IT operations, including endpoint management, identity and access management, collaboration tools, and employee technology support. - Build and mature Rho's cybersecurity program, including security policies, risk management, and incident response. - Manage IT infrastructure, SaaS applications, cloud services, networking, and endpoint security. - Oversee technology vendor selection, contract management, licensing, and budgeting. - Ensure compliance with security frameworks, customer security requirements, and applicable regulatory standards. - Develop business continuity, disaster recovery, and incident response plans. - Partner with cross-functional leaders to improve operational efficiency through technology and automation. - Establish scalable IT processes and documentation that support a growing organization. - Build and mentor an internal IT function while managing external managed service providers (MSPs) and security partners as needed. Key Responsibilities - Develop and execute a multi-year IT roadmap aligned with Rho's business objectives. - Maintain reliable, secure, and scalable IT infrastructure supporting a distributed workforce. - Oversee administration of collaboration platforms, productivity tools, and enterprise SaaS applications (e.g., Google Workspace, Slack, HRIS, ERP, CRM). - Manage employee onboarding and offboarding technology processes, ensuring timely provisioning and deprovisioning of equipment and system access. - Standardize hardware lifecycle management, asset tracking, software licensing, and technology procurement. - Develop IT policies, standards, and operating procedures that support consistency and scalability. - Own Rho's overall cybersecurity strategy and continuously improve the company's security posture. - Develop and maintain security policies covering identity management, endpoint protection, password management, acceptable use, data protection, and access controls. - Implement security monitoring, vulnerability management, endpoint detection and response (EDR), multi-factor authentication (MFA), and security awareness initiatives. - Lead incident response planning, investigation, and post-incident reviews. - Conduct regular security risk assessments and recommend mitigation strategies. - Partner with Legal and Compliance teams on customer security questionnaires, audits, and security certifications. - Ensure technology controls support applicable privacy, regulatory, and contractual requirements. - Lead vendor security reviews and third-party risk assessments. - Maintain documentation supporting audits and customer due diligence requests. - Develop disaster recovery and business continuity plans and coordinate periodic testing. - Serve as a trusted technology advisor to senior leadership. - Build strong relationships across every department to understand business needs and identify opportunities for automation and process improvement. - Manage relationships with managed service providers, security vendors, hardware suppliers, and consultants. - Establish service levels and performance metrics for IT support and operational excellence. - Mentor and develop future IT team members as the function grows. Qualifications - Bachelor's degree in Information Technology, Computer Science, Cybersecurity, Information Systems, or a related field (or equivalent practical experience). - 8+ years of progressive experience in IT, infrastructure, systems administration, cybersecurity, or technology operations. - 3+ years of leadership experience managing IT teams, vendors, or managed service providers. - Experience building or scaling IT operations within a high-growth company. - Strong knowledge of cloud-based business applications, identity and access management, endpoint management, networking, and enterprise collaboration platforms. - Experience implementing cybersecurity best practices, including MFA, endpoint security, vulnerability management, and incident response. - Experience managing technology vendors, software licensing, procurement, and IT budgets. - Strong understanding of security frameworks such as SOC 2, NIST Cybersecurity Framework, ISO 27001, CIS Controls, or similar standards. - Excellent project management, communication, and stakeholder management skills. - Ability to balance strategic planning with hands-on execution in a fast-paced environment. Additional Preferred Qualifications - Experience supporting a remote or hybrid workforce. - Experience in consumer packaged goods (CPG), health and wellness, nutraceutical, dietary supplement, manufacturing, or e-commerce industries. - Experience supporting ERP, warehouse management, CRM, HRIS, and supply chain technologies. - Familiarity with compliance requirements related to FDA-regulated businesses or consumer products. - Experience leading SOC 2, ISO 27001, or similar security certification efforts. - Professional certifications such as CISSP, CISM, Security+, CCSP, PMP, ITIL, or equivalent. - Experience implementing automation and AI-enabled solutions that improve operational efficiency. - Demonstrated success building IT organizations from the ground up. What Does Success Look Like in This Role - Developed a clear IT and information security roadmap aligned with Rho's strategic priorities. - Strengthened Rho's cybersecurity posture by implementing scalable security controls and reducing organizational risk. - Established reliable IT support processes that deliver a consistently excellent employee experience. - Improved identity and access management through standardized onboarding, offboarding, and role-based access controls. - Built strong partnerships across departments and become a trusted advisor on technology decisions. - Increased operational efficiency through thoughtful technology improvements and automation. - Developed disaster recovery, incident response, and business continuity plans that are regularly tested and maintained. - Improved visibility into technology assets, licensing, vendor performance, and IT spending. - Successfully managed external vendors while establishing the foundation for a scalable internal IT organization. - Created an IT environment that is secure, reliable, scalable, and capable of supporting Rho's continued growth. Why Join Rho Nutrition At Rho Nutrition, you’ll be part of a team that is passionate about helping people live healthier, stronger lives through evidence-based nutrition. We believe great work happens when talented people are empowered to innovate, collaborate, and grow. Joining Rho means contributing to a mission-driven company that values integrity, curiosity, and continuous improvement—while giving you the opportunity to make a real impact on the health and performance of the communities we serve. If you’re motivated by purpose and excited to work alongside people who care deeply about results and relationships, Rho Nutrition is a place where your work truly matters.



