[Remote] Senior Product Security Engineer
Note: The job is a remote job and is open to candidates in USA. Collibra is seeking a Senior Product Security Engineer to join their high-impact Product Security team. The role involves identifying vulnerabilities and providing expert remediation consulting for global product development teams, ensuring the delivery of secure products and services.ResponsibilitiesApplication security for products and/or features supported by your assigned development teamsPerforming security testing and triaging findings identified by SAST, SCA, IAST, DAST, and penetration testsLeverage AI and MCP to create intelligent, context-aware security guidance and automationProviding remediation consulting services to assigned development teamsAssist with vulnerability management reporting and trackingCoordinating third-party penetration testing engagements, analyzing reports, and opening tickets for remediationContribute to the configuration and management of security toolsSkills5+ years of application/product security experience2+ years of experience securing Java, Python, and/or JavaScript web applicationsKnowledge of enterprise-level software architecture components and cloud infrastructureExperience building trusted advisor relationships with engineers, product owners, and engineering management (up to director level)Experience with AI security tooling, context-aware automation for SSDLCUnderstanding of AI privacy and governance in developer workflowsExperience using and building agentic AI systems that work collaborativelyExperience advocating for the remediation of application security risk and, simultaneously, the associated development/engineering team(s)Experience in identifying vulnerabilities in source code, providing detailed steps to reproduce exploitation, and providing recommendations to engineering teams on how to remediate issuesA bachelor's degree or equivalent related working experience is requiredThis position is not eligible for visa sponsorshipBecause this role supports the US government, it is required that this candidate be a US citizen who resides on US soilKnowledgeable of CI/CD concepts and experience with integrated SAST, SCA, and DAST toolingProficient at triaging application vulnerabilities associated with source code, open-source library dependencies, and 3rd party containersAble to assess and communicate the impact of Common Vulnerability Weaknesses (CVEs) on custom application software and advise on risk acceptance/deferment for false positive scenarios, severity adjustments, and acceptable reasoning for operational requirementsExperienced in executing as a matrixed/embedded security resource (within a development team) responsible for product, application, or feature group vulnerability assessments, ensuring they are appropriately enumerated and executedPossess a working knowledge of Python, Java, and/or JavaScript software development languagesExperienced in Linux and containerization in a cloud environmentExperienced in communicating the impact of security vulnerabilities to engineering teams and product leadersExperienced in using SAST, DAST, and SCA toolingExperienced in being a point of contact for outside/3rd party security assessments (pen tests, questionnaires, etc.)Knowledgeable of vulnerability management concepts, challenges, and reportingPossess a working knowledge of the OWASP Top 10 and can explain its concepts to a diverse audience of engineers and people leadersFamiliarity with AI standards and regulations, EU AI Act, SAIF and ISO 42001BenefitsBonus potentialEquity for eligible rolesA Flex Fund monthly stipendPension/401k plansCompetitive total rewards packageCompany OverviewCollibra delivers an end-to-end Data Intelligence platform to accelerate digital business transformation. It was founded in 2008, and is headquartered in Brussels, Brussels Hoofdstedelijk Gewest, BEL, with a workforce of 1001-5000 employees. Its website is https://www.collibra.com/us/en/.