Job DescriptionAbout the role- We are looking for a Senior Director of Product Security to define and lead the next chapter of product security at Zendesk. This is a senior leadership role for someone who can set a compelling long-term vision, build and scale strong teams, influence product and engineering strategy, and still go deep technically when the situation requires it.
- You should be comfortable moving from executive-level risk and product strategy to detailed technical discussions about authorization models, API security, AI agent threat models, secure SDLC controls, vulnerability management, and incident root cause analysis. You will help make security a native property of Zendesk's products rather than a late-stage review or compliance checkpoint.
What you'll do- Set the Product Security Vision and Operating Model
Define and drive Zendesk's product security strategy across our products, AI capabilities, platform services, APIs, integrations, and developer ecosystem. Build a roadmap that reduces customer-impacting risk, improves engineering velocity, and establishes clear outcomes, metrics, and accountability. Partner with leaders across Product, Engineering, AI, Infrastructure, Privacy, Legal, and GRC to align security priorities with business strategy and customer trust. - Lead with Technical Credibility
Serve as a senior technical authority on product security for SaaS, cloud-native, and AI-enabled systems. Engage directly in high-risk architecture reviews, threat modeling, vulnerability analysis, and incident remediation decisions, helping teams make pragmatic trade-offs across identity, authorization, API security, encryption, tenant isolation, and secure design. - Build Secure-by-Design Systems
Shift product security from reactive review to secure-by-design engineering by driving reusable patterns, paved roads, automation, platform controls, and developer self-service. Strengthen secure SDLC practices and improve security tooling coverage across code, dependencies, APIs, infrastructure as code, and CI/CD pipelines. - Secure AI and Agentic Product Surfaces
Partner with AI and product engineering teams to identify and mitigate risks in AI agents, copilots, LLM integrations, retrieval systems, and autonomous workflows. Define secure design principles for authorization, action scoping, auditability, human oversight, data minimization, model/provider boundaries, and abuse prevention. - Own Product Vulnerability Management and Response
Own the full lifecycle of product vulnerability management and security response, from discovery and prioritization through remediation, validation, customer-impact assessment, and durable prevention. Leverage automation and AI-assisted analysis to identify, triage, and remediate vulnerabilities across Zendesk codebases, while partnering on bug bounty reports, customer-reported issues, external penetration testing, and product security incidents. - Build and Develop a High-Performing Team
Lead, mentor, and grow a global high-performing Product Security team, including managers and senior technical ICs, with the technical depth, strategic judgment, and cross-functional influence needed to support Zendesk at scale. Build a rigorous, pragmatic, inclusive culture that is trusted by Engineering and helps accelerate secure product delivery. - Communicate Risk Clearly
Translate complex technical risks into clear business, customer, and engineering trade-offs. Provide crisp metrics, trends, and recommendations to executive leadership, and support customer trust conversations, security reviews, RFPs, and enterprise escalations with credible product security expertise.
What you bring to the role- 12+ years of experience across product security, application security, software engineering, security architecture, cloud security, offensive security, or related technical security roles, including 7+ years leading high-performing security or engineering teams.
- Deep experience securing large-scale, cloud-native, enterprise, or AI-enabled products that handle sensitive customer data, operate in multi-tenant environments, and carry high customer trust expectations.
- Strong product engineering credibility, with the ability to partner effectively with Engineering and Product teams and embed security into how software is designed, built, tested, deployed, and operated.
- Hands-on technical depth across areas such as web and API security, authentication and authorization, identity systems, tenant isolation, cloud and container security, CI/CD, software supply chain security, secrets management, vulnerability management, secure SDLC, and incident response.
- Demonstrated ability to lead or meaningfully contribute to threat models, architecture reviews, vulnerability triage, exploitability analysis, secure design decisions, and product security incident reviews.
- Experience building secure-by-default patterns, developer tooling, platform controls, automation, and paved roads that scale security across engineering organizations without slowing product delivery.
- Working knowledge of AI, LLM, and agentic security risks, including prompt injection, data leakage, tool abuse, unsafe autonomous actions, model and provider trust boundaries, RAG security, and guardrail design.
- Strong executive communication skills, with the ability to translate technical risk into clear business impact, customer implications, trade-offs, and investment priorities.
- A pragmatic, product-minded approach to risk, with a track record of protecting customers while helping teams ship securely and quickly.
Preferred qualifications- Experience securing SaaS products with marketplace apps and third-party integrations
- Familiarity with security, compliance, and assurance frameworks such as SOC 2, ISO 27001, FedRAMP, HIPAA, PCI, NIST, OWASP ASVS/SAMM, SLSA, SSDF, or OpenSSF.
- Experience partnering with Customer Trust, Privacy, Legal, Support, and go-to-market teams on enterprise security reviews, customer escalations, and assurance activities.
- Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, Information Systems, or a related technical field, or equivalent practical experience. A master's degree or other advanced technical education is a plus, but not required.
- Relevant certifications such as CISSP, CSSLP, OSCP, OSWE, GIAC GWAPT, GIAC GWEB, GIAC GCPN, CCSP, cloud security certifications, or other product, application, and cloud security certifications are helpful but not required.
- Security research, open-source security contributions, conference talks, published writing, or demonstrated community involvement are a plus.
The US annualized base salary range for this position is $278,000.00-$416,000.00. This position may also be eligible for bonus, benefits, or related incentives. While this range reflects the minimum and maximum value for new hire salaries for the position across all US locations, the offer for the successful candidate for this position will be based on job related capabilities, applicable experience, and other factors such as work location. Please note that the compensation details listed in US role postings reflect the base salary only (or OTE for commissions based roles), and do not include bonus, benefits, or related incentives.
