Z

Senior Director, Product Security

Zendesk, Inc.
1 day ago
Full-time
Remote friendly (US - California - Fully Flexible United States of America)
Worldwide

Job Description

About the role

  • Zendesk is building the future of AI-powered customer and employee service. Our products help organizations resolve customer issues across channels, automate complex workflows, and protect sensitive customer and end-user data at global scale. Security is foundational to that trust.
  • We are looking for a Senior Director of Product Security to define and lead the next chapter of product security at Zendesk. This is a senior leadership role for someone who can set a compelling long-term vision, build and scale strong teams, influence product and engineering strategy, and still go deep technically when the situation requires it.
  • You should be comfortable moving from executive-level risk and product strategy to detailed technical discussions about authorization models, API security, AI agent threat models, secure SDLC controls, vulnerability management, and incident root cause analysis. You will help make security a native property of Zendesk’s products rather than a late-stage review or compliance checkpoint.

What you’ll do

  • Set the Product Security Vision and Operating Model
    Define and drive Zendesk’s product security strategy across our products, AI capabilities, platform services, APIs, integrations, and developer ecosystem. Build a roadmap that reduces customer-impacting risk, improves engineering velocity, and establishes clear outcomes, metrics, and accountability. Partner with leaders across Product, Engineering, AI, Infrastructure, Privacy, Legal, and GRC to align security priorities with business strategy and customer trust.
  • Lead with Technical Credibility
    Serve as a senior technical authority on product security for SaaS, cloud-native, and AI-enabled systems. Engage directly in high-risk architecture reviews, threat modeling, vulnerability analysis, and incident remediation decisions, helping teams make pragmatic trade-offs across identity, authorization, API security, encryption, tenant isolation, and secure design.
  • Build Secure-by-Design Systems
    Shift product security from reactive review to secure-by-design engineering by driving reusable patterns, paved roads, automation, platform controls, and developer self-service. Strengthen secure SDLC practices and improve security tooling coverage across code, dependencies, APIs, infrastructure as code, and CI/CD pipelines.
  • Secure AI and Agentic Product Surfaces
    Partner with AI and product engineering teams to identify and mitigate risks in AI agents, copilots, LLM integrations, retrieval systems, and autonomous workflows. Define secure design principles for authorization, action scoping, auditability, human oversight, data minimization, model/provider boundaries, and abuse prevention.
  • Own Product Vulnerability Management and Response
    Own the full lifecycle of product vulnerability management and security response, from discovery and prioritization through remediation, validation, customer-impact assessment, and durable prevention. Leverage automation and AI-assisted analysis to identify, triage, and remediate vulnerabilities across Zendesk codebases, while partnering on bug bounty reports, customer-reported issues, external penetration testing, and product security incidents.
  • Build and Develop a High-Performing Team
    Lead, mentor, and grow a global high-performing Product Security team, including managers and senior technical ICs, with the technical depth, strategic judgment, and cross-functional influence needed to support Zendesk at scale. Build a rigorous, pragmatic, inclusive culture that is trusted by Engineering and helps accelerate secure product delivery.
  • Communicate Risk Clearly
    Translate complex technical risks into clear business, customer, and engineering trade-offs. Provide crisp metrics, trends, and recommendations to executive leadership, and support customer trust conversations, security reviews, RFPs, and enterprise escalations with credible product security expertise.

What you bring to the role

  • 12+ years of experience across product security, application security, software engineering, security architecture, cloud security, offensive security, or related technical security roles, including 7+ years leading high-performing security or engineering teams.
  • Deep experience securing large-scale, cloud-native, enterprise, or AI-enabled products that handle sensitive customer data, operate in multi-tenant environments, and carry high customer trust expectations.
  • Strong product engineering credibility, with the ability to partner effectively with Engineering and Product teams and embed security into how software is designed, built, tested, deployed, and operated.
  • Hands-on technical depth across areas such as web and API security, authentication and authorization, identity systems, tenant isolation, cloud and container security, CI/CD, software supply chain security, secrets management, vulnerability management, secure SDLC, and incident response.
  • Demonstrated ability to lead or meaningfully contribute to threat models, architecture reviews, vulnerability triage, exploitability analysis, secure design decisions, and product security incident reviews.
  • Experience building secure-by-default patterns, developer tooling, platform controls, automation, and paved roads that scale security across engineering organizations without slowing product delivery.
  • Working knowledge of AI, LLM, and agentic security risks, including prompt injection, data leakage, tool abuse, unsafe autonomous actions, model and provider trust boundaries, RAG security, and guardrail design.
  • Strong executive communication skills, with the ability to translate technical risk into clear business impact, customer implications, trade-offs, and investment priorities.
  • A pragmatic, product-minded approach to risk, with a track record of protecting customers while helping teams ship securely and quickly.

Preferred qualifications

  • Experience securing SaaS products with marketplace apps and third-party integrations
  • Familiarity with security, compliance, and assurance frameworks such as SOC 2, ISO 27001, FedRAMP, HIPAA, PCI, NIST, OWASP ASVS/SAMM, SLSA, SSDF, or OpenSSF.
  • Experience partnering with Customer Trust, Privacy, Legal, Support, and go-to-market teams on enterprise security reviews, customer escalations, and assurance activities.
  • Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, Information Systems, or a related technical field, or equivalent practical experience. A master’s degree or other advanced technical education is a plus, but not required.
  • Relevant certifications such as CISSP, CSSLP, OSCP, OSWE, GIAC GWAPT, GIAC GWEB, GIAC GCPN, CCSP, cloud security certifications, or other product, application, and cloud security certifications are helpful but not required.
  • Security research, open-source security contributions, conference talks, published writing, or demonstrated community involvement are a plus.

The US annualized base salary range for this position is $278,000.00-$416,000.00. This position may also be eligible for bonus, benefits, or related incentives. While this range reflects the minimum and maximum value for new hire salaries for the position across all US locations, the offer for the successful candidate for this position will be based on job related capabilities, applicable experience, and other factors such as work location. Please note that the compensation details listed in US role postings reflect the base salary only (or OTE for commissions based roles), and do not include bonus, benefits, or related incentives.

The intelligent heart of customer experience

Zendesk software was built to bring a sense of calm to the chaotic world of customer service. Today we power billions of conversations with brands you know and love.

Zendesk believes in offering our people a fulfilling and inclusive experience. Our hybrid way of working, enables us to purposefully come together in person, at one of our many Zendesk offices around the world, to connect, collaborate and learn whilst also giving our people the flexibility to work remotely for part of the week.

As part of our commitment to fairness and transparency, we inform all applicants that artificial intelligence (AI) or automated decision systems may be used to screen or evaluate applications for this position, in accordance with Company guidelines and applicable law.

Zendesk is an equal opportunity employer, and we’re proud of our ongoing efforts to foster global diversity, equity, & inclusion in the workplace. Individuals seeking employment and employees at Zendesk are considered without regard to race, color, religion, national origin, age, sex, gender, gender identity, gender expression, sexual orientation, marital status, medical condition, ancestry, disability, military or veteran status, or any other characteristic protected by applicable law. We are an AA/EEO/Veterans/Disabled employer. If you are based in the United States and would like more information about your EEO rights under the law, please click here.

Zendesk endeavors to make reasonable accommodations for applicants with disabilities and disabled veterans pursuant to applicable federal and state law. If you are an individual with a disability and require a reasonable accommodation to submit this application, complete any pre-employment testing, or otherwise participate in the employee selection process, please send an e-mail to peopleandplaces@zendesk.com with your specific accommodation request.