Skip to content
ZapierZapierSan Francisco, CA

Sr. Director, Security

Lead Zapier's Security organization as the most senior security executive. Set strategy across AppSec, InfraSec, Detection & Response, and GRC while partnering with Product, Engineering, and GTM to make security a competitive advantage for an AI-native SaaS platform.

308k – 463k/yr
Remote8+ YOESecurity Engineering

About the role

Responsibilities

  • Set and deliver the security strategy for an AI-native SaaS platform
  • Lead teams across Application Security (Product Security), Infrastructure Security, Detection & Response, and GRC
  • Partner with executives, Enterprise Governance, GTM, Product, Engineering, Legal, and Risk to make security a competitive advantage
  • Shape product security posture for enterprise customers and AI features
  • Drive change management across the company: policies, golden paths, technical enforcement, procurement, and AI usage
  • Partner with Enterprise Governance, Product, and GTM to design enterprise-grade security and trust controls
  • Run a real risk program: identify, quantify, prioritize, communicate, and drive down risk across the company
  • Lead detection, response, and incident management programs end-to-end, including product security incident response and bug bounty
  • Manage diverse, high-performing engineering organizations; coach managers, tech leads, and senior ICs
  • Develop and deliver a multi-year security vision, strategy, and roadmap aligned with company and AI strategy
  • Build partnerships across Product, Engineering, Enterprise Governance, Legal, GTM, Finance, People, and Risk
  • Communicate clearly to engineers, executives, Board members, customers, CISOs, auditors, regulators, and analysts

Requirements

  • Pragmatic, engineering-oriented SaaS security leader with experience leading security teams for SaaS product companies on modern tech stacks
  • Deep expertise in at least one security discipline (Application/Product Security, Infrastructure Security, Detection & Response) and broad across others
  • Fluency in modern cloud and identity threat models, supply chain risk, and secure-by-default infrastructure
  • Experience operating in ambiguity with hypothesis-driven, systems-thinking approach
  • Strong change management skills: influencing executives and shifting company practices without defaulting to "security said no"
  • Executive presence internally and externally; comfortable with customers, prospects, CISOs, auditors, regulators, and analysts
  • Deep expertise in detection, response, and incident management, including running bug bounty programs at scale
  • Experience managing diverse, high-performing, growth-mindset engineering organizations and managing managers
  • Ability to develop and deliver aligned security vision, strategy, and roadmap with measurable outcomes
  • Excellent written and verbal communication skills; able to tailor messaging from engineer to Board member

Nice-to-Haves

  • Experience securing agentic systems, MCP-style integrations, and AI features that touch customer data
  • Prior path toward or interest in Chief Security Officer role

Skills

Application SecurityProduct SecurityInfrastructure SecurityDetection And ResponseGRCCloud SecurityIdentity SecurityIncident ResponseRisk ManagementBug Bounty Programs
Scale AI

Head of Global Assurance

Scale AIWashington, DC

Lead and scale global assurance programs (FedRAMP, SOC 2, ISO 27001) across public sector and commercial units while managing a distributed technical team of compliance experts.

287k – 359k/yr
On-site10+ YOESecurity Engineering
Harvey

Head of Security Engineering

HarveySan Francisco, CA +1

Lead and scale the security engineering organization, owning IAM strategy, security tooling, and foundational security platforms that enable rapid, secure product development.

285k – 350k/yr
Hybrid10+ YOESecurity Engineering
Moment

Head of Security

MomentNew York, NY

Own the end-to-end security program for a fintech infrastructure company, driving strategy, compliance (SOC 2), incident response, and client-facing security reviews for institutional trading systems.

275k – 325k/yr
On-siteSecurity Engineering
Trail of Bits

Engineering Director, Application Security

Trail of BitsUnited States

Leads Application Security practice performing code audits, vulnerability research, and secure design reviews. Hands-on leader managing team, P&L, client relationships; requires 10+ years security experience and proficiency in multiple languages.

250k – 300k/yr
Remote10+ YOESecurity Engineering
Instabase

Director, Security & Compliance

InstabaseSan Francisco, CA

Leads security, compliance (GRC), and IT operations at a SaaS company, driving roadmap, audits (SOC2, HIPAA, ISO 27001, GDPR, FedRAMP), policies, and cross-functional programs. Requires extensive compliance experience in cloud/SaaS environments.

250k – 300k/yr
HybridSecurity Engineering