What are the responsibilities and job description for the Director, Product Security position at Commvault?
About Commvault
Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. The company’s unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data.
Introduction to role
As Product Security Leader, you will drive the strategy and execution of the security posture of applications and products. You will drive the shift left to build security into our products earlier in the development lifecycle and increase transparency into our security telemetry and data for greater insight. You will provide leadership in the DevSecOps areas of Vulnerability Scanning, Certificate Management, Password Policy Management, Data Analysis of security monitoring outputs, coordination of Remediation Patching, and other daily Security and Compliance efforts. You will drive the development of a unified strategy for secure development across the company, and work with engineering teams and IT to build an automated security framework for robust deployment tools and processes, that supports various scripting languages and open source solutions. You will drive the adoption of our shift-left approach, policy-as-code, security-as-code, zero trust and IaaC compliance. As a senior thought leader in the organization you will provide guardrails & guidance to software development teams, and mentoring & coaching on CNCF best practices. Ultimately you will design, implement and promote maturity levels & targets for the organization's development efforts. As leader for security tools development, you will work with stakeholders to understand the needs, build, and maintain tools to enhance security and transparency. This role will be responsible for shaping the overall security strategy for our global products, ensuring the secure design, development, and deployment across the entire product lifecycle. You will help streamline the current product security efforts across various product teams, build the core product security team, collaborate with engineering, development, and cross-functional teams, and drive security initiatives across all stages of product development.
The ideal candidate will have a strong background in system development lifecycle, software or product development experience, software security, threat modeling, and a proven track record of building scalable security programs in a fast-paced, innovation-driven environment. This role requires both technical expertise and leadership skills to influence product design decisions and create a secure-by-design culture.
Accountabilities
Collaboration: Partner with product development, engineering, DevOps, and other teams to identify security requirements, influence design decisions, and ensure security best practices are followed throughout the development lifecycle.
Develop and Lead Product Security Strategy, Operations, Incident Management, and roadmaps for target product domains: Lead the vision, roadmap, engineering, and execution of the product security strategy, ensuring the development of trust / security / privacy-by-design products and services.
Product Vulnerability Management: Collaborate with product teams and be responsible for the identification, prioritization, and mitigation of security vulnerabilities and issues. Lead and coordinate efforts for secure code reviews, threat modeling, penetration testing, and vulnerability assessments.
Risk Management: In collaboration with cyber risk and enterprise risk management, assess security risks across product portfolios and recommend remediation strategies while balancing business and technical needs.
Secure Development Lifecycle (SDL): Implement and carry out secure development lifecycle practices including repository defense, tooling, ensuring products are designed and developed with security built in.
Training and Awareness: Lead initiatives to increase security awareness and knowledge among engineers and product teams through training, workshops, and the development of security resources in partnership with the End User Education and Awareness Programs.
Compliance: Ensure adherence to relevant regulatory requirements and industry best practices related to product security (e.g., GDPR, SOC2, OWASP, etc.).
Leadership: Build, mentor, and lead a high-performing product security team. Cultivate a culture of security excellence and innovation.
Essential Skills/Experience
US Pay Range
$166,345—$322,000 USD
Commvault is an equal opportunity workplace and is an affirmative action employer. We are always committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status and we will not discriminate against on the basis of such characteristics or any other status protected by the laws or regulations in the locations where we work.
Commvault’s goal is to make interviewing inclusive and accessible to all candidates and employees. If you have a disability or special need that requires accommodation to participate in the interview process or apply for a position at Commvault, please email accommodations@commvault.com For any inquiries not related to an accommodation please reach out to wwrecruitingteam@commvault.com.
For Our Candidates To Prioritize Your Security
Commvault has been made aware of email and/or text correspondence scams that falsely state that the senders are from the Commvault HR team and/or a member of our leadership team. The scammers even conduct false interviews via email or text and then request personal information (name, address, birthdate, social security number, etc.) when returning the signed offer letter. Please note that Commvault does not conduct interviews by email or text, and we will never ask you to submit a W4 via email or prior to your first day of employment.
If you think you have been targeted in this recruiting scam, please reach out to us at wwrecruitingteam@commvault.com. You can also find more tips about job scams and how to avoid them on the FTC’s website.
Commvault's Privacy Policy
Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. The company’s unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data.
Introduction to role
As Product Security Leader, you will drive the strategy and execution of the security posture of applications and products. You will drive the shift left to build security into our products earlier in the development lifecycle and increase transparency into our security telemetry and data for greater insight. You will provide leadership in the DevSecOps areas of Vulnerability Scanning, Certificate Management, Password Policy Management, Data Analysis of security monitoring outputs, coordination of Remediation Patching, and other daily Security and Compliance efforts. You will drive the development of a unified strategy for secure development across the company, and work with engineering teams and IT to build an automated security framework for robust deployment tools and processes, that supports various scripting languages and open source solutions. You will drive the adoption of our shift-left approach, policy-as-code, security-as-code, zero trust and IaaC compliance. As a senior thought leader in the organization you will provide guardrails & guidance to software development teams, and mentoring & coaching on CNCF best practices. Ultimately you will design, implement and promote maturity levels & targets for the organization's development efforts. As leader for security tools development, you will work with stakeholders to understand the needs, build, and maintain tools to enhance security and transparency. This role will be responsible for shaping the overall security strategy for our global products, ensuring the secure design, development, and deployment across the entire product lifecycle. You will help streamline the current product security efforts across various product teams, build the core product security team, collaborate with engineering, development, and cross-functional teams, and drive security initiatives across all stages of product development.
The ideal candidate will have a strong background in system development lifecycle, software or product development experience, software security, threat modeling, and a proven track record of building scalable security programs in a fast-paced, innovation-driven environment. This role requires both technical expertise and leadership skills to influence product design decisions and create a secure-by-design culture.
Accountabilities
Collaboration: Partner with product development, engineering, DevOps, and other teams to identify security requirements, influence design decisions, and ensure security best practices are followed throughout the development lifecycle.
Develop and Lead Product Security Strategy, Operations, Incident Management, and roadmaps for target product domains: Lead the vision, roadmap, engineering, and execution of the product security strategy, ensuring the development of trust / security / privacy-by-design products and services.
Product Vulnerability Management: Collaborate with product teams and be responsible for the identification, prioritization, and mitigation of security vulnerabilities and issues. Lead and coordinate efforts for secure code reviews, threat modeling, penetration testing, and vulnerability assessments.
Risk Management: In collaboration with cyber risk and enterprise risk management, assess security risks across product portfolios and recommend remediation strategies while balancing business and technical needs.
Secure Development Lifecycle (SDL): Implement and carry out secure development lifecycle practices including repository defense, tooling, ensuring products are designed and developed with security built in.
Training and Awareness: Lead initiatives to increase security awareness and knowledge among engineers and product teams through training, workshops, and the development of security resources in partnership with the End User Education and Awareness Programs.
Compliance: Ensure adherence to relevant regulatory requirements and industry best practices related to product security (e.g., GDPR, SOC2, OWASP, etc.).
Leadership: Build, mentor, and lead a high-performing product security team. Cultivate a culture of security excellence and innovation.
Essential Skills/Experience
- Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
- 8 years of experience in security, with at least 3 years in a leadership role focusing on product or software security.
- Expertise in secure software development, application security, threat modeling, vulnerability management, and penetration testing.
- Experience Production Engineering or related position.
- Experience working with Developers, DevOps, and Engineering teams in a dynamic environment to promote/implement the DevSecOps program throughout the organization.
- Experience coordinating and performing vulnerability assessments through the use of automated and manual tools
- Ability to review and analyze vulnerability data to identify security risks to the organization's network, infrastructure, and application's and determine any reported vulnerabilities that are false positives.
- Leadership and Teaming skills to coordinate remediation of vulnerabilities within established timeframes.
- Proficiency in various programming and scripting languages.
- Familiarity with Information Security frameworks/standards
- Comprehension in the security areas of Key Management Systems, Certificate Management, Encryption, Penetration Testing, Vulnerability Scanning, Security and Monitoring tools, etc.
- Ability to assess, select and successfully deploy appsec tools across multiple domains.
- Ability to work with APIs and Plugins to integrate security tools into established CI/CD pipelines.
- Ability to evaluate and assess products security posture
- Experience working with cross-functional teams, especially product management, engineering, and operations, to integrate security into the product lifecycle.
- Strong problem-solving and analytical skills with the ability to translate technical concepts to business leaders and non-technical team members.
- Excellent interpersonal skills, both written and verbal, with the ability to clearly convey complex security topics to a wide audience.
- Master’s degree in Information Security, Computer Science, or a related field.
- Industry certifications such as CISSP, CISM, or CEH.
- Hands-on experience with security frameworks, tools, and methodologies (e.g., SAST, DAST, threat modeling, etc.).
- Familiarity with cloud security and DevSecOps practices.
- Experience leading security initiatives in agile and fast-paced development environments.
- Knowledge of industry standards and regulations (e.g., ISO 27001, NIST, SOC2).
US Pay Range
$166,345—$322,000 USD
Commvault is an equal opportunity workplace and is an affirmative action employer. We are always committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status and we will not discriminate against on the basis of such characteristics or any other status protected by the laws or regulations in the locations where we work.
Commvault’s goal is to make interviewing inclusive and accessible to all candidates and employees. If you have a disability or special need that requires accommodation to participate in the interview process or apply for a position at Commvault, please email accommodations@commvault.com For any inquiries not related to an accommodation please reach out to wwrecruitingteam@commvault.com.
For Our Candidates To Prioritize Your Security
Commvault has been made aware of email and/or text correspondence scams that falsely state that the senders are from the Commvault HR team and/or a member of our leadership team. The scammers even conduct false interviews via email or text and then request personal information (name, address, birthdate, social security number, etc.) when returning the signed offer letter. Please note that Commvault does not conduct interviews by email or text, and we will never ask you to submit a W4 via email or prior to your first day of employment.
If you think you have been targeted in this recruiting scam, please reach out to us at wwrecruitingteam@commvault.com. You can also find more tips about job scams and how to avoid them on the FTC’s website.
Commvault's Privacy Policy
Salary : $166,345 - $322,000
