Director, Product Security
WeSpire
Bonterra exists to propel every doer of good to their peak impact. We measure that impact against our vision to increase the giving rate as a percentage of GDP from 2% to 3% by 2033. We know that this goal is lofty, but we are confident that the right technology and expertise will strengthen trust in the sector, allowing the social good industry to accelerate growth and reach peak impact. Bonterra's differentiated, end-to-end solutions collectively support a unique network of over 20,000 customers, including over 16,000 nonprofit organizations and over 50 percent of Fortune 100 companies. Learn more at bonterratech.com.
Do you thrive on staying ahead of emerging application and product security threats? Are you the kind of person who can see both the details in a code review and the big picture of how to scale secure development across dozens of engineering teams? If so, this role is for you. We’re looking for a Director, Product Security to lead Bonterra’s product security program — ensuring the safety, resilience, and trustworthiness of our SaaS platforms
What You’ll Do
Report directly to the CISO and own the Product Security program across Bonterra’s SaaS portfolio.
Champion secure-by-design practices across the entire software lifecycle — from architecture and design, to CI/CD
pipelines, to production monitoring.
Partner closely with R&D, Product, M&A, and IT leaders to embed security into product decisions, integrations, and
innovation initiatives.
Build and scale security programs through automation, tooling, and training — not just headcount.
Define and execute a multi-year roadmap for Product Security that addresses gaps in coverage, staffing, and
capabilities as Bonterra grows.
Oversee vulnerability management across applications: review findings (SAST, DAST, SCA, penetration tests, bug
bounty), assess risk, and drive remediation with engineering partners.
-
Lead activities such as:
Threat modeling and design reviews
Third-party / M&A product security assessments
Secure code review and testing
Secure open-source and third-party component lifecycle management
Centralized tracking, prioritization, and metrics reporting
Develop meaningful, quantitative metrics that demonstrate product security health, progress, and business value.
Identify systemic classes of vulnerabilities, design scalable defenses, and evangelize secure coding and product patterns across engineering.
Requirements
5–7 years of experience in software development or engineering roles, including 2–3 years in a leadership role.
Proficiency in at least one major language (C#, Java, Python, Ruby, etc.).
5–7 years of experience in application/product security with emphasis on secure software development, code
analysis, and vulnerability management.
Strong knowledge of secure design principles (e.g., threat modeling, least privilege, cryptography) and common software vulnerabilities (e.g., CWE Top 25, OWASP Top 10).
Excellent written and verbal communication skills; able to translate complex technical topics for both engineers and executives.
Demonstrated ability to make pragmatic risk-based decisions and prioritize effectively in a fast-moving environment.
What Sets You Apart
Experience securing cloud-native applications (AWS, Azure, GCP).
Experience embedding security in M&A due diligence and product integrations.
Track record of scaling security programs through automation, developer tooling, and guardrails.
Familiarity with security and compliance frameworks (NIST, ISO, SOC 2, PCI DSS, CIS Controls).
Experience influencing product roadmaps, customer assurance, and security-as-a-feature discussions
At this time, we are unable to consider candidates who require current or future sponsorship for employment authorization.
Compensation
The range displayed on this job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.
Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and in addition to benefits this role may be eligible for discretionary bonuses/incentives, and equity.
US Base Salary: $162,962.96 - $220,000 w/15% annual bonus
Our Culture: At Bonterra, we’re innovating with a higher purpose: to increase giving to 3% of US GDP by 2033, creating $573 billion more in global impact every year. To achieve our vision, we cultivate an inclusive environment where diversity is embraced and every team member feels empowered to contribute. Innovation, curiosity, and a commitment to equity guide our work. We foster a culture of belonging, ensuring that every individual is valued, respected, and given the tools to succeed. Together, we are dedicated to making a positive impact in the world.
Our comprehensive and competitive benefits include:
Generous Flexible Time Off (FTO) Policy
Up to 15 paid company holidays including some commemorating social justice events and self-care
Paid volunteer time
Resources for savings and investments
Paid parental leave
Paid sick leave
Health, vision, dental, and life insurance with additional access to health and wellness programs.
Opportunities to learn, develop, network, and connect
Please note the benefits specified on this page are applicable to full-time employees based in the United States. For international employees, actual benefits may vary based on local standards and regulations and will be determined in accordance with regional considerations, including but not limited to applicable laws and industry norms.
Candidate Accommodations
If you require assistance due to a disability in the application or recruitment process, please submit a request here.
____________________________________________________________________________________
We are committed to being an equal opportunity employer and evaluate qualified applicants without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, diversity of thought and any other characteristic protected by applicable law.