As passionate about our people as we are about our mission.

Why Join Q2?

Q2 is a leading provider of digital banking and lending solutions to banks, credit unions, alternative finance companies, and fintechs in the U.S. and internationally. Our mission is simple: build strong and diverse communities through innovative financial technology—and we do that by empowering our people to help create success for our customers.

What Makes Q2 Special?

The Job At-A-Glance:

We are seeking a Senior Director of Product Security to lead and scale our product security, PSIRT, and product integrity capabilities across a modern, cloud-native, and AI-enabled technology platform. This leader will work directly with Product and Engineering leadership to embed security while ensuring our products remain resilient against real-world adversaries, abuse, and emerging AI-driven threats.

This role serves as the primary technical bridge between Security, Products and Engineering, owning secure and defense by design scanning and prioritization, vulnerability and product incident response.  The leader in this role will also partner with architecture to secure the use and development of AI and agentic AI solutions. The Senior Director Of Product Security will also act as a deputy to the CISO, providing technical depth during product incidents and serving as a potential succession our CISO.

A Typical Day:

Product Security Leadership & Engineering Partnership

• Define and translate security requirements into practical, scalable engineering or product roadmap guidance amongst our Digital Banking products and services

• Champion Embedded security-by-design into product architecture, secure coding practices, CI/CD pipelines, and cloud-native platforms

• Partner with engineering leadership to drive DevSecOps adoption and measurable security outcomes

Product Security Incident Response & PSIRT

• Own and mature the Product Security Incident Response Team (PSIRT) function

• Lead vulnerability intake, triage, remediation, and coordinated disclosure processes

• Working with infrastructure, evolve emergency patch/config release process

• Drive post-incident learning through root-cause analysis and systemic improvements

• Partner with Legal, Communications, and Customer teams during high-impact security events

Product Integrity, Abuse & Threat Modeling

• Ensure products are resilient against business logic abuse, misuse, fraud, and adversarial behavior

• Lead threat modeling for new products, features, and AI-enabled capabilities

• Collaborate with Fraud, Risk, and Trust teams to address cross-functional threats

• Champion secure architecture reviews at design and pre-launch phases

AI & Agentic AI Security Governance

• Partner with architecture to oversee security standards and defense response program for AI and agentic AI systems

• Ensure secure model development, deployment, and inference pipelines

• Address AI-specific risks including:

  • Prompt injection and jailbreaks

  • Training data poisoning and leakage

  • Model extraction and inversion

  • Agent autonomy, identity, and privilege boundaries

• Lead AI red-teaming and adversarial testing efforts

• Align AI security practices with emerging regulatory and risk frameworks

Security Operations & Engineering Enablement

• Provide oversight and technical leadership across:

  • Application Security

  • SOC and detection engineering

  • Red, blue, and purple team programs

  • Penetration testing and continuous assurance

• Ensure logging, monitoring, and telemetry are fully integrated into engineering workflows

• Drive automation and scalability across security operations

Bring Your Passion, Do What You Love. Here’s What We’re Looking For:

• Typically requires a Bachelor’s degree in Cyber Security or Computer Science and a minimum of 15 years of related experience; or an advanced degree with 12+ years of experience; or equivalent relevant work experience.

• Typically requires 7+ years managing and developing employees.

• Experience in scaling software engineering, cloud architecture, or infrastructure engineering teams in a high available environment

• Experience in regulated industries (financial services, fintech, payments, or similar) strongly preferred

• Familiarity with regulatory expectations and audits related to security and risk

• Proven ability to lead senior technical teams and cross-functional initiatives

• Strong communication skills across engineers, executives, auditors, regulators, and customers

• Experience influencing outcomes in matrixed organizations

• Certifications such as CISSP, CISM, or cloud security certifications are a plus

This position requires fluent written and oral communication in English.

Applicants must be authorized to work for any employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.

Health & Wellness

• Hybrid Work Opportunities

• Flexible Time Off 

• Career Development & Mentoring Programs 

• Health & Wellness Benefits, including competitive health insurance offerings and generous paid parental leave for eligible new parents 

• Community Volunteering & Company Philanthropy Programs 

• Employee Peer Recognition Programs – “You Earned it”

Click here to find out more about the benefits we offer.

Our Culture & Commitment:

We’re proud to foster a supportive, inclusive environment where career growth, collaboration, and wellness are prioritized. And our benefits go beyond healthcare—offering resources for physical, mental, and professional well-being. Click here to find out more about the benefits we offer. Q2 employees are encouraged to give back through volunteer work and nonprofit support through our Spark Program (see more). We believe in making an impact—in the industry and in the community.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, genetic information, or veteran status.

Applicants in California or Washington State may not be exempt from federal and state overtime requirements