Director, Product Security

Bonterra exists to propel every doer of good to their peak impact. We measure that impact against our vision to increase the giving rate as a percentage of GDP from 2% to 3% by 2033. We know that this goal is lofty, but we are confident that the right technology and expertise will strengthen trust in the sector, allowing the social good industry to accelerate growth and reach peak impact. Bonterra's differentiated, end-to-end solutions collectively support a unique network of over 20,000 customers, including over 16,000 nonprofit organizations and over 50 percent of Fortune 100 companies. Learn more at bonterratech.com.

Do you thrive on staying ahead of emerging application and product security threats? Are you the kind of person who can see both the details in a code review and the big picture of how to scale secure development across dozens of engineering teams? If so, this role is for you. We’re looking for a Director, Product Security to lead Bonterra’s product security program — ensuring the safety, resilience, and trustworthiness of our SaaS platforms

What You’ll Do

• Report directly to the CISO and own the Product Security program across Bonterra’s SaaS portfolio.

• Champion secure-by-design practices across the entire software lifecycle — from architecture and design, to CI/CD 

• pipelines, to production monitoring.

• Partner closely with R&D, Product, M&A, and IT leaders to embed security into product decisions, integrations, and 

• innovation initiatives.

• Build and scale security programs through automation, tooling, and training — not just headcount.

• Define and execute a multi-year roadmap for Product Security that addresses gaps in coverage, staffing, and 

• capabilities as Bonterra grows.

• Oversee vulnerability management across applications: review findings (SAST, DAST, SCA, penetration tests, bug 

• bounty), assess risk, and drive remediation with engineering partners.

• Lead activities such as:

  • Threat modeling and design reviews

  • Third-party / M&A product security assessments

  • Secure code review and testing

  • Secure open-source and third-party component lifecycle management

  • Centralized tracking, prioritization, and metrics reporting

• Develop meaningful, quantitative metrics that demonstrate product security health, progress, and business value.

• Identify systemic classes of vulnerabilities, design scalable defenses, and evangelize secure coding and product patterns across engineering.

Requirements

• 5–7 years of experience in software development or engineering roles, including 2–3 years in a leadership role. 

• Proficiency in at least one major language (C#, Java, Python, Ruby, etc.).

• 5–7 years of experience in application/product security with emphasis on secure software development, code 

• analysis, and vulnerability management.

• Strong knowledge of secure design principles (e.g., threat modeling, least privilege, cryptography) and common software vulnerabilities (e.g., CWE Top 25, OWASP Top 10).

• Excellent written and verbal communication skills; able to translate complex technical topics for both engineers and executives.

• Demonstrated ability to make pragmatic risk-based decisions and prioritize effectively in a fast-moving environment.

What Sets You Apart

• Experience securing cloud-native applications (AWS, Azure, GCP).

• Experience embedding security in M&A due diligence and product integrations.

• Track record of scaling security programs through automation, developer tooling, and guardrails.

• Familiarity with security and compliance frameworks (NIST, ISO, SOC 2, PCI DSS, CIS Controls).

• Experience influencing product roadmaps, customer assurance, and security-as-a-feature discussions

At this time, we are unable to consider candidates who require current or future sponsorship for employment authorization.

Compensation

The range displayed on this job posting reflects the minimum and maximum target for new hire salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training.

Base pay is one part of the Total Package that is provided to compensate and recognize employees for their work, and in addition to benefits this role may be eligible for discretionary bonuses/incentives, and equity.

US Base Salary: $162,962.96 - $220,000 w/15% annual bonus

Our Culture:  At Bonterra, we’re innovating with a higher purpose: to increase giving to 3% of US GDP by 2033, creating $573 billion more in global impact every year. To achieve our vision, we cultivate an inclusive environment where diversity is embraced and every team member feels empowered to contribute. Innovation, curiosity, and a commitment to equity guide our work. We foster a culture of belonging, ensuring that every individual is valued, respected, and given the tools to succeed. Together, we are dedicated to making a positive impact in the world.

Our comprehensive and competitive benefits include:

• Generous Flexible Time Off (FTO) Policy

• Up to 15 paid company holidays including some commemorating social justice events and self-care

• Paid volunteer time

• Resources for savings and investments

• Paid parental leave

• Paid sick leave

• Health, vision, dental, and life insurance with additional access to health and wellness programs.

• Opportunities to learn, develop, network, and connect

Please note the benefits specified on this page are applicable to full-time employees based in the United States. For international employees, actual benefits may vary based on local standards and regulations and will be determined in accordance with regional considerations, including but not limited to applicable laws and industry norms.

Candidate Accommodations

If you require assistance due to a disability in the application or recruitment process, please submit a request here.

____________________________________________________________________________________

We are committed to being an equal opportunity employer and evaluate qualified applicants without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, diversity of thought and any other characteristic protected by applicable law.