Director Security Engineering

About the Team

The primary objective of the Head of Product Security role is to prevent security breaches, feature abuse, and compliance non-conformities that could result in financial loss, reputational damage, or failure to achieve Miro’s business objectives by ensuring that security, privacy, compliance, and misuse risks are systematically identified and mitigated throughout the Product Development Life Cycle—integrated into Miro’s AMPED (Analytics & Marketing & Product & Engineering & Design) Ways of Working and Operating Model. The role enables secure and compliant product development to support the successful delivery of Miro's business objectives.

About the Role

The Head of Product Security is responsible for defining and managing Miro’s product security strategy, with a primary focus on embedding security, privacy, and abuse-prevention practices throughout the Product Development Life Cycle (PDLC)—spanning the Discover, Define, and Deliver phases. The PDLC is embedded within Miro’s AMPED Ways of Working (WoW) and AMPED Operating Model, and this role ensures that product teams apply consistent security considerations as part of how products are scoped, shaped, and shipped.

The position includes responsibility for enabling product teams to identify and mitigate both technical risks and misuse scenarios, where legitimate product functionality could be abused for malicious purposes (e.g., phishing, data leakage, account enumeration). The Head of Product Security sets expectations for risk ownership and ensures that non-functional security requirements are integrated into product delivery frameworks.

This role reports directly to the Chief Information Security Officer (CISO) and collaborates closely with Product, Engineering, Application Security, Privacy, Legal, and Compliance functions.

What you’ll do

• Define and maintain a product security governance framework aligned with the Discover, Define, Deliver phases of the PDLC, as structured within the AMPED Ways of Working and Operating Model.
• Establish clear ownership models assigning product managers accountability for identifying, documenting, and mitigating security and abuse risks.
• Lead the development of security guidance, policy, and review processes tailored to each PDLC phase within the AMPED framework.
• Implement methods for identifying both traditional vulnerabilities and abuse of functionality, where users exploit legitimate features for malicious purposes.
• Specify non-functional security requirements to be considered in product requirements, architecture, and delivery checkpoints.
• Collaborate with Product teams to incorporate threat modeling, misuse case analysis, and privacy risk assessments into the Discover and Define stages.
• Coordinate with Application Security to ensure alignment of secure software development practices with broader product strategy and roadmaps.
• Maintain tooling, documentation, and checklists to support structured product security reviews and approvals.
• Integrate compliance, privacy, and regulatory requirements (e.g., GDPR, DSA, AI Act) into product planning and delivery processes.
• Develop and deliver education programs to raise awareness of product misuse risks and the responsibility of product teams to mitigate them.
• Participate in product strategy reviews, roadmap reviews, and high-risk feature assessments, providing security input and risk-based recommendations.
• Define and report on product security KPIs and maturity metrics aligned with AMPED governance forums and risk review processes.
• Act as a point of contact for internal audit, security certifications, and external customer assurance related to product-level security risks.
• Drive continuous improvement in security integration by incorporating learnings from incidents, threat intelligence, and peer benchmarks into the PDLC.
• Ensure alignment of all product security activities with Miro’s AMPED cross-functional execution model, enabling scalable and repeatable secure product development practices.

What you’ll need

• 10+ years of experience in information security, with a strong focus on software and product security.
• 5+ years of leadership experience in a security function, with a proven track record of building and mentoring high-performing teams.
• Deep expertise in Secure Software Development Lifecycles (SSDLC), including integrating security into agile and custom development frameworks.
• Extensive experience with threat modeling methodologies (e.g., STRIDE, PASTA) and risk assessment, particularly within a SaaS or product-centric organization.
• Strong knowledge of cloud security principles and experience securing applications in major cloud environments (AWS, GCP, or Azure).
• Familiarity with modern application architecture, including microservices, APIs, and containerization (Docker, Kubernetes).
• Solid understanding of relevant compliance and regulatory frameworks such as GDPR, SOC 2, ISO 27001, and emerging AI regulations.

Who you are (Skills & Attributes)

• A Strategic Leader: You think holistically, balancing security requirements with business objectives and product velocity.
• An Exceptional Communicator: You can articulate complex technical risks to non-technical stakeholders and translate business goals into security strategy for your team.
• A Natural Collaborator: You excel at building strong relationships and influencing cross-functional teams without direct authority.
• A Pragmatic Problem-Solver: You are skilled at identifying scalable, risk-based solutions and are comfortable navigating ambiguity in a fast-paced environment.
• Data-Driven: You use metrics and KPIs to measure the effectiveness of your programs and drive continuous improvement.

A Passionate Mentor: You are dedicated to developing talent and empowering engineers and product managers to be security champions.

What's in it for you

AMS:

• Competitive equity package
• Medical insurance coverage
• Lunch, snacks and drinks provided in the office
• Wellbeing benefit and WFH equipment allowance
• Annual learning and development allowance to grow your skills and career
• Travel allowance for your commute
• Opportunity to work for a globally diverse team
• Inspiring workplace in the heart of Amsterdam

About Miro

Miro is a visual workspace for innovation that enables distributed teams of any size to build the next big thing. The platform's infinite canvas enables teams to lead engaging workshops and meetings, design products, brainstorm ideas, and more. Miro, co-headquartered in San Francisco and Amsterdam, serves more than 90M users worldwide, including 99% of the Fortune 100. Miro was founded in 2011 and currently has more than 1,600 employees in 12 hubs around the world.

We are a team of dreamers. We look for individuals who dream big, work hard, and above all stay humble. Collaboration is at the heart of what we do and through our work together we hope to create a supportive, welcoming, and innovative environment. We strive to play as a team to win the world and create a better version of ourselves every day. If this sounds like something that excites you, we want to hear from you!

Check out more about life at Miro: 

• Youtube: https://www.youtube.com/@lifeatmiro
• Blog: https://miro.com/careers/life-at-miro/all/
• Instagram: https://www.instagram.com/mirohq/

At Miro, we strive to create and foster an environment of belonging and collaboration across cultural differences. Miro’s mission — Empower teams to create the next big thing — is how we think about our product, people, and culture. We believe that creating big things requires diverse and inclusive teams. Diversity invites all talent with different demography, identities and styles to step in, and inclusion invites them to step closer together. Every day, we are working to build a more diverse Miro, cultivate a sense of belonging for future and current Mironeers around the world, and foster an environment where everyone can collaborate and embrace differences.

Miro handles and uses personal data of job applicants in line with its Recruitment Privacy Policy found here.