Principal Product Manager - Email & Collaboration Security

Job Description: Principal Product Manager - Threat Detection

Email & Collaboration Security | Boston, Massachusetts

Mimecast protects over 42,000 organisations from sophisticated email and collaboration threats. We're looking for a Principal Product Manager to own the efficacy and evolution of our threat detection capabilities—ensuring we detect the most evasive attacks on day zero.

This is a high-impact, technical IC role for someone who thrives at the intersection of threat intelligence, detection engineering, and product strategy. You'll be responsible for detection performance metrics, vendor relationships, and the roadmap that keeps Mimecast ahead of emerging attack vectors. You'll also mentor two product managers as we build deeper detection expertise across the team.

What you'll be responsible for:

Detection Efficacy & Performance

• Own detection success metrics and SLAs—you're accountable for how well we catch threats and how quickly we respond to new campaigns
• Drive detection performance benchmarking against industry tests and competitive threats, translating results into actionable product improvements
• Establish feedback loops from Mimecast SOC and threat research teams to continuously improve detection logic and reduce false positives
• Lead cross-functional detection improvement sprints when efficacy gaps emerge through customer escalations or competitive intelligence

Threat Intelligence & Detection Systems

• Ensure Mimecast detects the most evasive threats on day zero by orchestrating ML/AI models, threat research, and multi-layered detection approaches
• Manage relationships with threat intelligence feed providers and detection engine vendors, ensuring optimal integration and value extraction
• Align threat intelligence and campaign-level information to detection capabilities, turning intelligence into protective action
• Curate threat intelligence bulletins with product marketing to educate customers and demonstrate our detection leadership

Roadmap & Innovation

• Drive detection capability roadmap aligned to MITRE ATT&CK framework and emerging attack vectors including QR code phishing, AI-generated social engineering, and collaboration tool abuse
• Define and maintain detection SLAs/SLOs with engineering, including mean-time-to-detect for emerging threat campaigns
• Partner with engineering on detection architecture decisions, balancing efficacy, performance, and scalability

What you'll bring:

Product Management Foundation

• 8+ years product management experience in cybersecurity, with at least 3 years focused on threat detection, email security, or related domains
• Proven track record owning product efficacy metrics and driving measurable improvements in detection performance
• Experience managing vendor relationships and technical partnerships, particularly with threat intelligence or detection technology providers
• Strong technical fluency—you can parse detection logic, understand ML model outputs, and engage credibly with security researchers and detection engineers

Detection & Threat Landscape Expertise

• Deep understanding of email-borne threats (phishing, BEC, malware, impersonation) and modern attack techniques
• Familiarity with threat intelligence frameworks (MITRE ATT&CK) and how to translate threat research into product capabilities
• Experience with detection systems architecture—whether signature-based, heuristic, ML/AI, or hybrid approaches
• Comfort working with technical tools and data: SQL for detection analysis, scripting for automation (Python/JavaScript), AWS services for operational insight
• Proficient in leveraging generative AI tooling (Claude, ChatGPT, Cursor) to accelerate analysis, documentation, and prototyping workflows

Collaboration & Leadership

• Ability to drive cross-functional initiatives across engineering, threat research, data science, and customer-facing teams
• Experience mentoring other product managers or leading through influence without direct authority
• Skilled at distilling complex technical challenges into clear product strategy and customer-facing narratives
• Comfortable operating in ambiguity—you can structure problems, validate hypotheses, and move quickly with incomplete information

Why Mimecast:

We're at an inflection point in email and collaboration security. As threats become more sophisticated and AI-powered attacks emerge, our detection capabilities need to evolve faster than ever. You'll have the autonomy to shape our detection strategy, direct access to threat research and engineering teams, and the backing of leadership to make bold technical bets.

You'll be joining a globally distributed product team working alongside talented PMs across threat protection, policy management, and customer protection initiatives. We value data-driven decision making, direct communication, and empowering people to own outcomes.

What we offer:

• Competitive salary and benefits package
• Collaborative environment where your technical depth and product instincts will be valued

Belonging at Mimecast

Cybersecurity is a community effort. That’s why we’re committed to building an inclusive, diverse community that celebrates and welcomes everyone – unless they’re a cybercriminal, of course.

We’re proud to be an Equal Opportunity and Affirmative Action Employer, and we’d encourage you to join us whatever your background. We particularly welcome applicants from traditionally underrepresented groups.

We consider everyone equally: your race, age, religion, sexual orientation, gender identity, ability, marital status, nationality, or any other protected characteristic won’t affect your application.

If you require any adjustments or accommodations due to a disability, or any other reason that may help you in your interview process, please let us know by emailing careers@mimecast.com.

Due to certain obligations to our customers, an offer of employment will be subject to your successful completion of applicable background checks, conducted in accordance with local law.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment.