Senior Product Security Engineer – Remote with occasional travel to London – Up to £110,000
A leading global payments organization is seeking a highly skilled and motivated Product Security / Application Security Engineer with strong software engineering and threat modelling skills to join its evolving cybersecurity team.
This role plays a crucial part in securing the organization's products and services by working closely with development teams to ensure secure design, implementation, and maintenance of software systems.
Responsibilities:
* Conduct software security architecture design reviews and threat modelling sessions to identify security risks and recommend mitigation strategies.
* Assess and design security controls and technologies within CI/CD pipelines to enhance product security.
* Analyse detected vulnerabilities in software, providing remediation recommendations to development teams.
* Develop and maintain a catalogue of secure design patterns for engineers to implement best security practices.
* Implement automation and self-service security tools to provide actionable visibility for engineers.
* Ensure alignment of security solutions with industry regulations, including PCI, SOC, GDPR, CCPA, and cloud security best practices.
Experience/Background
* Proven experience in threat modelling, security design reviews, and security architecture.
* Background in software engineering, with proficiency in at least one programming language.
* Expertise in authentication and authorization protocols, as well as API security.
* Experience working with CI/CD teams to integrate security technologies, including SAST, DAST, and SCA tools.
* Strong ability to collaborate with cross-functional teams to drive security initiatives.
Preferred Qualifications:
* Experience with Java and/or .NET programming languages.
* Knowledge of the payment industry and PCI DSS compliance.
* Understanding of both offensive and defensive security tactics.
* Contributions to the open-source security community.