Product Security Engineer - Specialist (SAST/DAST/SCA/Threat Modeling/Incident Response

Product Security Engineer - Specialist (SAST/DAST/SCA/Threat Modeling/Incident Response

Posted 4 days ago by 1772596554

Apply
Negotiable
Undetermined
Hybrid
London
Apply
Azure Kubernetes Service Burp Suite Checkmarx Continuous Integration and Continuous Delivery Cyber Incident Response Data Management Platforms Device Tracking Software DevSecOps Embedding Github Gitlab Google Cloud Platform (GCP) Jenkins Kubernetes Life Cycle Planning Management Microsoft Azure Product Lifecycle Root Cause Analysis Security Testing Stakeholder Management Threat Modeling VeraCode Vulnerability Vulnerability Management

Summary: The Product Security Engineer - Specialist role focuses on embedding security throughout the product life cycle, from design to deployment. This high-impact contract position is suited for a professional with expertise in security architecture and incident response. The role involves defining security policies, managing vulnerabilities, and leading threat modeling initiatives. The ideal candidate will have a strong background in secure SDLC practices and incident response leadership.

Key Responsibilities:

  • Define and implement product security policies, standards, and tooling across the SDLC
  • Lead threat modelling initiatives (eg, STRIDE, PASTA) for new and existing applications
  • Manage and prioritize the product vulnerability backlog, tracking SLAs, aging metrics, and remediation progress
  • Oversee findings from SAST, DAST, and SCA tools, ensuring effective triage and resolution
  • Coordinate and manage bug bounty submissions and remediation workflows
  • Conduct Root Cause Analysis (RCA) for security incidents and systemic vulnerabilities
  • Act as Incident Commander or Investigation Lead during security events
  • Facilitate tabletop exercises to strengthen incident readiness
  • Partner with CI/CD teams to embed security controls into pipelines

Key Skills:

  • Deep expertise in Vulnerability Management, Secure SDLC practices, Security Architecture & Design, and Threat Modeling
  • Strong background in Incident Response leadership, Root Cause Analysis, and Bug Bounty program coordination
  • Experience implementing security tooling in CI/CD environments: SAST, DAST, SCA
  • Experience working within regulated environments (eg, PCI-DSS, SOC 2, GDPR)
  • Proven ability to drive cross-functional security initiatives with Engineering, Product, and Compliance teams
  • Excellent stakeholder management and communication skills

Salary (Rate): undetermined

City: London

Country: United Kingdom

Working Arrangements: hybrid

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Product Security Engineer - Specialist (SAST | DAST | SCA | Threat Modeling | Incident Response | DevSecOps | PCI-DSS)- Hybrid (London)

We are seeking an experienced Product Security Leader (PSL) to embed security across the full product life cycle - from secure design and development through deployment and production resilience.

This is a high-impact contract role ideal for a security professional who thrives at the intersection of engineering, security architecture, and incident response.

What You'll Own

  • Define and implement product security policies, standards, and tooling across the SDLC

  • Lead threat modelling initiatives (eg, STRIDE, PASTA) for new and existing applications

  • Manage and prioritize the product vulnerability backlog, tracking SLAs, aging metrics, and remediation progress

  • Oversee findings from SAST, DAST, and SCA tools, ensuring effective triage and resolution

  • Coordinate and manage bug bounty submissions and remediation workflows

  • Conduct Root Cause Analysis (RCA) for security incidents and systemic vulnerabilities

  • Act as Incident Commander or Investigation Lead during security events

  • Facilitate tabletop exercises to strengthen incident readiness

  • Partner with CI/CD teams to embed security controls into pipelines

What You Bring

  • Deep expertise in:

    • Vulnerability Management

    • Secure SDLC practices

    • Security Architecture & Design

    • Threat Modeling

  • Strong background in:

    • Incident Response leadership

    • Root Cause Analysis

    • Bug Bounty program coordination

  • Experience implementing security tooling in CI/CD environments:

    • SAST

    • DAST

    • SCA

  • Experience working within regulated environments (eg, PCI-DSS, SOC 2, GDPR)

  • Proven ability to drive cross-functional security initiatives with Engineering, Product, and Compliance teams

  • Excellent stakeholder management and communication skills

Preferred Technical Exposure

  • CI/CD platforms (eg, GitHub Actions, GitLab CI, Jenkins)

  • Cloud platforms (AWS, Azure, or GCP)

  • Containerization & orchestration (Docker, Kubernetes)

  • Application security testing tools (eg, Checkmarx, Veracode, Fortify, Burp Suite, etc.)

  • Vulnerability management platforms (eg, Qualys, Tenable, Rapid7)

Ideal Profile

This role suits a senior-level Product Security professional who can operate strategically while remaining technically credible - someone comfortable influencing engineering teams, driving remediation priorities, and leading during high-pressure security incidents.

Apply
Similar Jobs
Loading data...