Job Title: Product Security Engineer

Location: Bristol-based, ideally 2–3 days on-site per week, with some flexibility depending on circumstances.

Salary: £DOE + 10% bonus

Security: Must be eligible for SC Clearance (British citizen or UK resident for last 5 years)

 

We’re looking for a Product Security Engineer to help shape how security is built into products from day one, not bolted on later. This role sits at the intersection of engineering and security, working hands-on with development teams to influence how systems are designed, built, and shipped.

 

You’ll play a key role in embedding secure-by-design principles across the full product lifecycle, partnering closely with engineering teams across the UK and Europe. The focus is on early engagement, identifying risks at design stage, improving code quality, and driving a practical “shift-left” approach that scales.

 

This is an opportunity to work on complex, real-world systems (including advanced hardware/software environments) where security is critical, and your input will directly shape engineering outcomes.

 

What You’ll Be Doing

• Partner with engineers to review code and identify security vulnerabilities, logic flaws, and risky patterns
• Provide clear, actionable feedback to improve security without slowing delivery
• Contribute to architecture and design discussions, ensuring security is considered from the outset
• Champion secure-by-design and “shift-left” practices across teams
• Help define and evolve secure coding standards, patterns, and best practices
• Support the integration of security into developer workflows (code reviews, CI/CD, etc.)
• Conduct threat modelling and design-level risk assessments
• Identify and help remediate application-layer vulnerabilities
• Collaborate with wider security teams on areas like logging, monitoring, and detection
• Influence engineering culture by making security practical, scalable, and developer-friendly

 

What We’re Looking For

• Experience in a software engineering or product security role, with hands-on exposure to real-world codebases
• Ability to read and reason about code, spotting both security and logical issues
• Strong understanding of common application security risks (e.g. OWASP Top 10) and how they appear in practice
• Experience with languages such as C, C++, C#, or Python
• Familiarity with modern development practices, version control (e.g. Git), and CI/CD environments
• Solid understanding of software development lifecycles and secure development principles
• Comfortable working across Linux, Windows, and typical engineering environments
• Strong problem-solving skills and attention to detail
• Effective communicator, able to work closely with distributed engineering teams

 

Nice to have:

• Experience with embedded systems or performance-critical environments
• Background working in fast-moving or product-led engineering teams

 

Why This Role

This role is focused on making a tangible impact, reducing risk before it becomes a problem, and helping engineering teams build secure systems by default. You’ll be working on meaningful, technically challenging products, with the autonomy to influence how security is embedded at scale.