Product Security Engineer - Specialist (SAST/DAST/SCA/Threat Modeling/Incident Response

Product Security Engineer - Specialist (SAST | DAST | SCA | Threat Modeling | Incident Response | DevSecOps | PCI-DSS)- Hybrid (London)

We are seeking an experienced Product Security Leader (PSL) to embed security across the full product life cycle - from secure design and development through deployment and production resilience.

This is a high-impact contract role ideal for a security professional who thrives at the intersection of engineering, security architecture, and incident response.

What You'll Own

• Define and implement product security policies, standards, and tooling across the SDLC
• Lead threat modelling initiatives (eg, STRIDE, PASTA) for new and existing applications
• Manage and prioritize the product vulnerability backlog, tracking SLAs, aging metrics, and remediation progress
• Oversee findings from SAST, DAST, and SCA tools, ensuring effective triage and resolution
• Coordinate and manage bug bounty submissions and remediation workflows
• Conduct Root Cause Analysis (RCA) for security incidents and systemic vulnerabilities
• Act as Incident Commander or Investigation Lead during security events
• Facilitate tabletop exercises to strengthen incident readiness
• Partner with CI/CD teams to embed security controls into pipelines

What You Bring

• Deep expertise in:

• Vulnerability Management
• Secure SDLC practices
• Security Architecture & Design
• Threat Modeling

• Strong background in:

• Incident Response leadership
• Root Cause Analysis
• Bug Bounty program coordination

• Experience implementing security tooling in CI/CD environments:

• SAST
• DAST
• SCA

• Experience working within regulated environments (eg, PCI-DSS, SOC 2, GDPR)
• Proven ability to drive cross-functional security initiatives with Engineering, Product, and Compliance teams
• Excellent stakeholder management and communication skills

Preferred Technical Exposure

• CI/CD platforms (eg, GitHub Actions, GitLab CI, Jenkins)
• Cloud platforms (AWS, Azure, or GCP)
• Containerization & orchestration (Docker, Kubernetes)
• Application security testing tools (eg, Checkmarx, Veracode, Fortify, Burp Suite, etc.)
• Vulnerability management platforms (eg, Qualys, Tenable, Rapid7)

Ideal Profile

This role suits a senior-level Product Security professional who can operate strategically while remaining technically credible - someone comfortable influencing engineering teams, driving remediation priorities, and leading during high-pressure security incidents.

• Experience working within regulated environments (eg, PCI-DSS, SOC 2, GDPR)
• Proven ability to drive cross-functional security initiatives with Engineering, Product, and Compliance teams
• Excellent stakeholder management and communication skills

Preferred Technical Exposure

• CI/CD platforms (eg, GitHub Actions, GitLab CI, Jenkins)
• Cloud platforms (AWS, Azure, or GCP)
• Containerization & orchestration (Docker, Kubernetes)
• Application security testing tools (eg, Checkmarx, Veracode, Fortify, Burp Suite, etc.)
• Vulnerability management platforms (eg, Qualys, Tenable, Rapid7)

Ideal Profile

This role suits a senior-level Product Security professional who can operate strategically while remaining technically credible - someone comfortable influencing engineering teams, driving remediation priorities, and leading during high-pressure security incidents.