Product Security Engineer
Location: Bristol Hybrid
Security Clearance: SC (Eligible for Clearance)
Are you passionate about building secure systems from the ground up?
We’re looking for a Product Security Engineer to play a key role in designing and safeguarding the next generation of software, hardware, and service products.
In this role, you will be responsible for embedding security throughout the product lifecycle — from initial design to deployment — by identifying vulnerabilities, conducting risk assessments, and guiding teams with secure development practices.
What You’ll Be Doing:
* Performing product risk assessments and identifying vulnerabilities across platforms.
* Collaborating with developers to integrate secure coding practices from the start.
* Leading threat modelling exercises and developing mitigation strategies.
* Conducting security code reviews and offering guidance to ensure a secure-by-design approach.
* Ensuring products meet key regulatory standards (ISO 27001, NIST 800 series, JSPs, Def Stans).
* Authoring vital security documentation, including RMADS and Security Assurance Documents.
* Performing penetration testing and coordinating remediation efforts.
What You Bring:
* A solid understanding of security frameworks such as ISO 27001/2, ISO 31000, NIST 800-30/37/53.
* Hands-on experience with Defence Standards (JSPs, HMG, Def Stan 05-138/139).
* Strong knowledge of security testing tools and techniques.
* Excellent communication skills — able to explain complex risks and solutions clearly.
* A proactive, problem-solving mindset with a high level of personal integrity and professional ethics.
* Experience with NIST standards. (this is an absolute must)
You'll Succeed Here If You:
* Thrive on solving complex problems with innovative, practical solutions.
* Communicate clearly, confidently, and with empathy.
* Are driven by quality, detail, and delivering secure products that exceed customer expectations.
* Adapt well to pressure and enjoy working in fast-paced, multi-disciplinary environments.
This role reports directly to the Head of Product Security and offers an excellent opportunity to make a meaningful impact on critical technology projects. If you’re ready to play a pivotal role in shaping secure and resilient systems, we’d love to hear from you.