The role

As a Product Security Engineer at, you will play a critical role in enhancing the security of the company's platforms and components by developing and maintaining security libraries and internal tools. Your primary responsibility will be to ensure that engineering teams have access to robust security solutions to protect against threats such as SQLi, XSS and other common vulnerabilities. You will collaborate closely with cross-functional teams, including architects and engineering teams, to integrate secure solutions into the development process and improve the overall security posture of the platform. Additionally, you will be responsible for building and maintaining essential security tools like our own implementation of the Nuclei Scanner and or own developed Secret detection tool, as well as contributing to cutting-edge detection capabilities, such as credential stuffing prevention.

Responsibilities

• Security Library Development:
  • Build and maintain security libraries for engineering teams to integrate within the platform and components.
  • Develop solutions for vulnerabilities like: Cross-site scripting (XSS), framework for strict Content Security Policy (CSP), HTTP Smuggling prevention, traffic validation and other over-arching vulnerabilities
• Tool Development & Maintenance:
  • Improve and maintain internally built security tools
  • Lead the development of new tools and enhancements, ensuring they meet current and future security needs.
• Collaborate with Engineering Teams:
  • Work directly with engineering teams across verticals to implement secure coding practices and ensure secure application development.
  • Partner with architects to design and deliver secure solutions that align with the platform's architecture and requirements.
• Cross-team Collaboration:
  • Work across the entire Cyber Security team, with a primary focus on Product Security, to contribute to broader security initiatives.
• Continuous Improvement:
  • Identify and address security gaps in the platform, continuously improving internal security tools and libraries.
  • Stay updated with the latest security vulnerabilities, threats, and mitigation techniques, applying this knowledge to internal solutions.

• Ensure that you adhere to the Governance, Risk & Compliance (GRC) obligations for your role.
• Identify and raise any non-compliance incidents promptly to your line manager.
• Challenge processes, policies and projects that will negatively impact compliance within the Group.
• Complete all mandatory compliance training assigned to you.
• Reach out to the Compliance Teams if unsure of any of your compliance obligations or the requirements are unclear.

Requirements

• Experience:
  • 3+ years of experience in a Product Security, Application Security, or similar role.
  • Strong experience developing security libraries or solutions for application platforms.
• Technical Skills:
  • Expertise in development languages such as Java.
  • Expertise in scripting languages such as Python, JavaScript.
  • Solid understanding of web application security and modern web security patterns including CSRF, CSP and input validation.
  • Familiarity with common web vulnerabilities and exploitation techniques.
  • Familiarity with GenAI
• Collaboration & Communication:
  • Proven ability to work effectively with engineering teams and architects to deliver secure solutions.
  • Excellent verbal and written communication skills in English, with the ability to explain technical concepts to both technical and non-technical stakeholders.
• Strategic Vision:
  • Ability to identify security gaps and drive initiatives to improve platform security.
  • Strong problem-solving skills and the ability to innovate in the security space.

#LI-PA1