Security Engineer - Product Security

Join Us at CommercetoolsAt commercetools, we believe that true innovation is built on a solid foundation. Our team embodies a unique blend of builders, explorers, and problem-solvers who are reshaping the future of commerce. We are not just pioneers in flexible commerce architecture, but also champions of a culture of experimentation that drives our industry forward. Together, we empower ambitious businesses to thrive in a rapidly changing landscape through AI-driven solutions and seamless integration of digital and physical shopping experiences.Your Role and ImpactAs the Principal Engineer for Product Security, you will be instrumental in addressing complex technical challenges that arise within our innovative product lines. Your expertise will enable our engineering teams to 'shift left', fostering secure service development across a multi-cloud infrastructure. Join us and make a significant impact on the future of commerce!

ABOUT AvolutionJoin Avolution, a prestigious global leader in Enterprise Architecture Software with over 20 years of experience. Our established presence spans across London, Sydney, Northern Virginia, and Singapore, and we are recognized in the Gartner Magic Quadrant as an industry frontrunner. Become part of our intelligent, friendly team, where your skills and initiative will drive our growth while enjoying a culture rated as collegial, collaborative, flexible, and supportive by our employees.Key ResponsibilitiesCloud & Infrastructure SecurityDesign, manage, and enhance security configurations across Azure and AWS environments, ensuring seamless integration with Office 365.Implement and enforce industry best practices for identity and access management (IAM) in Azure AD (Entra ID) and AWS IAM.Monitor cloud workloads for vulnerabilities, misconfigurations, and threats utilizing tools such as Microsoft Defender.Collaborate with DevOps/Engineering teams to embed security controls into CI/CD pipelines, advocating for DevSecOps principles.Conduct thorough security assessments, including aiding in penetration testing and risk evaluations to identify and mitigate potential vulnerabilities.Endpoint & Identity SecurityEnhance device posture, compliance, and management utilizing Microsoft Intune and Defender for Endpoint.Develop and maintain solid conditional access, multi-factor authentication (MFA), and endpoint protection policies.Oversee secure identity lifecycle processes, enforcing least-privilege access and zero-trust principles.Security OperationsRespond promptly to security alerts, incidents, and vulnerabilities with thorough investigations and remediation actions.Perform regular risk assessments, security reviews, and internal audits.Manage and optimize security tools, including SIEM, EDR, vulnerability scanners, and the Microsoft Defender suite.Lead incident response efforts and coordinate with cross-functional teams.Compliance & GovernanceSupport ISO 27001:2022 recertification and ongoing compliance activities, including internal audits.Prepare for and assist in obtaining additional compliance certifications (e.g., SOC 2, GDPR) to facilitate company growth.Develop, maintain, and enhance security policies, procedures, and technical documentation.Track, report on, and address audit findings or compliance gaps.Collaboration & CulturePartner with globally distributed teams across EMEA, AMER, and APAC regions.Educate internal teams on security best practices and cultivate a security-first culture through training and awareness initiatives.

Lead Principal Security EngineerLocation: London (Hybrid) | Practice Area: Technology & Engineering | Type: PermanentShape the future of digital finance by spearheading cutting-edge cybersecurity initiativesThe RoleAs a Lead Principal Security Engineer at Capco, you will spearhead the design, implementation, and integration of comprehensive security frameworks across both cloud and on-premise environments. Your primary responsibility will be to collaborate with engineering and client teams to integrate security best practices throughout the Software Development Life Cycle (SDLC), while enhancing our capabilities in vulnerability management, compliance, and secure architecture.What You’ll DoLead enterprise-wide security initiatives utilizing SAST, DAST, SCA, and container scanning tools such as CheckmarxOne and Prisma Cloud.Design and implement secure cloud infrastructures, endpoint protection measures, and data encryption strategies.Champion secure-by-design principles and integrate security tools into CI/CD pipelines.Conduct comprehensive security audits, vulnerability assessments, and threat analyses across all systems.Mentor engineering teams on secure development practices and help build Capco’s internal security knowledge repository.What We’re Looking ForExtensive experience in application and cloud security across AWS, Azure, or GCP.Proven proficiency in integrating SAST, DAST, SCA, and container scanning solutions.In-depth knowledge of data protection methodologies, including encryption and data masking techniques.Familiarity with industry standards and frameworks such as ISO 27001, NIST, and OWASP.Programming skills in languages such as Python, Java, or Go.Bonus Points ForRelevant certifications, including CISSP, CSSLP, or cloud-specific security credentials.Experience in mentoring security engineers or contributing to RFPs and thought leadership initiatives.Exposure to secure DevOps (DevSecOps) practices and compliance frameworks.Experience with tools like Prisma Cloud, CheckmarxOne, or their equivalents.Exceptional stakeholder engagement and communication skills.

Trainline is a major player in European rail travel, connecting millions of customers with ticket options from hundreds of carriers. With a presence in over 40 countries and a team representing more than 50 nationalities, the company focuses on making travel simpler and more sustainable. The London office is one of several across Europe supporting this mission. The security team at Trainline works at the intersection of technology and safety, partnering with Cloud Engineering, SRE, and Platform Engineering. Their work helps protect digital channels that process billions in ticket sales, adapting to new threats and integrating emerging technologies to keep systems secure. Role overview The Junior Product Security Engineer role centers on supporting security throughout the product development lifecycle. This position is well suited to someone early in their security career who wants to apply security concepts in a cloud-native environment. The role involves hands-on work with vulnerability management and collaboration with product teams to strengthen security practices. What you will do Assist with embedding security into each stage of product development Support vulnerability management processes Work alongside experienced security engineers and cross-functional teams Help improve security practices for digital products Location This position is based in London.

Methods is a leading IT Services Consultancy with a revenue exceeding £100M, dedicated to transforming the public sector in the UK. With over 30 years of experience, we partner with various central government departments and agencies to enhance operational efficiency and effectiveness.Our unique approach combines technology, data, and a human touch, which distinguishes us from other consultancies, system integrators, and software houses. We are committed to delivering sustainable and impactful solutions for our clients, staff, communities, and the environment.At Methods, we cultivate a collaborative atmosphere that fosters skill-sharing and problem-solving while enjoying our work. We embrace challenges, learn from our experiences, and strive for excellence.While primarily serving the public sector, we are actively expanding our portfolio to include significant private sector clients. Methods became part of the Alten Group in early 2022.Role Overview: As a prominent digital transformation consultancy, Methods collaborates with public and private organizations to provide innovative and secure solutions. Our focus on governance, risk, and compliance (GRC) empowers businesses to navigate intricate security landscapes while maintaining regulatory and operational resilience.We are currently looking for a Principal Cyber Security Risk & Audit Consultant to join our dynamic team. This position is perfect for a professional with extensive expertise in cyber security, risk management, and internal audit. Candidates should possess experience in both public and private sectors, ideally with a background in management consultancy. Strong leadership and team-building skills are highly preferred.

Galaxy Digital Services seeks a Vice President, Senior Product Security Engineer for its London office. This role focuses on strengthening the security of microservices and cloud applications across a range of digital asset and trading platforms. The position reports to the Director of Product Security. Role overview The Senior Product Security Engineer will assess complex trading systems and blockchain architectures. Responsibilities include identifying vulnerabilities, recommending or implementing remediations, and ensuring security best practices are integrated throughout product and software engineering processes. Collaboration with Engineering, Product, and Infrastructure teams is central to this role, supporting secure software delivery as the company expands. What you will do Evaluate the security of microservices and cloud-based applications Conduct assessments of trading systems and blockchain architectures Facilitate or implement remediation efforts to address identified risks Work closely with cross-functional teams to deliver secure products Requirements Expertise in securing microservices and cloud applications Strong understanding of product and software engineering processes Experience with trading systems and blockchain security Ability to collaborate effectively with technical and product teams Our core values Pursue excellence Be selective to achieve effectiveness Maintain high alignment with loose coupling Encourage transparent disagreement Foster independent decision-making Assemble dream teams

The RoleWe are seeking a Principal Product Manager to take the lead on our Payment Screening product within the Risk Applications team. This senior individual contributor position entails significant commercial accountability; you will be responsible for driving business outcomes in your domain, focusing not just on delivery but on overall success.Payment screening serves as a critical compliance mechanism, necessitating that financial institutions and other entities screen payments for regulatory and compliance risks in real-time prior to processing. The landscape is well-established, with a mature market and clear requirements. ComplyAdvantage has a loyal customer base for screening and has recently unveiled a new version of its payment screening product, built on our robust, scalable, and AI-driven Mesh platform. As the Principal Product Manager, you will likely engage with this latest offering as it launches, addressing the strong demand for enhanced features from our commercial teams and managing the transition for customers currently utilizing the legacy platform.This position focuses on growth and scalability rather than developing a product from scratch. A modern and sophisticated version of the product is already available, and your role will involve determining the next steps: identifying features that unlock maximum commercial value, overseeing the migration of existing customers to the new platform, and ensuring the product remains competitive against established players while addressing immediate field needs. If you have experience evolving a product through rapid iterations to achieve a competitive market position, this role will resonate with you.You will collaborate within a dedicated squad alongside an engineering manager and technical engineers. As the Principal Product Manager, you will lead product decisions within the team, owning customer requirements, competitive insights, and commercial rationale. Your engineering counterpart will manage architecture, sizing, and implementation, working alongside you as peers, but you will set the product specifications within Risk Applications.Operating within a structured product operating model with clear decision-making authority, you will translate your product area into actionable plans with measurable outcomes. Each squad represents a significant engineering investment, and you are expected to weigh your product decisions in terms of investment versus expected commercial returns. If you have previously worked in organizations where product management is methodical and accountable, this environment will feel familiar. However, if you seek a role with complete strategic autonomy and no governance framework, this position may not be the right fit for you.What You Will DoOwn the payment screening product area with a General Manager mindset.

The RoleJoin us as a Principal Product Manager for our Transaction Fraud product area within the Risk Applications tribe. This is a pivotal individual contributor role where you will have significant commercial accountability, overseeing business outcomes in your domain, not merely focusing on delivery.You will collaborate within a dedicated squad alongside an engineering manager and engineers. As the PPM, you will be the senior partner in product decisions, owning customer requirements, competitive context, and commercial logic. Your engineering counterpart will manage architecture, sizing, and implementation. In Risk Apps, the PPM is responsible for setting the product specification.Transaction Fraud is a new initiative for ComplyAdvantage, strategically positioned at the intersection of our compliance intelligence capabilities—such as the intelligence graph, entity resolution, sanctions, and adverse media data—and real-time transaction decision-making. Your mission is to leverage this unique advantage to develop a product that stands out in the market.Operating within a structured product operating model with clear decision rights, you will translate the product vision set by the CPTO and the tribe-level roadmap established by the Product Director into actionable plans with measurable returns. Each squad represents a substantial investment, and you are expected to make informed product decisions that weigh the required investment against the commercial returns of specific product choices. If you have experience in organizations where product management is both disciplined and commercially accountable, you will thrive in this environment. If you seek a role with complete strategic autonomy and no governance framework, this position may not be suitable for you.What You Will DoOwn fraud as a product area with a GM mindset. Understand the competitive landscape, know the buyer, and be accountable for the product's commercial success. Frame decisions based on return on investment rather than just feature lists.Build for a specific market. Transaction fraud in financial institutions is distinct from generic fraud prevention. You must comprehend the relationship between transaction monitoring (regulatory obligation) and fraud detection (financial loss prevention), real-time decisioning requirements, the regulatory landscape (PSD2 SCA, APP fraud liability, UK reimbursement rules), and how our existing data assets provide differentiation. We require deep domain expertise, not generalists learning fraud on the job.Engage directly with customers and prospects. You will be the product voice in fraud discussions with customers...

At Pipedrive, we understand that exceptional products stem from exceptional people. Our team embodies our company values, which guide our hiring process. Since our inception in 2010, we have been dedicated to equipping sales and marketing teams with intuitive, powerful tools that streamline their daily operations. Currently, our cloud-based software is trusted by more than 100,000 companies across 179 countries. Having evolved from a five-person startup to an expansive international organization of over 850 professionals representing over 50 nationalities, we proudly operate from ten offices spanning Europe and the US. In 2020, we became the fifth unicorn from Estonia following a significant investment from Vista Equity Partners, a leading global investment firm focused on enterprise software and technology-enabled businesses.We are on the lookout for a Principal Product Manager to take charge of our Agentic AI experiences and the foundational AI platform capabilities that support them. In this individual contributor role, you will define how Agentic AI creates value for our customers within the Pipedrive CRM ecosystem, designing experiences that prioritize safety, reliability, and scalability. You will also play a key role in developing and enhancing shared platform capabilities that enable product teams to consistently deliver AI-powered experiences at scale.This role encompasses both customer-facing Agentic AI functionalities and the internal AI platform infrastructure. You will work at a systems level, collaborating closely with engineering, applied AI and machine learning, design, security, and product teams to ensure our Agentic AI delivers significant customer value while maintaining technical integrity and operational scalability.Reporting directly to the VP of Product, this high-impact position is perfect for a seasoned product leader who merges strong product vision and customer-centricity with an in-depth understanding of AI systems and complex platforms.

Join The Economist Group as a Principal Product Manager for our AI Platform, where you will lead innovative projects that shape the future of artificial intelligence in our products. In this pivotal role, you will collaborate with multidisciplinary teams to drive product strategy, enhance user experiences, and ensure the delivery of cutting-edge AI solutions. Your leadership will be key in aligning product vision with market demands, optimizing product performance, and driving continuous improvement.

Role Overview NBCUniversal is hiring a Production & Event Security Manager based in London. This position oversees security operations for a range of productions and events, focusing on the safety of both personnel and guests. What You Will Do Develop and implement security protocols for productions and events Coordinate with local law enforcement and external partners Lead and manage a team of security professionals Allocate and oversee security resources Ensure compliance with all relevant safety regulations

Join our dynamic team at AFRY as a Principal Civil Engineer, where you will lead innovative projects and drive engineering excellence in the heart of London. We are looking for a talented professional who can demonstrate exceptional technical skills and a commitment to sustainability and infrastructure development.

Join Ramboll as a Principal Electrical Engineer in our London office, where you'll lead innovative projects and collaborate with a talented team of engineers. This role offers an exciting opportunity to shape the future of electrical engineering in a dynamic environment.

Join Our Team as a Principal Geotechnical EngineerWe offer a competitive salary based on experience and qualifications, reaching up to £60,000 per annum, in addition to a comprehensive benefits package.Location: South East LondonOur esteemed consultancy firm is on the lookout for a Principal Geotechnical Engineer to bolster our Geotechnical National Service line at our London office. We seek individuals who are ideally Civil Engineers with a minimum of 4 years' experience. You will be stepping into a highly respected professional team known for its commitment to quality, technical expertise, and the delivery of commercially viable solutions for our clients.As the Principal Geotechnical Engineer, you will focus on ground movement analysis and collaborate closely with structural engineers on a portfolio of significant developments in London and across the nation. You will be responsible for delivering integrated ground investigations, preparing interpretative reports, and providing geotechnical design advice for a diverse array of projects, including tall towers, deep basements, retaining walls, ground improvement, and earthworks by leveraging both national and local resources. Your role will also involve sharing technical support across the business, enhancing the resilience and strength of our national virtual team.

Join AECOM as a Principal RAMS Engineer, where you will play a crucial role in ensuring the reliability, availability, maintainability, and safety of our engineering projects. You will be responsible for leading RAMS assessments, implementing innovative methodologies, and collaborating with multidisciplinary teams to deliver exceptional results.

Mintel Group Ltd. is hiring a Principal Product Manager to help define the future of global consumer insights. This London-based position sits within the Product leadership team and plays a central part in Mintel’s next phase of innovation and growth. Role Overview The Principal Product Manager will set direction at a strategic level, shaping product vision and aligning teams across the business. This role focuses on the One Mintel AI Platform Proposition & Roadmap, influencing how Mintel delivers insight to clients worldwide. Key Responsibilities Lead cross-functional strategic initiatives across the product portfolio. Drive lean, data-driven product development that delivers measurable ROI.

Join the forefront of cloud networking and security!Cato Networks is revolutionizing enterprise networking and security by delivering a unified global service through the cloud. Under the leadership of industry trailblazer Shlomo Kramer, founder of Check Point and Imperva, Cato has pioneered a groundbreaking product category recognized by Gartner as 'SASE', projected to reach a market value of $28.5 billion by 2028.Seize this opportunity to be part of a dynamic team at Cato Networks as we build an advanced enterprise network and secure cloud platform, positioning ourselves as the global market leader. Don't miss out on this chance!At Cato Networks, we are fundamentally transforming the network into a secured cloud service, and we are in search of a stellar Product Manager to play a pivotal role in shaping the future of our security offerings. As a Product Manager, you will be an integral part of a team focused on driving product strategy, defining features and requirements, and spearheading the launch of innovative security capabilities.

Join our dynamic team at Pace Consulting as a Product Security Specialist, focusing on the critical field of cyber security for medical devices. In this role, you will be responsible for ensuring the security and integrity of medical products throughout their lifecycle. This position demands a proactive approach to identifying vulnerabilities and implementing effective solutions to safeguard sensitive patient data and comply with regulatory standards.

Abound is changing how consumer lending works in the UK and beyond. By combining advanced AI with Open Banking data, the company looks at a person’s complete financial situation, not just a credit score, to make lending decisions that are fairer and more accurate. Since launch, Abound has issued over £1.3bn in loans, with a credit performance that outpaces industry averages. The company became profitable within 2.5 years and has backing from major investors, including Citi and Deutsche Bank. With over £2bn in funding, Abound is recognized as one of Europe’s fastest-growing fintechs. Role overview This Senior Security Engineer position is based in London and sits within the Platform team. The role blends DevSecOps responsibilities, serving as a bridge between product engineering and Corporate IT. As a hands-on contributor, the Senior Security Engineer critically reviews security architecture across both production and internal IT environments. During the first 6 to 12 months, the focus will be on designing and implementing next-generation cloud security architecture in AWS and GCP. The role also involves building and maturing internal SOC capabilities, particularly around detection and response. What you will do Manage Microsoft Sentinel to strengthen SIEM/SOAR capabilities Automate RBAC for identity and access management across AWS, Microsoft Entra, and internal systems Embed security controls into GitLab CI/CD pipelines, including scanning, infrastructure-as-code reviews, and automated policy enforcement Support a shift-left approach by integrating security throughout the software development lifecycle Technology stack Cloud & Compute: AWS, ECS Fargate, Aurora, Lambda, GCP Data Lake: S3, DMS, Glue Security & Identity: Microsoft Defender (XDR), Microsoft Sentinel (SIEM/SOAR), Defender for Cloud (CSPM), Microsoft 365, Entra, Intune Cloud Security Tooling: GuardDuty, Security Hub, Inspector, Security Command Center Code & Infrastructure: Terraform, GitLab CI/CD