Product Security Engineer

CompanyInvestigo

LocationBirmingham, England, United Kingdom

Posted At1/22/2026

UK Visa Sponsorship Analytics

Analytics are greyed out due to low classification confidence (39.0%).

Occupation Type

Security system installers and repairers

Occupation Code Skill LevelMedium Skilled

Sponsorship Salary Threshold

£41,700 (£21.38 per hour)

Standard minimum applies

Above analytics are generated algorithmically based on job titles and may not always be the same as the company's job classification. You can also check detailed occupation eligibility, and salary criteria on our UK Visa Eligible Occupations & Salary Thresholds page.

Disclaimer: Hunt UK Visa Sponsors aggregates job listings from publicly available sources, such as search engines, to assist with your job hunting. We do not claim affiliation with Investigo. For the most up-to-date job details, please visit the official website by clicking "Apply Now."

Description

Product Security Engineer

York / Warrington / Birmingham | Hybrid (2 days a week in the office)

Salary - Flexible

Let’s be honest: most “application security” roles either sit too far from delivery… or turn into checkbox exercises.

This one doesn’t.

We’re looking for a Product Security Engineer who wants to be embedded with engineers, shaping how secure software is actually built - not just reviewing it after the fact.

You’ll sit within Cyber Security, but day-to-day you’ll be part of the Digital team, working shoulder-to-shoulder with developers, product managers, architects and DevOps engineers.

Your job? Make security the default, not the blocker.

The Role (In Plain English)

You’ll be the go-to person for application and product security across the full SDLC - from early design conversations through to production and beyond.

This is a hands-on role. You’ll threat model with teams, review designs, help fix vulnerabilities, improve pipelines, and continuously raise the bar for how secure our products are.

You won’t be throwing reports over the fence. You’ll be in the room when decisions are made.

What You’ll Be Doing:

Owning product & application security

Driving security across requirements, design, build, test, deploy and operate.
Defining secure coding standards and application security best practice.
Running threat modelling and security design reviews.
Identifying, prioritising and managing application security risk.
Supporting secure architecture decisions for cloud-native and SaaS solutions.

Enabling secure development (shift-left, properly)

Working directly with developers to embed security into their workflows.
Helping teams remediate vulnerabilities - hands-on, pragmatic, and fast.
Creating security patterns, reference architectures and reusable components.
Delivering clear, practical application security guidance and training.

Cloud & platform security (Azure)

Ensuring secure design and configuration of Azure-hosted applications.

Reviewing use of Azure services (App Services, Functions, Storage, Key Vault, Identity, etc.).

Supporting secure CI/CD pipelines and DevSecOps practices.

Helping define cloud security standards and guardrails.

You’ll need:

Experience as a Product Security Engineer, Application Security Engineer or similar.
A solid grasp of secure SDLC and DevSecOps.
Hands-on experience with SAST, DAST and SCA tools.
Strong knowledge of common vulnerabilities (OWASP Top 10).
Experience securing cloud-hosted applications (especially Azure).
Understanding of modern architectures: APIs, microservices, CI/CD.
The ability to explain security risk without scaring or confusing people.

Nice to have (not essential):

Salesforce security or integration experience.
Container security (Docker / Kubernetes).
Identity & access knowledge (OAuth2, OIDC, Azure AD).
Experience in regulated environments or frameworks like ISO 27001 or NIST.

If you’re a hands-on application security specialist who wants to make a real impact - not just write policies - this is one worth talking about.

Interested? Let’s have a conversation.