York / Warrington / Birmingham | Hybrid (2 days a week in the office)
Salary - Flexible
Let’s be honest: most “application security” roles either sit too far from delivery… or turn into checkbox exercises.
This one doesn’t.
We’re looking for a Product Security Engineer for one of our clients who wants to be embedded with engineers, shaping how secure software is actually built - not just reviewing it after the fact.
You’ll sit within Cyber Security, but day-to-day you’ll be part of the Digital team, working shoulder-to-shoulder with developers, product managers, architects and DevOps engineers.
Your job? Make security the default, not the blocker.
The Role (In Plain English)
You’ll be the go-to person for application and product security across the full SDLC - from early design conversations through to production and beyond.
This is a hands-on role. You’ll threat model with teams, review designs, help fix vulnerabilities, improve pipelines, and continuously raise the bar for how secure our products are.
You won’t be throwing reports over the fence. You’ll be in the room when decisions are made.
What You’ll Be Doing:
Owning product & application security
- Driving security across requirements, design, build, test, deploy and operate.
- Defining secure coding standards and application security best practice.
- Running threat modelling and security design reviews.
- Identifying, prioritising and managing application security risk.
- Supporting secure architecture decisions for cloud-native and SaaS solutions.
- Working directly with developers to embed security into their workflows.
- Helping teams remediate vulnerabilities - hands-on, pragmatic, and fast.
- Creating security patterns, reference architectures and reusable components.
- Delivering clear, practical application security guidance and training.
- Ensuring secure design and configuration of Azure-hosted applications.
- Reviewing use of Azure services (App Services, Functions, Storage, Key Vault, Identity, etc.).
- Supporting secure CI/CD pipelines and DevSecOps practices.
- Helping define cloud security standards and guardrails.
- Experience as a Product Security Engineer, Application Security Engineer or similar.
- A solid grasp of secure SDLC and DevSecOps.
- Hands-on experience with SAST, DAST and SCA tools.
- Strong knowledge of common vulnerabilities (OWASP Top 10).
- Experience securing cloud-hosted applications (especially Azure).
- Understanding of modern architectures: APIs, microservices, CI/CD.
- The ability to explain security risk without scaring or confusing people.
- Salesforce security or integration experience.
- Container security (Docker / Kubernetes).
- Identity & access knowledge (OAuth2, OIDC, Azure AD).
- Experience in regulated environments or frameworks like ISO 27001 or NIST.
Interested? Let’s have a conversation.
At Investigo, we make recruitment feel easy.
Let’s keep this simple. We’re all about your success, as your success is our business. We are part of The IN Group, a collection of six award-winning specialist brands that supply the globe with end-to-end talent solutions. With recruitment at the core of our business, we’ve been connecting people since 2003.
Data & Privacy
By applying, you consent to Investigo collecting and processing your data for the purpose of recruitment and placement, in accordance with applicable data protection laws. For more information, please refer to our Privacy Notice at weareinvestigo.com.
