Product Security Engineer

Summary

Join Smarsh, a leading provider of digital communication risk management solutions, as a Product Security Engineer. You will play a key role in securing our software development lifecycle by integrating security practices, participating in threat modeling, and reviewing vulnerabilities. Collaborate with engineering teams to remediate security risks and enhance security tooling. Contribute to security documentation and guidance, and assist in penetration testing. This role requires strong collaboration and communication skills and a foundational knowledge of secure coding practices. The ideal candidate will have experience in security engineering, DevSecOps, or application security. Smarsh offers a competitive salary, benefits, and a collaborative work environment.

Requirements

• 4 years in security engineering, DevSecOps, application security, or related software engineering roles
• Strong foundational knowledge of secure coding and OWASP Top 10 risks
• Experience with at least one modern programming language (e.g., Python, Java, JavaScript, Go, or C#)
• Familiarity with cloud platforms (AWS, Azure, or GCP) and container technologies (Docker, Kubernetes)
• Exposure to security tooling such as SAST, SCA, or DAST scanners (e.g., Semgrep, Endor, Burp)
• Basic understanding of identity and access controls (OAuth, SAML, API tokens)
• Strong collaboration and communication skills, with a willingness to learn and grow

Responsibilities

• Secure SDLC Support : Assist in integrating security practices into the software development lifecycle, including design reviews and backlog grooming
• Threat Modelling : Participate in structured threat modelling exercises with guidance from senior team members
• Vulnerability Triage : Work with engineering teams to review findings from SAST, SCA, DAST, and container scans and track remediation progress
• Code & Config Review : Conduct basic secure code and configuration reviews, escalating high-risk findings as needed
• Security Tooling & Automation : Help maintain and enhance security scanning integrations in CI/CD pipelines
• Pen Testing Coordination : Assist in preparing for and triaging internal and third-party penetration tests
• Security Documentation & Guidance : Help develop security best practices, developer guidance, and response runbooks

Preferred Qualifications

• Experience working in Agile/Scrum teams or DevOps environments
• Familiarity with CI/CD tools like GitHub Actions or Jenkins
• Exposure to security frameworks (NIST, ISO 27001, SOC 2)
• Experience working in SaaS, multi-tenant cloud environments
• Knowledge of machine learning security (AI/ML model risks, LLM security best practices)
• Familiarity with attack surface management and threat intelligence
• Relevant certifications (e.g., Security+, SSCP, GSEC) are a plus but not required

Benefits

• Competitive salary along with company bonus
• Strong maternity and paternity scheme
• A workplace pension scheme
• Take what you need holiday package
• Private medical insurance
• Dental plan
• Group life assurance
• Group income protection
• Employee assistance programme
• A monthly wellness allowance
• Adoption assistance
• Stock options