Product Security Engineer
Chester, England, United Kingdom
GBG
We offer a range of solutions that help organisations quickly validate and verify the identity and location of their customers.***Whilst primarilly remote this role will require some office attendance - at our London hub, or our Chester hub. Please only apply if you are able to attend either of these locations.***
About GBG
GBG is the leading expert in global digital identity. We combine our powerful technology, the most accurate data coverage, and our talented team to deliver award-winning location intelligence, identity verification, and fraud prevention solutions.
With over 30 years’ of experience, we bring together a team of over 1,250 dedicated experts with local industry insight from around the world to make it easy for businesses to identify and verify customers and locations, protecting everyone, everywhere from fraud.
Why you should be@GBG
- We make the world a safer place
- We trust each other and win together
- We are local experts in a global business
- We want you to be yourself
- We grow when you grow
The Team
GBG’s Information Security team of c30 team members, enable delivery of GBG’s business strategy by ensuring GBG is secure and trusted. The team provides four core capabilities:
- Governance, Risk and Compliance.
- Cyber Defence.
- Product Security.
- Security Architecture.
The Role
As a Product Security Engineer, you will be responsible for working closely with various business units to design, architect, and implement robust security controls for our products. Your expertise will be crucial in guiding risk decisions and ensuring the appropriate balance between security measures and the business's appetite for risk. In this role, you will collaborate with cross-functional teams to foster a secure development lifecycle and enhance the overall security posture of our products.
What you will do
- Collaborate with business units and development teams to design and implement effective security controls for products throughout their lifecycle.
- Conduct security assessments and threat modelling exercises to identify potential risks and vulnerabilities in our products.
- Guide and advise business units on risk decisions, considering the business's risk appetite and regulatory requirements.
- Develop and maintain product security guidelines, standards, and best practices.
- Participate in the design and implementation of secure development practices, including secure coding standards and processes.
- Work closely with development teams to ensure that security requirements are appropriately addressed during the software development lifecycle.
- Conduct security reviews of product architecture and design, identifying and addressing security gaps.
- Perform security testing and code reviews to identify and remediate security vulnerabilities.
- Collaborate with incident response teams to investigate and respond to security incidents related to products.
- Stay updated with the latest security threats, vulnerabilities, and industry best practices, and proactively propose security enhancements.
Requirements
What We're Looking For
- Extensive commercial experience in product facing security engineering or a similar role.
- Strong understanding of software security principles, secure coding practices, modern development technologies and common security vulnerabilities.
- Experience with threat modelling, security assessments, and risk analysis.
- Knowledge of industry standards and frameworks such as CIS Top 18, OWASP, NIST, and ISO 27001.
- Familiarity with secure development lifecycle methodologies.
- Proficiency in security testing tools and techniques.
- Excellent communication skills to effectively collaborate with cross-functional teams and communicate complex security concepts to technical and non-technical stakeholders.
- Relevant certifications such as cloud native paths, GIAC, or alternative are a plus.
Behaviours we'd like to see
Benefits
To find out more
We have a vision to have the best and most engaged team members in the industry. People matter at GBG, they make us who we are. Every team member across all our locations makes a difference, everyone has something to contribute. Maybe you too could make a difference.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Cloud Compliance GIAC Governance Incident response ISO 27001 NIST OWASP Product security Risk analysis SDLC Security assessment Strategy Vulnerabilities
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Security Specialist jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs