Product Security Engineer

Are you an experienced security professional with a strong background in Information Assurance, Security by Design, and project security risk? Do you want to work on genuinely complex, high-stakes products in an environment where your expertise will be valued and your career actively developed?
  
We''re working with a specialist, highly respected technology business to find a Product Security Engineer to join their team. This is a hybrid role with a minimum of 2 days per week on site — though the nature of the work means there will be weeks where full on-site presence is required.
  
This role is open to candidates ideally based in Surrey or secondary Dorset.
  
Important: This role requires SC Security Clearance. Applicants must be UK born, UK nationals.
  
What you''ll be doing:
  
? Undertaking project security risk analysis and ensuring security deliverables are developed and delivered in line with customer requirements
? Developing and implementing Product Security Policies aligned to SbD principles
? Chairing internal and external project security reviews and working groups
? Producing and delivering project documentation in line with Information Assurance frameworks
? Contributing manpower estimates to the bid process
? Working closely with engineering, product development and QA teams to embed security best practice throughout the product lifecycle
? Supporting the wider Supportability function as required
  
What we''re looking for — essential:
  
? Proven experience in project security planning and implementation (e.g. NIST 800 series)
? Experience delivering project documentation using Security by Design (SbD) principles
? Strong background in Information Assurance — RMADS, SbD documentation, CESG Good Practice Guides
? Experience in security risk assessment methodologies (e.g. NCSC)
? Able to work autonomously and adapt quickly to changing project demands
? Excellent communication, literacy, and MS Office skills
? SC cleared or eligible to obtain SC clearance
  
Nice to have:
  
? Risk Management or DevSecOps experience
? Knowledge of TEMPEST or Electromagnetic Compatibility
? Familiarity with Defence Security Standards (Def Stan 05-138, 05-139, JSP440, Security Policy Framework)
? Background in Defence, MoD, or serving military
  
What''s in it for you:
  
Up to 24 additional holiday days per year via paid overtime or TOIL
Private medical care — access to 50+ private clinics and hospitals nationwide
Christmas closedown — most staff off from 24th December to 2nd January
Competitive employer-matched pension scheme
Company tech provided — laptop, mobile and home office equipment
Salary sacrifice schemes — bikes, tech and more
Gym discounts (plus onsite gym)
Flexible core hours: 09:30–12:00 & 14:00–16:00
Committed investment in training, upskilling, and career development
Relocation package available
  
This is a rare opportunity to join a business offering genuine vertical and lifecycle exposure — you shape the direction of your own career here.