Staff Product Security Engineer in Cambridge

Staff Product Security Engineer in Cambridge

Cambridge Full-Time 60000 - 80000 £ / year (est.) No working from home possible
Altium®

At a Glance

  • Tasks: Join us in securing our innovative cloud platform and protect against vulnerabilities.
  • Company: A365 Software Engineering, transforming electronics design with cutting-edge technology.
  • Benefits: Competitive salary, flexible work options, and opportunities for professional growth.
  • Other info: Collaborative environment with a focus on continuous learning and development.
  • Why this job: Make a real impact by ensuring the security of our platform and its users.
  • Qualifications: 5+ years in application security and strong hands-on experience required.

The predicted salary is between 60000 - 80000 £ per year.

Why A365 Software Engineering?

Build the cloud platform that’s transforming electronics design.

Altium 365 for cloud lets design engineers communicate, collaborate and bring their ideas to market more efficiently than any platform in the industry.

We are looking for a Senior Product Security Engineer to extend our Product Security capability with a strong focus on continuous vulnerability discovery and prevention.

This role is responsible for

  • Building and executing security regression testing
  • Driving threat modeling across existing and new functionality
  • Conducting targeted offensive security activities (Red Team–style testing)
  • Identifying real vulnerabilities based on a deep understanding of our platform and the OWASP Top 10 Web Application Security Risks

The goal is simple: ensure that both existing functionality and new changes remain secure over time, and that real vulnerabilities are discovered before customers do.

Key Responsibilities

  • Security Regression Testing
  • Design and maintain security regression test suites covering critical application flows
  • Ensure vulnerabilities, once fixed, are permanently prevented from recurring
  • Integrate security regression into CI/CD pipelines
  • Define coverage targets for security-critical areas (auth, access control, APIs, data flows)
  • Threat Modeling

• Lead structured threat modeling sessions for

  • Existing system components
  • New features and architectural changes
  • Identify attack surfaces, abuse cases, and trust boundaries

• Translate threats into

  • Test cases
  • Security requirements
  • Mitigation plans
  • Ensure threat modeling becomes a continuous lifecycle activity
  • Offensive Security / Red Team Activities
  • Perform manual and automated security testing simulating real attacker behavior
  • Focus on high-impact vulnerabilities, not theoretical findings
  • Validate exploitability and business impact

• Partner with engineering teams to

  • Reproduce issues
  • Prioritize fixes
  • Validate remediation
  • OWASP Top 10–Driven Vulnerability Discovery
  • Continuously assess the platform against OWASP Top 10 categories
  • Use deep product knowledge to find non-obvious, context-specific vulnerabilities
  • Go beyond tooling (DAST/SAST) to uncover logic flaws and abuse paths
  • Security Assurance for Product Changes
  • Review new features and changes for security risks

• Ensure all changes are

  • Threat-modeled
  • Covered by regression tests

• Act as a security gatekeeper without becoming a bottleneck

  • Enable teams with guidance and tooling
  • Avoid heavy process overhead

• Work closely with

  • Engineering teams
  • Architecture
  • SRE / Platform teams
  • Contribute to secure-by-design practices
  • Support developers in understanding and fixing vulnerabilities

• Help scale security through

  • Reusable patterns
  • Automation
  • Security guidance

Qualifications

  • Required Qualifications
  • 5+ years in Application / Product Security
  • Bachelor's Degree or equivalent of 12 years of work experience

• Strong hands-on experience in

  • Web application security testing
  • API security
  • Threat modeling methodologies
  • Deep understanding of OWASP Top 10

• Experience with

  • Manual penetration testing
  • Security regression testing
  • CI/CD security integration
  • Ability to identify business logic vulnerabilities

• Strong understanding of

  • Authentication, authorization, and session management
  • Multi-tenant architectures
  • Cloud-native systems
  • Preferred Qualifications
  • Experience in Saa S / multi-tenant platforms

• Familiarity with

  • Bug bounty programs
  • Red teaming
  • Security automation frameworks

• Knowledge of

  • AWS
  • Identity systems and federation (SSO, MFA)
  • Background in software engineering (ability to read/write code)
  • #J-18808-Ljbffr
Altium®

Contact Details:

Altium® Recruitment Team

We think you need these skills to ace Staff Product Security Engineer in Cambridge

Security Regression Testing
Threat Modeling
Offensive Security
Red Team Activities
OWASP Top 10
Web Application Security Testing
API Security