Product Security Engineer in Cambridge

Product Security Engineer in Cambridge

Cambridge Full-Time 60000 - 75000 £ / year (est.) No working from home possible
Limelight Health

At a Glance

  • Tasks: Secure software development across teams, ensuring robust application security practices.
  • Company: Join Redgate, a leader in innovative database management solutions.
  • Benefits: Enjoy competitive salary, health coverage, flexible work, and generous time off.
  • Other info: Be part of a diverse team that values inclusion and personal growth.
  • Why this job: Make a real impact on software security while collaborating with talented teams.
  • Qualifications: Experience in application security and knowledge of SAST/DAST processes required.

The predicted salary is between 60000 - 75000 £ per year.

Redgate creates ingeniously simple software to help data professionals get the most value out of any database.

Our solutions solve complex database management challenges across the Dev Ops lifecycle, making life easier for IT leaders, development, and operations teams by increasing efficiency, reducing errors, and protecting business‑critical data.

The data community trusts Redgate to balance speed to market, team collaboration, and data protection.

The Role

As a Product Security Engineer, you’ll embed security into the software development lifecycle across multiple product teams.

You’ll help teams build, ship, and operate secure software by defining requirements, improving detection and prevention (SAST/DAST), assisting teams with application security governance, and running threat modelling.

  • Your Work at Redgate
  • Partner with engineering and product teams to define and operationalise security requirements across the SDLC (from design to release).
  • Audit application code for weaknesses and vulnerabilities.
  • Own or co‑own application security governance practices: secure‑by‑default standards, patterns, guardrails, and exceptions/risk acceptance.
  • Drive SAST/DAST adoption and quality: tool tuning, triage workflows, severity calibration, and “fix‑forward” enablement.
  • Support adoption of threat modelling for new features, architectural changes, and high‑risk services—turning findings into actionable engineering work.
  • Provide product security guidance for cloud‑native environments (AWS + containerised workloads), with an emphasis on secure service design and deployment practices.
  • Build strong relationships with product teams through clear communication, coaching, and security enablement.
  • Review and assist in the development of engineering policies aligned with security best practices.
  • Contribute secure shared libraries/paved‑road components or perform targeted security testing/pentesting to validate controls.
  • Work with product teams to support implementation of AI, including LLMs, SLMs, and MCP.

What you bring to the table

  • Hands‑on product/application security experience supporting engineering teams in a modern SDLC (requirements, design review, secure coding guidance, release support).
  • Strong knowledge of the OWASP Top 10 and practical mitigation patterns; familiarity with OWASP ASVS is a plus.
  • Experience implementing or improving SAST/DAST processes: tool selection/tuning, signal‑to‑noise reduction, and scalable remediation workflows.
  • Working understanding of cloud and container security fundamentals in an environment using AWS and Docker (and related CI/CD practices).
  • Comfort working across a primarily C# ecosystem (with some Java/Python), including the ability to review code and explain security issues clearly to developers.
  • Ability to translate security risk into actionable engineering priorities—balancing risk, delivery timelines, and operational realities.

Who you are

  • You’re pragmatic: you care about real risk reduction, not checkbox compliance or perfect theoretical security.
  • You communicate clearly and respectfully, able to influence without authority and build trust across multiple product teams.
  • You’re structured and evidence‑driven: you document decisions, measure outcomes, and iterate based on what’s working.
  • You’re comfortable in ambiguity and can shape an approach when requirements, tooling, or ownership aren’t fully defined yet.
  • Salary
  • £60,000 to £75,000 subject to experience.
  • Tech / tool stack
  • C# / . NET (primary engineering ecosystem), React
  • Java (J2EE), Type Script, and Python
  • AWS (cloud infrastructure and services), Docker (containerised workloads)
  • SAST/DAST tooling (specific products may vary; you’ll help tune and operationalise them)
  • Impact plan
  • 30 Days
  • Onboard into Redgate’s products, SDLC, and delivery rhythms (how work moves from idea → code → deploy).
  • Get access to core systems and security tooling; understand what’s in place today (SAST/DAST coverage, alert volumes, current processes).
  • Shadow the Product Security Architect and sit in on a handful of ceremonies (planning/refinement/retro) to understand team dynamics and where security naturally fits.
  • Triage a small set of findings with guidance (e. g., top recurring SAST issues), focusing on learning severity expectations and remediation patterns.
  • Start building a knowledge base: common app patterns, approved controls, “how we do security here,” and where to find the right people.
  • 60 Days
  • Begin owning a defined slice of App Sec work with supervision (e. g., one product area or a specific SDLC initiative like SAST tuning or DAST onboarding).
  • Build working relationships with a small set of partner teams and establish a predictable engagement model (intake path, review checklist).
  • Start contributing to security reviews for new features or higher‑risk changes—initially as a second set of eyes, then independently for scoped areas.
  • Help improve signal‑to‑noise in SAST/DAST: tune rules, reduce duplicates, and document triage guidance that developers can follow.
  • Support lightweight threat modelling sessions alongside the Architect (prep, note‑taking, translating outcomes into engineering actions).
  • 90 Days
  • Independently handle routine App Sec support for agreed scope (e. g., first‑pass triage, basic secure design guidance, follow‑ups with teams), escalating appropriately.
  • Deliver tangible process improvements that reduce friction (e. g., clearer severity rubric, a repeatable intake template, a “common findings” fix guide).
  • Demonstrate steady throughput on findings: consistent triage quality, meaningful developer support, and reduced turnaround time for the scoped area.
  • Contribute to a secure‑by‑default library/SDK.

Why join us?

At Redgate, we believe supporting and empowering our people is key to our success.

We create an environment where you can thrive in your career and enjoy every moment of your journey with us.

Benefits include competitive salary, comprehensive health coverage, monthly wellbeing allowance, flexible working arrangements, generous paid time off, employee assistance program, community and social events.

Solve self‑employment questions on our benefits page, or see what our employees said on our Flexa page!

Our diversity, equity, inclusion & belonging commitments

We believe diverse teams are better at solving problems and fostering a creative culture. We aim to offer a workplace where everyone feels a sense of belonging and can thrive.

  • Recruitment & retention: hiring and retaining diverse talent.
  • Authenticity & belonging: promoting inclusive language and behaviours.
  • Growth: supporting personal and professional development.

We support DEIB through our inclusion forum (Belong at Redgate) and regular DEIB events.

Redgate is an equal opportunity employer, welcoming applications from all backgrounds.

If you need accommodation, please let us know via our application process or email

We do not discriminate based on race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

#J-18808-Ljbffr

Limelight Health

Contact Details:

Limelight Health Recruitment Team

We think you need these skills to ace Product Security Engineer in Cambridge

Product/Application Security
Software Development Lifecycle (SDLC)
SAST/DAST Processes
OWASP Top 10
Cloud Security Fundamentals
Container Security (Docker)
C# Programming