Product Security Engineer in Manchester

Product Security Engineer in Manchester

Manchester Full-Time 60000 - 80000 £ / year (est.) No working from home possible
M

At a Glance

  • Tasks: Engineer robust security solutions to protect financial data and systems from real-world threats.
  • Company: Join a fast-growing tech company focused on communications compliance and security.
  • Benefits: Competitive salary, flexible work options, and opportunities for professional growth.
  • Other info: Collaborative culture where your contributions directly influence product security.
  • Why this job: Make a tangible impact by defending against sophisticated cyber threats in a dynamic environment.
  • Qualifications: Experience in software development with a focus on security and threat modelling.

The predicted salary is between 60000 - 80000 £ per year.

The hardest security problems we face aren't policy problems. They're engineering problems. Supply-chain operators, prompt-injection campaigns, and financially-motivated attackers who turn a compromised dependency into production access are challenges that require engineering solutions.

A Product Security Engineer is a software engineer whose specialism is making those attack paths hard, expensive, or impossible. They write production code, build detections that catch real attacks, and harden the systems other engineers depend on. They reason about specific adversaries with specific failure modes, not abstract categories.

We're hiring someone to defend the regulated communications record of thousands of financial firms. The data is a real target, and the work is engineering work.

What you'll do

MirrorWeb is a communications compliance supervision platform. We process hundreds of millions of events a month for thousands of financial-services firms worldwide. Customers trust us with their regulated record, which is a high-value target by any threat model. You'll work across the platform: web capture, large-scale data pipelines, archiving, the customer-facing product, and the developer infrastructure all of it ships on.

  • Engineer defence into the product: Multi-tenant isolation that holds up to a determined insider, encryption and key management you'd trust on your own data, IAM modelled as code, reviewed like code, with privilege-escalation paths analysed before they ship, application-layer hardening on the surfaces customers actually use, and security as a property of how the product is built, not a layer on top.
  • Defend the supply chain: Engineer the systems that make our supply chain defensible: provenance and integrity for what we build, dependency trust as a real control rather than a manifest scan, build-pipeline isolation, and third-party risk as runtime telemetry.
  • Detect, respond, contain: Runtime detection that catches what actually happens, incident response codified as automation, and forensics tooling that works on our stack.
  • Secure the agentic development surface: Own the security layer of our agent platform, including sandbox boundaries, scoped credentials, and secure-by-default code-generation patterns.
  • Lead the security craft inside engineering: Embed inside the engineering team, pair with platform and product engineers, and raise the bar through the tooling and patterns you ship.

What we're looking for

Essential:

  • Several years writing production software on AWS with a track record of defence systems you've shipped.
  • Adversarial instincts and hands-on experience using AI coding agents in production development workflows.
  • A clear model for how agent harnesses work and where they break.
  • Threat-modelling fluency.
  • An open communicator who raises concerns early and contributes in group discussions.
  • A high bar for resilient systems.

Desirable:

  • Detection engineering at production scale.
  • Supply-chain security knowledge.
  • Cloud-native attack patterns on AWS.
  • Incident response leadership end-to-end on a real incident.
  • Familiarity with AGENTS.md / CLAUDE.md patterns.
  • Cryptography in practice.
  • Large-scale data-intensive systems experience.
  • Observability tooling knowledge.
  • Regtech, fintech, or regulated-record experience.
  • Scoping red-team and pentest engagements.

What you won't find here:

  • A GRC role with an engineering title.
  • A queue of CVE tickets to triage.
  • A SOC analyst rota.
  • A compliance-automation role rebadged as security engineering.

Why MirrorWeb?

We're a communications compliance surveillance and supervision platform. We process hundreds of millions of events a month for firms worldwide, and we're scaling fast. Security Engineering, like Product Engineering, is a first-class software engineering discipline here. We protect the regulated record for thousands of financial firms. The threat is real, and the surface is interesting.

Our Tech Stack:

  • Backend: Go, TypeScript, Python
  • Frontend: React, TypeScript
  • Cloud: AWS (Lambda, EC2, ECS Fargate, Aurora PostgreSQL/MySQL, S3, SQS/SNS), Vercel
  • AI Infrastructure: AWS Bedrock, Langfuse, Vercel AI Gateway
  • Infrastructure: Terraform, GitHub Actions
  • Data: Large-scale PostgreSQL, ClickHouse, Turbopuffer
  • Agent tooling: Claude Code, Cursor, Linear, Codex, Sentry, Grafana Cloud, CodeRabbit, Incident.io

Product Security Engineer in Manchester employer: MirrorWeb

At MirrorWeb, we pride ourselves on being an exceptional employer that values innovation and collaboration in the field of product security. Our dynamic work culture fosters continuous learning and growth, allowing engineers to tackle real-world challenges while contributing to the security of thousands of financial firms. With a commitment to engineering excellence and a supportive environment, we empower our employees to make a meaningful impact in a fast-paced, cutting-edge industry.

M

Contact Details:

MirrorWeb Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land Product Security Engineer in Manchester

Tip Number 1

Network like a pro! Attend industry meetups, conferences, or online webinars related to product security. Engaging with professionals in the field can lead to valuable connections and potential job opportunities.

Tip Number 2

Show off your skills! Create a portfolio showcasing your projects, especially those related to security engineering. This gives you a chance to demonstrate your expertise and problem-solving abilities to potential employers.

Tip Number 3

Prepare for interviews by practising common technical questions and scenarios specific to product security. Be ready to discuss your past experiences and how you've tackled real-world security challenges.

Tip Number 4

Don't forget to apply through our website! It’s the best way to ensure your application gets noticed. Plus, it shows you're genuinely interested in joining our team at MirrorWeb.

We think you need these skills to ace Product Security Engineer in Manchester

Production Software Development
AWS Security
Defence Systems Engineering
Adversarial Reasoning
AI Coding Agents Experience
Threat Modelling Fluency
Incident Response Automation

Some tips for your application 🫡

Tailor Your CV:Make sure your CV speaks directly to the role of a Product Security Engineer. Highlight your experience with production software, security systems you've built, and any relevant projects that showcase your skills in defending against real threats.

Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about security engineering and how your background aligns with our mission at MirrorWeb. Don't forget to mention specific experiences that demonstrate your adversarial instincts and threat modelling fluency.

Showcase Your Technical Skills:We want to see your hands-on experience! Be sure to include any relevant tools and technologies you've worked with, especially those related to AWS, detection engineering, and supply-chain security. Mention any AI coding agents you've used in your workflows too!

Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows you’re keen on joining our team at MirrorWeb!

How to prepare for a job interview at MirrorWeb

Know Your Stuff

Make sure you brush up on your production software experience, especially with AWS security. Be ready to discuss specific defence systems you've worked on, like detections that caught real attacks or how you’ve hardened build pipelines. This is your chance to showcase your hands-on experience!

Understand the Threat Landscape

Familiarise yourself with recent supply-chain incidents and be prepared to talk about them. Show that you can reason about real threat actors and their tactics, rather than just abstract concepts. This will demonstrate your adversarial instincts and understanding of the current security landscape.

Communicate Clearly

As an open communicator, it’s vital to express your thoughts and concerns early in discussions. Practice articulating your ideas clearly and confidently, especially when it comes to threat modelling and system design. This will help you stand out as a collaborative team player.

Showcase Your Tooling Knowledge

Be ready to discuss your experience with detection engineering tools and cloud-native attack patterns on AWS. Familiarity with tools like Sigma, OSQuery, or Falco will be a plus. Highlight any incident response leadership you've done, as this shows you can handle real-world scenarios effectively.