At a Glance
- Tasks: Embed security into software development and help teams build secure applications.
- Company: Join Redgate Software, a leader in simplifying database management for data professionals.
- Benefits: Enjoy competitive salary, health coverage, flexible work, and generous time off.
- Other info: Flexible-hybrid model with a focus on diversity, equity, and inclusion.
- Why this job: Make a real impact on security practices while working with innovative tech.
- Qualifications: Experience in product security and understanding of cloud/container security fundamentals.
The predicted salary is between 60000 - 80000 £ per year.
hackajob is collaborating with Redgate Software to connect them with exceptional professionals for this role.
Redgate creates ingeniously simple software to help data professionals get the most value out of any database. Our solutions solve complex database management challenges across the DevOps lifecycle, making life easier for IT leaders, development, and operations teams by increasing efficiency, reducing errors, and protecting business-critical data. The data community trusts Redgate to balance speed to market, team collaboration, and data protection.
As a Product Security Engineer, you’ll embed security into the software development lifecycle across multiple product teams. You’ll help teams build, ship, and operate secure software by defining requirements, improving detection and prevention (SAST/DAST), assisting teams with application security governance, and running threat modelling.
- Partner with engineering and product teams to define and operationalise security requirements across the SDLC (from design to release).
- Own or co-own application security governance practices: secure-by-default standards, patterns, guardrails, and exceptions/risk acceptance.
- Drive SAST/DAST adoption and quality: tool tuning, triage workflows, severity calibration, and “fix-forward” enablement.
- Support adoption of threat modelling for new features, architectural changes, and high-risk services—turning findings into actionable engineering work.
- Provide product security guidance for cloud-native environments (AWS + containerised workloads), with an emphasis on secure service design and deployment practices.
- Build strong relationships with product teams through clear communication, coaching, and security enablement.
- Review and assist in the development of engineering policies aligned with security best practices.
- Contribute secure shared libraries/paved-road components or perform targeted security testing/pentesting to validate controls.
- Work with product teams to support implementation of AI, including LLMs, SLMs, and MCP.
- Hands-on product/application security experience supporting engineering teams in a modern SDLC (requirements, design review, secure coding guidance, release support).
- Working understanding of cloud and container security fundamentals in an environment using AWS and Docker (and related CI/CD practices).
- Comfort working across a primarily C# ecosystem (with some Java/Python), including the ability to review code and explain security issues clearly to developers.
- Ability to translate security risk into actionable engineering priorities—balancing risk, delivery timelines, and operational realities.
- You’re pragmatic: you care about real risk reduction, not checkbox compliance or perfect theoretical security.
- Get access to core systems and security tooling; shadow the Product Security Architect and sit in on a handful of ceremonies (planning/refinement/retro) to understand team dynamics and where security naturally fits.
- Start building a knowledge base: common app patterns, approved controls, “how we do security here,” and where to find the right people.
- Begin owning a defined slice of AppSec work with supervision (e.g., start contributing to security reviews for new features or higher-risk changes—initially as a second set of eyes, then independently for scoped areas).
- Support lightweight threat modelling sessions alongside the Architect (prep, note-taking, translating outcomes into engineering actions).
- Demonstrate steady throughput on findings: consistent triage quality, meaningful developer support, and reduced turnaround time for the scoped area.
Benefits include competitive salary, comprehensive health coverage, monthly wellbeing allowance, flexible working arrangements, generous paid time off, employee assistance program, community and social events. Redgate has adopted a flexible-hybrid model. This means that people will work flexibly with a blend of remote (home) and co-located (office) work, with teams having the flexibility to decide which location best suits the outcomes they need to deliver.
Our diversity, equity, inclusion & belonging commitments: We believe diverse teams are better at solving problems and fostering a creative culture.
- Recruitment & retention: hiring and retaining diverse talent.
- Authenticity & belonging: promoting inclusive language and behaviours.
- Growth: supporting personal and professional development.
We support DEIB through our inclusion forum (Belong at Redgate) and regular DEIB events. If you need accommodation, please let us know via our application process or email careers@red-gate.com.
Learn more about our commitment to diversity on our diversity page. While we outline the qualities we typically seek, we recognise that you may possess additional attributes and skills that could make you an excellent fit for our team. We do not discriminate based on race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.