Staff Product Security Engineer in Cambridge

Build the cloud platform that’s transforming electronics design. Altium 365 for cloud lets design engineers communicate, collaborate and bring their ideas to market more efficiently than any platform in the industry. We are looking for a Senior Product Security Engineer to extend our Product Security capability with a strong focus on continuous vulnerability discovery and prevention.

This role is responsible for:

• Building and executing security regression testing
• Driving threat modeling across existing and new functionality
• Conducting targeted offensive security activities (Red Team–style testing)
• Identifying real vulnerabilities based on a deep understanding of our platform and the OWASP Top 10 Web Application Security Risks

The goal is simple: ensure that both existing functionality and new changes remain secure over time, and that real vulnerabilities are discovered before customers do.

Key Responsibilities

• Security Regression Testing
  • Design and maintain security regression test suites covering critical application flows
  • Ensure vulnerabilities, once fixed, are permanently prevented from recurring
  • Integrate security regression into CI/CD pipelines
  • Define coverage targets for security-critical areas (auth, access control, APIs, data flows)
• Threat Modeling
  • Lead structured threat modeling sessions for:
  • Existing system components
  • New features and architectural changes
  • Identify attack surfaces, abuse cases, and trust boundaries
  • Translate threats into:
  • Test cases
  • Security requirements
  • Mitigation plans
  • Ensure threat modeling becomes a continuous lifecycle activity
• Offensive Security / Red Team Activities
  • Perform manual and automated security testing simulating real attacker behavior
  • Focus on high-impact vulnerabilities, not theoretical findings
  • Validate exploitability and business impact
  • Partner with engineering teams to:
  • Reproduce issues
  • Prioritize fixes
  • Validate remediation
• OWASP Top 10–Driven Vulnerability Discovery
  • Continuously assess the platform against OWASP Top 10 categories
  • Use deep product knowledge to find non-obvious, context-specific vulnerabilities
  • Go beyond tooling (DAST/SAST) to uncover logic flaws and abuse paths
• Security Assurance for Product Changes
  • Review new features and changes for security risks
  • Ensure all changes are:
  • Threat-modeled
  • Covered by regression tests
  • Act as a security gatekeeper without becoming a bottleneck:
  • Enable teams with guidance and tooling
  • Avoid heavy process overhead
• Collaboration & Enablement
  • Work closely with:
  • Engineering teams
  • Architecture
  • SRE / Platform teams
  • Contribute to secure-by-design practices
  • Support developers in understanding and fixing vulnerabilities
  • Help scale security through:
  • Reusable patterns
  • Automation
  • Security guidance

Qualifications

Required Qualifications

• 5+ years in Application / Product Security
• Bachelor's Degree or equivalent of 12 years of work experience
• Strong hands-on experience in:
• Web application security testing
• API security
• Threat modeling methodologies
• Deep understanding of OWASP Top 10
• Experience with:
• Manual penetration testing
• Security regression testing
• CI/CD security integration
• Ability to identify business logic vulnerabilities
• Strong understanding of:
• Authentication, authorization, and session management
• Multi-tenant architectures
• Cloud-native systems

Preferred Qualifications

• Experience in SaaS / multi-tenant platforms
• Familiarity with:
• Bug bounty programs
• Red teaming
• Security automation frameworks
• Knowledge of:
• AWS
• Identity systems and federation (SSO, MFA)
• Background in software engineering (ability to read/write code)

Renesas is an embedded semiconductor solution provider driven by its Purpose ‘To Make Our Lives Easier.’ As the industry’s leading expert in embedded processing with unmatched quality and system-level know-how, we have evolved to provide scalable and comprehensive semiconductor solutions for automotive, industrial, infrastructure, and IoT industries based on the broadest product portfolio, including High Performance Computing, Embedded Processing, Analog & Connectivity, and Power. With a diverse team of over 21,000 professionals in more than 30 countries, we continue to expand our boundaries to offer enhanced user experiences through digitalization and usher into a new era of innovation. We design and develop sustainable, power-efficient solutions today that help people and communities thrive tomorrow, ‘To Make Our Lives Easier.’

At Renesas, you can: Launch and advance your career in technical and business roles across four Product Groups and various corporate functions. You will have the opportunities to explore our hardware and software capabilities and try new things. Make a real impact by developing innovative products and solutions to meet our global customers' evolving needs and help make people’s lives easier, safe and secure. Maximise your performance and wellbeing in our flexible and inclusive work environment. Our people-first culture and global support system, including the remote work option and Employee Resource Groups, will help you excel from the first day.

Are you ready to own your success and make your mark? Join Renesas. Let’s Shape the Future together.

Renesas Electronics is an equal opportunity and affirmative action employer, committed to supporting diversity and fostering a work environment free of discrimination on the basis of sex, race, religion, national origin, gender, gender identity, gender expression, age, sexual orientation, military status, veteran status, or any other basis protected by law. For more information, please read our Diversity & Inclusion Statement.