Product Security Engineering Lead in High Peak

Renishaw – Product Security Engineering Lead – High Peak, England, UK
Job Description
Salary up to £60,000 depending on experience
Location Wotton-under-Edge, Gloucestershire (no public transport)
Hybrid Working 3 days per week onsite
To bring greater focus to our product security engineering activities, the Product Security Engineering Lead will guide and work with Renishaw’s product divisions to identify, assess, and mitigate security vulnerabilities in software and associated hardware products. The role works closely with development teams to integrate security practices into the software development lifecycle (SDLC) and ensure products comply with relevant standards and regulations, including the Cyber Resilience Act.
Responsibilities
Assess, establish and maintain clear guidelines and best practices for secure coding, vulnerability management and incident response.
Develop and maintain product security risk assessment processes, providing support and guidance to project teams.
Develop scanning and review processes to discover security vulnerabilities, devise mitigation strategies and resolve technical debt.
Serve as a Subject Matter Expert (SME) in product security for projects during development phases, providing information‑security consulting and recommendations, and ensuring implementation of approved security requirements.
Collaborate with developers to integrate security at every stage of the SDLC.
Guide teams to automate security scans and tests and implement secure coding practices, ensuring product compliance with regulatory standards.
Work with DevOps leads to integrate security tools and processes into DevOps pipelines.
Monitor and assess the effectiveness of implemented cybersecurity controls.
Coordinate activities with owning product divisions when vulnerabilities are reported by third parties and guide the response.
Remediate security vulnerabilities, track issues, and ensure timely patching.
Document and report results of the cybersecurity program to stakeholders.
Design and deliver cybersecurity training and awareness‑raising activities.
Share product security learning with the operational security team and vice‑versa.
Stay updated on the latest security threats, trends and best practices.
Identify opportunities to incorporate AI tooling into the development lifecycle, selecting and advancing the most promising use cases.
Key Requirements
Bachelor’s or Master’s degree (or equivalent experience) in Computer Science, Information Security, Business or a related field.
Circa 3 years of experience in cybersecurity, especially in information‑risk analysis, security engineering or security architecture.
Experience performing penetration testing, secure code review and software composition analysis (static, dynamic and manual).
Experience identifying and remediating common vulnerabilities such as OWASP Top 10.
Hands‑on experience with security scanning tools.
Proven experience in secure coding practices and vulnerability assessment.
Experience securing hardware products controlled by software is an advantage.
Experience applying AI to security and development use cases.
Familiar with threat‑modelling frameworks and automated tools.
Excellent communication and collaboration skills for cross‑functional teams.
Proficient in programming languages such as C/C, Python, Java, etc.
Able to handle multiple concurrent tasks, with strong analytical and problem‑solving skills.
Benefits
• 9 % non‑contributory pension
• Discretionary annual bonus
• Subsidised onsite restaurants and coffee shops
• Free parking and car‑sharing scheme
• 24 hour fitness centre (available at selected sites)
• 25 days holiday plus