Senior Product Security Engineer

Job Description

#LI-KO1

Are you passionate about helping engineers build secure products

Join our Product Security team to partner with digital product teams help engineers understand and fix real-world security findings across custom code cloud platforms and modern tech stacks through collaboration pragmatism and empathy

Core Responsibilities

• Help engineering teams understand security findings in context not just severity scores.
• Collaborate with engineers on how to remediate issues.
• Perform security-focused code reviews and architectural discussions.
• Provide hands-on guidance and consultancy on application cloud and product security topics.
• Create technical guidance blog posts and awareness material for developers.
• Continuously improve our vulnerability management process tooling and guidance.

Play your part in our team succeeding

In Digital Product Security we aim to assist our digital product teams in building and operating secure solutions at scale. We focus on enabling secure engineering practices through partnership technical guidance and shared understanding rather than centralised control.

In this role you will support the organisation by working directly with the product teams to understand vulnerabilities and other security findings in their code and products. You help add real-world context and translate security findings into practical actionable improvements. You will contribute to strengthening our overall security posture by combining vulnerability management security advisory engineering insights and collaboration.

We care about trust empathy and long-term impact.

Do you have what it takes

• A solid background in software engineering application security or cloud security.
• Experience working directly with developers.
• Ability to explain security issues in plain developer-friendly language.
• Solid understanding of application vulnerabilities (OWASP Top 10 as an example).
• Solid understanding of cloud-native environments like AWS Azure and GCP.
• Comfortable operating in a large distributed environment with multiple tech stacks.
• A mentality committed to helping teams succeed not proving them wrong.
• Curiosity and willingness to learn.

Experience in the below would be nice to have:

• Experience working with vulnerability management platforms or CSPM/CNAPP tools.
• Certifications such as OSCP CWES or similar which focus on offensive security skills.
• Hands-on security findings through platforms such as Hack The Box or TryHackMe.
• Participation in Capture The Flag (CTF) challenges including write-ups or shared findings.

Applications are reviewed on an ongoing basis. However please note we do amend or withdraw our jobs and reserve the right to do so at any time including prior to any advertised closing date. So if youre interested in this role we encourage you to apply as soon as possible.

Whats in it for you

Here is what you can expect:

Family Care Leave - We offer enhanced paid leave options for those important times.

Insurances All colleagues are covered by our life and disability insurance which provides protection and peace of mind.

Wellbeing - We want our people to feel well and thrive. We offer resources and benefits to nurture physical and mental wellbeing along with opportunities to build community and inspire creativity.

Colleague Discount We know youll love to build so from day 1 you will qualify for our generous colleague discount.

Bonus - We do our best work to succeed together. When goals are reached and if eligible youll be rewarded through our bonus scheme.

Workplace - When you join the team youll be assigned a primary workplace location i.e. one of our Offices stores or factories. Our hybrid work policy means an average of 3 days per week in the office. The hiring team will discuss the policy and role eligibility with you during the recruitment process.

Children are our role models. Their curiosity creativity and imagination inspire everything we do. We strive to create a diverse dynamic and inclusive culture of play at the LEGO Group where everyone feels safe valued and they belong.

The LEGO Group is highly committed to equal employment opportunity and equal pay and seeksto encourage applicants from all backgrounds (eg. sex gender identity or expression race/ethnicity national origin sexual orientation disability age and religion) to apply for roles in our team.

The LEGO Group is fully committed to Childrens Rights and Child Wellbeing across the globe. Candidates offered positions with high engagement with children are required to take part in Child Safeguarding Background Screening as a condition of the offer.

Thank you for sharing our global commitment to Childrens Rights.

Just imagine building your dream career.

Then make it real.

Join the LEGO team today.