Product Security Engineer
London / Manchester
IT, Security & Delivery – IT, Security & Delivery (Group) /
Permanent /
Hybrid
We’re the Moonpig Group – home to Moonpig, Greetz, Red Letter Days and Buyagift – and we’re on a mission to make people feel loved, celebrated and remembered. Whether it’s a card that gets them laughing out loud or a gift that makes their day, we help people stay close, no matter the miles.
We’re proud to be leading the online gifting revolution, with brilliant products, clever tech and a whole lot of heart. Our platform makes it easy to create moments that matter – packed with personal touches and delivered with care.
We’re not just about selling cards or gifts – we’re here to spread joy, spark smiles and make every celebration feel extra special. And with values that guide how we work and support one another, we’ve built a place where people (and ideas) can truly thrive.
If you’re looking to make an impact, bring your spark and be part of something meaningful – we’d love to have you on the team. 🌙🐷
About the role
We’re looking for a Product Security Engineer to help us build secure-by-design products that customers can trust. This is a key role in our Technology team where you’ll work across the business to protect data, reduce risk, and enable safe innovation. From engineering security tooling to empowering teams with best practices, you’ll help us build products that are as secure as they are loved.
Key Responsibilities:
- Contribute to the product security strategy and roadmap
- Design, build and innovate on security tools within our DevOps pipeline
- Partner with engineers to embed secure practices across the SDLC
- Implement preventative and detective security controls in agile environments
- Lead and support security testing (internally and with third parties)
- Act as a subject matter expert during security incidents
- Raise security awareness through knowledge sharing and collaboration
- Ensure security is considered in every technical discussion and decision
About You:
- Strong knowledge of application security best practices (e.g. OWASP)
- Experience with at least one major cloud provider (AWS, Azure or GCP)
- Familiar with Infrastructure as Code (e.g. Terraform, CloudFormation)
- Confident working with microservices, APIs and secure coding principles
- Hands-on experience with SAST/DAST tools in CI/CD environments
- Awareness of security tooling such as WAFs and vulnerability scanners
- Solid understanding of cryptography, authentication and authorisation
- A great communicator with a collaborative, pragmatic mindset
- Ideally have experience measuring and improving security via tooling metrics
- Ideally have exposure to incident response or threat modelling
- Ideally knowledge of securing serverless or containerised environments
- If you have a background in software engineering and have a keen interest and solid understanding of product security then we'd encourage you to apply
Our Tech Environment:
- Languages: Python, Go or similar
- Infrastructure: AWS, Azure, GCP
- Tools: Terraform, CloudFormation, WAFs, vulnerability scanners
- DevOps: CI/CD pipelines, IaC, security automation
- Security focus: SAST, DAST, secure coding, threat modelling
How We Get There:
- We build with security in mind from day one
- We balance safety and speed with pragmatic decision-making
- We foster a culture of collaboration, curiosity and continuous learning
- We champion inclusive practices that welcome diverse perspectives
Interview Process:
- Stage 1: Recruiter Screen - 30 mins
- Stage 2: Hiring Manager Interview - 45 mins
- Stage 3: Product Security technical deep dive interview - 60 mins
- Stage 4: Cross functional & Behavioural / Culture Fit - 60 mins
- Offer! 🎉
What's in it for you?
We believe in empowering our team to do their best work. Enjoy:
💰 Competitive Pay & Bonuses: Plus, generous pension plans & staff discounts.
💆🏽 Wellbeing First: Private healthcare (UK), mental health support & dog-friendly offices (London & NL).
🏖️ Flexible Working & Time Off: Generous holidays, hybrid working (1-3 days in office, depending on role/team) & up to 20 days of international working.
📈 Career Growth: Learning allowances, coaching & development programs.
Want to know more?
Explore our full benefits package: here
Check out our podcast, tech blog and product blog to hear more about how we work and what we're building!
Our Ways of Working:
We trust you to do what’s right, providing flexibility to balance work and life. We believe in giving you permission to innovate and focus on delivering meaningful results. We understand that effective ways of working are unique to each individual, role, and team, and we’re committed to supporting and discussing your specific needs throughout the interview process and beyond.
Moonpig Group's Commitment to Equality, Diversity, and Inclusivity:
At Moonpig Group, we’re all about creating a workplace where everyone feels they truly belong. We celebrate what makes each of us unique, whether that’s our background, how we work best, or what matters most to us.
From working parents who need flexible hours to neurodiverse colleagues with specific working styles, we’re here to support our people in ways that work for them. Because when you feel valued and included, you can thrive, and so can we.
We’re proud to have a number of employee-led groups driving this forward, including our LGBTQ+, Gender Balance, Neurodiversity and EMBRACE (Educating Myself for Better Racial Awareness and Cultural Enrichment) communities, plus our Group-wide EDI committee. These teams help make sure every voice is heard and every idea has a place.
We know that diversity fuels creativity, innovation and connection, and that’s why we’ll keep pushing for progress. Together, we’re building a culture where everyone feels safe, supported, and free to be their brilliant, authentic selves.
If you have a preferred name, please use it to apply and share your pronouns if you are comfortable to do so😊 - If you have any reasonable adjustment requests throughout the interview process please let us know on your application or speak to the Recruiter.
