Senior Product Security Engineer

London / Manchester
All Technology – Security /
Permanent /
Our Ways of Working Principles:

We believe that most of us do our best work when we work together, but we know that everyone works in different ways, and quite frankly, has other commitments and responsibilities outside of work.
As we further adjust  to hybrid working, we want to take what we've learnt from working remotely and keep the flexibility that's enabled us to thrive and keep driving our business forward.

We have some core principles which support us in this:
Do what’s right
Trust & give permission
Delivery matters

We understand ways of working can look different based on your role, team and you as an individual so we are here to support and discuss this with you during the interview process.

Work with us

At Moonpig Group our mission is to help people connect and create moments that matter. We’re an international group made up of three brilliant brands – Moonpig in the UK, Ireland, US and Australia, and Greetz in the Netherlands – with our newest addition Buyagift joining us in 2022.

We were founded with a goal to disrupt the traditional greetings industry. Two decades on, we’re an established leader within the online gifting market, offering a wide range of products to customers across the world.Moonpig is an iconic brand and innovator, with clear values (read more about our values here!). These values set our teams and our business up for success in an environment that’s fun, supportive and challenging. They’re the glue that binds us together and we think of them as a platform to help us deliver our best work. You have every chance to drive impact here at Moonpig, and most importantly, we genuinely want you!

Our architecture is built for scale and flexibility which will allow us to quickly innovate and launch new propositions - coupling that with the wealth of data we have on our customers, the sky's the limit in the world of experimenting with cutting edge ideas.

What you’ll be doing:

As a Senior Product Security Engineer you will be responsible for ensuring that company & customer data is secure at all times. You will be building & maintaining modern security tools, controls & services. To be successful you will need experience ensuring the security of cloud based (AWS & Azure) & on prem infrastructure.

We’re a small team, so the role is a hybrid of engineering and vulnerability and risk management. With a focus on automation and collaboration with our wider Technology team to enhance our capabilities in our software development life cycle.

This is a hybrid role from either our London or Manchester offices

Key Responsibilities

    • Provide security expertise and guidance to our product development teams and business leaders throughout all phases of the software development life cycle.
    • Drive secure SDLC activities; from requirements gathering, reviewing architectures, supporting automated tooling and performing and/or supporting threat models & penetration testing.
    • Vulnerability Management, identifying, triaging and managing vulnerabilities.
    • Designing, building, automating and maintaining internal security tools, controls and services.
    • Evaluation, selection and implementation of security products and services.
    • Technical security review and analysis of proposed solutions to identify and define appropriate security controls and their configuration.
    • Collaborate with the wider security team to test our detection capabilities (hack ourselves first).
    • Educate and empower those around you on Security topics to increase understanding of vulnerabilities and how to prioritise and remediate.

About you:

    • Experience building cloud based security solutions (AWS, Azure).
    • Experience pen testing of services and scoping of testing.
    • Experience of facilitating threat modelling sessions with engineering teams
    • Good networking and associated protocol knowledge.
    • Experience of selecting, implementing, and maintaining security products and services.
    • Automation scripting using Python, PowerShell, Go or similar.
    • A genuine enthusiasm for identifying security problems and building solutions to them.
    • Understanding of cryptography, authentication, authorization.
    • Experience investigating, triaging and managing security incidents.
Want to hear more? 
Find out more about Moonpig Group and what it has to offer here!
Moonpig’s Commitment to Equality, Diversity and Inclusivity 

At Moonpig Group, we’re committed to creating an inclusive and caring culture with brilliant people who feel a real sense of belonging. We welcome and celebrate all diverse backgrounds to Moonpig Group, from working parents who need flexibility with their hours to individuals who are neurodiverse and prefer to work a certain way. 
We’re proud to have several employee-led committees within our organisation, including the LGBTQ+ Committee, The Gender Balance Committee and our Moonpig Against Racism Committee. 
We’ll continue to push for diversity and that sense of belonging so that all Moonpig Group employees feel safe and comfortable to be their true authentic self at work.