Product Security Engineer

Moonpig

Job Description

Moonpig Group—the creative force behind Moonpig, Greetz, and Red Letter Days—is looking for a Product Security Engineer to join our Technology team in Manchester. In this role, you won’t just be “policing” code; you’ll be an active builder, designing security tooling and embedding safety directly into our DevOps pipelines. We want someone who understands that security should enable innovation, not slow it down. Whether you are a seasoned security specialist or a Software Engineer with a passion for “Shift Left” security, you will play a vital role in protecting the moments that matter for millions of customers.

Key Responsibilities

  • Security Orchestration: Design and build automated security tools within our CI/CD pipelines to catch vulnerabilities early.

  • Secure SDLC: Partner with engineering teams to embed secure-by-design principles throughout the Software Development Life Cycle.

  • Vulnerability Management: Lead internal and third-party security testing, implementing both preventative and detective controls.

  • Incident Response: Serve as a subject matter expert during security incidents and help lead threat modelling exercises for new features.

  • Culture & Awareness: Act as a security champion, raising awareness through knowledge sharing and ensuring security is a core part of every technical decision.

Technical Environment

  • Cloud Ecosystem: Multi-cloud environment utilizing AWS, Azure, and GCP.

  • Infrastructure as Code (IaC): Heavy use of Terraform and CloudFormation.

  • Security Tooling: Hands-on with SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), WAFs, and vulnerability scanners.

  • Languages: Proficient in Python, Go, or similar backend languages.

  • Architecture: Working with microservices, APIs, and containerized/serverless environments.

About You

  • Best Practices: Deep knowledge of OWASP principles and secure coding standards.

  • Automation Mindset: Experience automating security checks within agile, high-velocity environments.

  • Communication: A pragmatic collaborator who can explain complex risks to non-technical stakeholders.

  • Identity & Access: Solid understanding of cryptography, authentication (OIDC, SAML), and authorization.

  • Bonus Points: Experience with threat modelling, incident response, or measuring security maturity via data-driven metrics.

Why Join Moonpig?

  • Competitive Package: Strong pay, bonuses, and a generous pension.

  • Work-Life Balance: Hybrid working (1–3 days in the office) and 20 days of international remote working per year.

  • Wellbeing: Private healthcare, mental health support, and even dog-friendly offices.

  • Growth: Dedicated learning allowances and coaching programs to help you level up.

The Product Security Landscape (2026)

As of 2026, the industry has moved beyond simple firewalls. According to Gartner and the Cloud Security Alliance:

  • Software Supply Chain Security: With the rise of third-party dependencies, “Software Bill of Materials” (SBOM) management has become a core competency for Product Security Engineers.

  • AI-Augmented Security: Engineering teams are increasingly using AI to assist in code reviews, but Product Security Engineers are essential to verify these “AI-suggested” fixes for logic flaws that tools often miss.

To apply for Company Website uk.linkedin.com.

more related jobs

check more updates