Product Security Leader

Product Security Leader

London – hybrid

6 month contract

Inside ir35

The Product Security Leader (PSL) is the primary partner for embedding security into every phase of the product lifecycle. From design and development to deployment and maintenance. PSLs work closely with engineering, product management, and compliance teams to ensure products are secure by design and resilient in production. PSLs define and implement security policies, manage vulnerability backlogs, and lead threat modelling and incident response efforts.

What you’ll own

• Define and implement security policies and tooling across the product lifecycle, from design and development to deployment and maintenance.
• Lead threat modelling for new and existing applications, guiding teams and ensuring outputs are documented and tracked.
• Manage the product vulnerability backlog, prioritizing remediation of high and critical vulnerabilities, and tracking key metrics such as open vulnerabilities, SLA compliance, and average age of vulnerabilities.
• Coordinate bug bounty findings and ensure timely remediation.
• Conduct root cause analysis (RCA) for security incidents and systemic vulnerabilities, using insights to drive developer training and systemic fixes.
• Drive incident response efforts as Investigation Lead or Incident Commander, including facilitating tabletop exercises to test and improve incident readiness.

What you bring

• Deep expertise in vulnerability management, threat modelling, security architecture, and secure SDLC practices.
• Strong background in incident response, root cause analysis, and bug bounty program management.
• Excellent communication and stakeholder management skills, with experience driving cross-functional initiatives.
• Experience with third-party risk management, security assessments, and regulatory compliance.
• Experience working with CI/CD teams to implement new security technologies in the pipeline. Including SAST, DAST, and SCA tools.
• Experience partnering with cross-functional teams to deliver impactful security initiative.

If you believe you have the experience required, please apply with your CV now for instant consideration!

TO APPLY - PLEASE APPLY WITH AN UP-TO-DATE CV

Candidates will ideally show evidence of the above in their CV in order to be considered.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly.

*Pontoon is an employment consultancy. We put expertise, energy, and enthusiasm into improving everyone’s chance of being part of the workplace. We respect and appreciate people of all ethnicities, generations, religious beliefs, sexual orientations, gender identities, and more. We do this by showcasing their talents, skills, and unique experience in an inclusive environment that helps them thrive.