Product Security Engineer - Specialist CONTRACT - Fintech Firm

The Product Security Leader (PSL) is the primary partner for embedding security into every phase of the product life cycle. From design and development to deployment and maintenance. PSLs work closely with engineering, product management, and compliance teams to ensure products are secure by design and resilient in production.
PSLs define and implement security policies, manage vulnerability backlogs, and lead threat modelling and incident response efforts.

What you’ll own

Define and implement security policies and tooling across the product life cycle, from design and development to deployment and maintenance.
Lead threat modelling for new and existing applications, guiding teams and ensuring outputs are documented and tracked.
Manage the product vulnerability backlog, prioritizing remediation of high and critical vulnerabilities, and tracking key metrics such as open vulnerabilities, SLA compliance, and average age of vulnerabilities.
Coordinate bug bounty findings and ensure timely remediation.
Conduct root cause analysis (RCA) for security incidents and systemic vulnerabilities, using insights to drive developer training and systemic fixes.
Drive incident response efforts as Investigation Lead or Incident Commander, including facilitating tabletop exercises to test and improve incident readiness.

What you bring
Deep expertise in vulnerability management, threat modelling, security architecture, and secure SDLC practices.
Strong background in incident response, root cause analysis, and bug bounty program management.
Excellent communication and stakeholder management skills, with experience driving cross-functional initiatives.
Experience with third-party risk management, security assessments, and regulatory compliance.
Experience working with CI/CD teams to implement new security technologies in the pipeline. Including SAST, DAST, and SCA tools.
Experience partnering with cross-functional teams to deliver impactful security initiative.