Product Security Engineer

Product Security Engineer

Redgate Software creates ingeniously simple software to help data professionals get the most value out of any database. Our solutions solve complex database management challenges across the DevOps lifecycle, making life easier for IT leaders, development, and operations teams by increasing efficiency, reducing errors, and protecting business-critical data.

Find out more about us here:

• Redgate Software – Culture
• Flexa Careers
• Glassdoor
• RepVue

The Role

As a Product Security Engineer, you’ll embed security into the software development lifecycle across multiple product teams. You’ll help teams build, ship, and operate secure software by defining requirements, improving detection and prevention (SAST/DAST), assisting teams with application security governance, and running threat modelling.

Your Work at Redgate

• Partner with engineering and product teams to define and operationalise security requirements across the SDLC (from design to release).
• Audit application code for weaknesses and vulnerabilities.
• Own or co-own application security governance practices: secure-by-default standards, patterns, guardrails, and exceptions/risk acceptance.
• Drive SAST/DAST adoption and quality: tool tuning, triage workflows, severity calibration, and “fix-forward” enablement.
• Support adoption of threat modelling for new features, architectural changes, and high-risk services—turning findings into actionable engineering work.
• Provide product security guidance for cloud-native environments (AWS + containerised workloads), with an emphasis on secure service design and deployment practices.
• Build strong relationships with product teams through clear communication, coaching, and security enablement.
• Review and assist in the development of engineering policies aligned with security best practices
• Contribute secure shared libraries/paved-road components or perform targeted security testing/pentesting to validate controls.
• Work with product teams to support implementation of AI, including LLMs, SLMs, and MCP.

What you bring to the table

• Hands-on product/application security experience supporting engineering teams in a modern SDLC (requirements, design review, secure coding guidance, release support).
• Strong knowledge of the OWASP Top 10 and practical mitigation patterns; familiarity with OWASP ASVS is a plus.
• Experience implementing or improving SAST/DAST processes: