trainline - Junior Product Security Engineer
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• You are curious about how systems work and how they can be secured; bringing an aware consumer mindset that considers the intersection of technology, security, and product design. • Relevant education, training, or practical experience in cyber/information security or software engineering/development • Understanding of common security risks affecting applications, APIs, and distributed systems • Familiarity with secure coding principles, the software development lifecycle (SDLC) and threat modelling concepts • Exposure to security testing approaches such as SAST, DAST, or dependency scanning • Basic programming or scripting ability (e.g. Python, JavaScript, or similar) to support automation, analysis, or tooling • Interest in building or improving security tooling, automation, or developer workflows to help scale security across engineering teams • Strong analytical and problem-solving skills, with the ability to analyse and assess security risks in application designs, code, or deployed systems • Ability to collaborate effectively with engineers and communicate security concerns clearly • Bachelor's degree in Computer Science, Cybersecurity, Information Security, or a related technical field • Experience using security tooling such as Burp Suite, OWASP ZAP, Semgrep, Checkmarx, OxSecurity, or Snyk • Exposure to security reviews, threat modelling, penetration testing concepts, or risk assessments • Familiarity with security frameworks and standards such as OWASP, ISO 27001, PCI DSS, or GDPR • Familiarity with modern development environments, including AWS, CI/CD security checks, and API security testing • Scripting experience (Python/Bash) and exposure to AI or martech ecosystems is a plus • Experience gained through security coursework, certifications, personal projects, security research, CTF competitions, bug bounty programs, or open-source contributions is highly valued • Candidates with software, data or platform engineering backgrounds with an interest in security are also encouraged to apply. • What You'll Get
Responsibilities
• SUPPORT SECURE DEVELOPMENT • Support the integration of security practices across the product development lifecycle, helping teams design and build secure services and features. • Work with teams to promote secure-by-default and a shift-left approach to security, ensuring security considerations are addressed early to reduce the risk and cost of fixing issues later. • Help integrate security checks (e.g., SAST, SCA, secret scanning) into CI/CD workflows to identify risks during development. • Assist in triaging and analysing findings from automated tooling, validating results, false positives, and partnering with engineering teams to prioritise and remediate security risks. • VULNERABILITY TRIAGE & TRACKING • Review and triage incoming security issues from scans and bug reports. • Record, prioritise and help track remediation with developers and platform teams. • Contribute to vulnerability monitoring dashboards and reports. • LEARNING & THREAT AWARENESS • Participate in threat modelling sessions and documentation efforts. • Stay updated on common application vulnerabilities and security best practices. • Shadow senior engineers in code reviews and security design discussions. • SECURITY ADVOCACY • Help promote secure coding principles across teams by sharing guidance and resources. • Help improve developer adoption of security tools and best practices. • Support delivery of internal training sessions and documentation updates. • COMPLIANCE AND STANDARDS • Assist with aligning product security practices with relevant security frameworks and standards (e.g., OWASP, NIST, ISO 27001, GDPR, PCI DSS). • Support regulatory compliance efforts and maintain evidence to meet audit requirements.
Benefits
• The top end of the starting salary range may not always be the top end of our banding. If you're unsure, you can check with one of our recruiters. • Upload your resume here to autofill key application fields. • Drop your resume here! • Parsing your resume. Autofilling key fields... • or drag and drop here • they/them/theirs • Prefer not to say • We may provide sponsorship support to candidates on a role by role basis. • Trainliners are expected to attend the office a minimum of 60% over a 12 week period. • We’re committed to making our recruitment process accessible. If there’s anything we can do to support you, please let us know here. You do not need to share medical details - only what would help. • We’re interested in how you apply AI to drive efficiency, improve experiences, or raise the bar in your work. Whether you’re experimenting with tools, building automations, or shaping your team’s approach — we’d love to hear how AI fits into your thinking • Such as your motivation to apply or additional context for your application? • This part is optional. If you choose to fill it in, please speak authentically (you can use AI to help you, but don't rely purely on it!). • Prefer not to say • Prefer not to say • Prefer not to say • Do you agree to allow Trainline to contact you about job opportunities for up to 2 years? • Recruiting Privacy Policy
No credit card. Takes 10 seconds.