Senior Product Security Engineering
Hybrid · Glasgow, Scotland, United Kingdom
Job Summary
Senior Product Security Engineer responsible for owning the execution layer of product security across cloud, mobile, and embedded domains. You will build and operationalize security tooling (SAST, SCA, DAST, secrets scanning, SBOM generation), deploy them into CI/CD pipelines, coordinate with Engineering Productivity teams, lead third-party penetration testing coordination (IoT and firmware assessments), drive scalable threat modeling and secure design guidance throughout the SDLC, and support vulnerability response and regulatory-aligned practices for Sonos’ connected devices and services. The role emphasizes practical automation, measurable security outputs, and collaboration with product development teams to embed secure design and development at scale.
Required Qualifications
- 4+ years in software engineering, application security, or product security
- Hands-on experience implementing and operationalizing security tooling: SAST, SCA, DAST, secrets scanning, or similar
- Experience integrating security practices and tooling into CI/CD pipelines
- Experience coordinating penetration testing engagements and working with IoT or embedded device assessments is a plus
- Experience with IoT products, connected devices, or embedded systems is preferred but not required
- Ability to translate findings into remediation plans and track closure
- Experience using AI tools to automate security practices
- Knowledge of threat modeling and secure design across cloud, mobile, and embedded domains
- Familiarity with regulatory and compliance considerations in software security
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.