AppSec Jobs
← Back to all jobs

Harnham

Senior Product Security Engineer

Hybrid
London Area, United KingdomPosted 3 days ago£80,000 - £100,000Website
Apply on LinkedIn →

At a Glance

PythonJavaScript/TypeScriptGoThreat Modeling

About This Role

Senior Product Security Engineer - London (Hybrid). Salary: £80,000 - £100,000. This is an opportunity to join a forward-thinking technology-driven business where security is embedded from day one. You will play a key role in shaping how products are built securely, working closely with engineering teams to influence design decisions and protect innovative, customer-facing solutions. The role offers strong technical ownership, exposure to modern cloud and AI-driven systems, and the chance to make a visible impact across the organisation. The company is a modern digital financial services organisation focused on delivering user-centric products through technology and innovation. With a strong emphasis on collaboration and continuous improvement, they have built a culture where teams are empowered to challenge conventions and deliver meaningful change. Security is treated as a core pillar of product development, not an afterthought. As part of a growing InfoSec function, you will join a team that values practical, engineering-led security approaches.

Responsibilities

  • Embed security into the full product lifecycle, from concept through to release
  • Conduct hands-on security assessments across web, mobile, and backend applications
  • Lead and support threat modelling activities for new features and systems
  • Collaborate closely with engineering teams to design secure architectures
  • Integrate and optimise security tooling such as SAST, SCA, DAST and vulnerability scanning
  • Help drive secure development lifecycle practices across teams
  • Deliver secure engineering training and guidance to developers
  • Support triage and remediation of vulnerabilities from testing, tooling, and external reports
  • Contribute to automation of security processes using scripts and internal tools

Requirements

Burp SuitePythonJavaScriptGo
  • Strong commercial experience in application or product security
  • Hands-on experience with security testing tools such as Burp Suite, Nmap, or similar
  • Solid knowledge of web or mobile security, with willingness to broaden across both
  • Good understanding of networking fundamentals and operating systems
  • Experience conducting threat modelling and explaining security trade-offs to stakeholders
  • Ability to script and automate tasks using languages such as Python, JavaScript, or Go
  • Knowledge of secure coding practices and common vulnerabilities
  • Familiarity with cloud environments and infrastructure concepts
  • Comfortable working closely with engineers in a collaborative environment

Benefits & Perks

Opportunity to work on modern technology including cloud and AI-driven systems
A highly collaborative environment with strong engineering partnerships
Clear progression opportunities within a growing security function
Investment in learning and development, including time for upskilling

About Harnham

Harnham is a global recruitment company specializing in the Data & Analytics market, established in 2006. With offices in key locations such as London, New York, San Francisco, Phoenix, and Berlin, Harnham has become a leading authority in data and AI talent acquisition. The company offers recruitment services for both permanent and contract roles, catering to a diverse range of organizations from startups to multinational corporations. Harnham provides specialized consultancy focused on data and AI talent, helping organizations enhance their data capabilities. Their expertise covers all levels of seniority and technical skills within the data, analytics, and AI sectors. The company is also committed to corporate social responsibility, engaging in community programs that support local food banks, homeless charities, and other social causes across the UK, US, and Germany. Recently, Harnham expanded its presence in the US with a new office in Tempe, Arizona, to meet the growing demand for data and analytics talent.

Industry

staffing & recruiting

Employees

210

11 engineers

Revenue

$25M

Website

Visit →

Security at Harnham

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Public signals indicate Harnham's security posture is centered on data protection and recruitment of security talent rather than operating a customer-facing Application Security (AppSec) product team.
  • Public documentation emphasizes protecting candidate/client personal data with standard safeguards and compliance with data-protection laws, and positions Harnham as a specialist recruiter for Data & AI roles — including Data Security and security-engineering placements.

Security Team

  • No publicly documented, named internal AppSec team or published AppSec organizational chart was found.
  • Public signals indicate Harnham primarily operates recruitment teams that place Data Security and security-engineering professionals with client organizations.
  • Harnham's public-facing security responsibilities are focused on protecting candidate and client personal data (privacy/compliance) and enabling placements in roles such as security engineering, IDS, cloud security, and IAM for clients.

Key Initiatives

Recommended next steps to close open gaps: 1) Request an internal security brief directly from Harnham (security contact, CISO/Head of IT) to obtain authoritative details on internal AppSec operations, SLAs, and vulnerability handling. 2) Review LinkedIn employee titles at Harnham for roles explicitly labelled Information Security/Head of Information Security/Application Security to identify internal security staff. 3) Monitor Harnham job boards and postings for roles explicitly hiring in-house AppSec (e.g., Application Security Engineer) to detect changes in internal hiring. 4) Ask for or request any existing vulnerability disclosure policy, incident response playbooks, or SOC capability summaries if deeper operational detail is required.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.

Interested in this role?

Apply on LinkedIn