Posted on: April 14, 2026
Job Description
We're looking for someone who can stand in the middle of security and engineering - and be trusted by both sides. You'll be embedded in a cluster of 300+ engineers across multiple product teams, owning the security posture of your area. Not through authority, but through credibility, influence, and the kind of emotional intelligence that earns trust in rooms full of strong opinions and versatile engineers.
This is a hands-on, high-impact role. You'll develop how security gets built into products not bolted on afterwards.
Core Responsibilities
Collaboration with Digital Security
Build a trust-based partnership with the Digital Security team while coordinating security efforts across multiple product teams. Working alongside a Technical Program Manager, you'll drive adoption of a shared security model through influence, not process. You are the translator: making the security agenda real for engineers, and bringing engineering context back to security leadership.
Engagement with Leadership
Deliver concise, impactful updates to Engineering Directors and Principal Engineers. Participate in planning cycles, helping leadership see where the gaps are and how to sequence work - from quick wins to complex, longer-term improvements.
Support for Product Teams
Roll up your sleeves. Review code with a security lens, challenge compose decisions, run threat modelling workshops, and guide teams toward secure-by-design outcomes. You enable teams rather than block them.
Progress and Challenges Updates
Report regularly to Security and Cluster audiences on the state of controls - progress, risks, delays - with no surprises. Present a balanced, evidence-based view in an environment where opinions run strong.
Integration into Engineering Workflows
Embed security into pipelines and architectures as sensible, automated practices - CI/CD integration, policy-as-code, infrastructure-as-code scanning - without slowing teams down.
Sharing Best Practices
Lead cross-team security conversations informally. Run workshops, share lessons learned, and build a culture where security knowledge is accessible and actionable for every engineer.
Play your part in our team succeeding
You'll report into the Senior Vice President of Consumer Marketing Technology and help grow its security maturity, with a strong functional connection to the central Digital Security team and other Lead Cybersecurity Stewards. Your day-to-day is about finding the gaps, prioritising what matters, and inspiring change.
This is an ownership role. The regulatory and brand damage implications of getting security wrong here are significant — you need to feel that weight and act on it. You won't build bureaucracy, but you will build clarity.
CMT is the digital technology organization within the LEGO Group that owns consumer-facing and marketing-related technology capabilities. The CMT engineering cluster covers 5 main delivery areas - Kids & Ecosystem technology, Creator & AFOL tech. Marketing & Engagement tech. Product Delivery tech and Account, member & Personalization. Many products from LEGO® Ideas, Bricklink, LEGO PLAY, Kids LEGO® web, LEGO® builder to platforms areas from LEGO® account, Digital asset management, product lifecycle management. are developed here.
Do you have what it takes?
Technical Expertise
Deep practical knowledge of secure software development - secure coding, OWASP Top 10, secure API design, dependency security
Hands-on experience with security tooling - SAST/DAST, SCA, tools like SonarQube, Snyk, or OWASP ZAP
Confident running threat modelling workshops (STRIDE, DREAD) and integrating security into design reviews
Strong cloud and platform security knowledge - IAM, secrets management, container security, network segmentation - across AWS, Azure, or Kubernetes
Comfortable with modern development (TypeScript, Python), CI/CD, DevSecOps, policy-as-code
Familiar with security architecture patterns: Zero Trust, Defence in Depth, microservices, encryption architecture
Awareness of governance frameworks (NIST CSF, ISO 27001) and regulatory impacts - not a compliance expert, but security-literate in context
Communication Skills
You translate cyber risks into engineering language and engineering constraints into security context. You make security mentorship feel enabling, not obstructive.
Collaboration and Teamwork
You lead informally through credibility and relationships. High emotional intelligence is essential - how you engage matters as much as what you know.
Problem-solving and Adaptability
You think in an agile way - finding proportionate solutions, not defaulting to heavy process. You understand change management and can guide teams through adopting new security models.
Resilient and Thrives in High Stress Situations
You stay calm and clear-headed under pressure. You take ownership, you don't deflect, and you understand the stakes are real.
Applications are reviewed on an ongoing basis. However, please note we do amend or withdraw our jobs and reserve the right to do so at any time, including prior to any advertised closing date. So, if you're interested in this role we encourage you to apply as soon as possible.
What’s in it for you?
Here is what you can expect:
Family Care Leave - We offer enhanced paid leave options for those important times.
Insurances – All colleagues are covered by our life and disability insurance which provides protection and peace of mind.
Wellbeing - We want our people to feel well and thrive. We offer resources and benefits to nurture physical and mental wellbeing along with opportunities to build community and inspire creativity.
Colleague Discount – We know you'll love to build, so from day 1 you will qualify for our generous colleague discount.
Bonus - We do our best work to succeed together. When goals are reached and if eligible, you'll be rewarded through our bonus scheme.
Workplace - When you join the team you'll be assigned a primary workplace location i.e. one of our Offices, stores or factories. Our hybrid work policy means an average of 3 days per week in the office. The hiring team will discuss the policy and role eligibility with you during the recruitment process.
Children are our role models. Their curiosity, creativity and imagination inspire everything we do. We strive to create a diverse, dynamic and inclusive culture of play at the LEGO Group, where everyone feels safe, valued and they belong.
The LEGO Group is highly committed to equal employment opportunity and equal pay and seeks to encourage applicants from all backgrounds (eg. sex, gender identity or expression, race/ethnicity, national origin, sexual orientation, disability, age and religion) to apply for roles in our team.
The LEGO Group is fully committed to Children’s Rights and Child Wellbeing across the globe. Candidates offered positions with high engagement with children are required to take part in Child Safeguarding Background Screening, as a condition of the offer.
Thank you for sharing our global commitment to Children’s Rights.
Just imagine building your dream career.
Then make it real.
Join the LEGO® team today.