Senior Product Security Engineer

Job Description

#LI-KO1

Are you passionate about helping engineers build secure products?

Join our Product Security team to partner with digital product teams, help engineers understand and fix real-world security findings across custom code, cloud platforms, and modern tech stacks through collaboration, pragmatism, and empathy

Core Responsibilities

• Help engineering teams understand security findings in context – not just severity scores.
• Collaborate with engineers on how to remediate issues.
• Perform security-focused code reviews and architectural discussions.
• Provide hands-on guidance and consultancy on application, cloud and product security topics.
• Create technical guidance, blog posts and awareness material for developers.
• Continuously improve our vulnerability management process, tooling and guidance.

Play your part in our team succeeding

In Digital Product Security we aim to assist our digital product teams in building and operating secure solutions at scale. We focus on enabling secure engineering practices through partnership, technical guidance and shared understanding rather than centralised control.

In this role, you will support the organisation by working directly with the product teams, to understand vulnerabilities, and other security findings, in their code and products. You help add real-world context and translate security findings into practical, actionable improvements. You will contribute to strengthening our overall security posture by combining vulnerability management, security advisory, engineering insights and collaboration.

We care about trust, empathy and long-term impact.

Do you have what it takes?

• A solid background in software engineering, application security or cloud security.
• Experience working directly with developers.
• Ability to explain security issues in plain, developer-friendly language.
• Solid understanding of application vulnerabilities (OWASP Top 10 as an example).
• Solid understanding of cloud-native environments like AWS, Azure and GCP.
• Comfortable operating in a large, distributed environment with multiple tech stacks.
• A mentality committed to helping teams succeed, not proving them wrong.
• Curiosity and willingness to learn.

Experience in the below would be nice to have:

• Experience working with vulnerability management platforms or CSPM/CNAPP tools.
• Certifications such as OSCP, CWES or similar, which focus on offensive security skills.
• Hands-on security findings through platforms such as Hack The Box or TryHackMe.
• Participation in Capture The Flag (CTF) challenges, including write-ups or shared findings.

Applications are reviewed on an ongoing basis. However, please note we do amend or withdraw our jobs and reserve the right to do so at any time, including prior to any advertised closing date. So, if you're interested in this role we encourage you to apply as soon as possible.

What’s in it for you?

Here is what you can expect:

Family Care Leave - We offer enhanced paid leave options for those important times.

Insurances – All colleagues are covered by our life and disability insurance which provides protection and peace of mind.

Wellbeing - We want our people to feel well and thrive. We offer resources and benefits to nurture physical and mental wellbeing along with opportunities to build community and inspire creativity.

Colleague Discount – We know you'll love to build, so from day 1 you will qualify for our generous colleague discount.

Bonus - We do our best work to succeed together. When goals are reached and if eligible, you'll be rewarded through our bonus scheme.

Workplace - When you join the team you'll be assigned a primary workplace location i.e. one of our Offices, stores or factories. Our hybrid work policy means an average of 3 days per week in the office. The hiring team will discuss the policy and role eligibility with you during the recruitment process.

Children are our role models. Their curiosity, creativity and imagination inspire everything we do. We strive to create a diverse, dynamic and inclusive culture of play at the LEGO Group, where everyone feels safe, valued and they belong.

The LEGO Group is highly committed to equal employment opportunity and equal pay and seeks to encourage applicants from all backgrounds (eg. sex, gender identity or expression, race/ethnicity, national origin, sexual orientation, disability, age and religion) to apply for roles in our team.

The LEGO Group is fully committed to Children’s Rights and Child Wellbeing across the globe. Candidates offered positions with high engagement with children are required to take part in Child Safeguarding Background Screening, as a condition of the offer.

Thank you for sharing our global commitment to Children’s Rights.

Just imagine building your dream career.

Then make it real.

Join the LEGO® team today.