National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Senior Product Security Engineer FullTime London

Trainline plc
London
1 week ago
Create job alert

About us:
We are champions of rail, inspired to build a

greener, more sustainable

future of travel. Trainline enables millions of travellers to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website, and B2B partner channels.
Great journeys start with Trainline
Now Europe’s number 1 downloaded rail app, with over 125 million monthly visits and £5.9 billion in annual ticket sales, we collaborate with 270+ rail and coach companies in over 40 countries. We want to create a world where travel is as simple, seamless, eco-friendly and affordable as it should be.
Today, we're a FTSE 250 company driven by our incredible team of over 1,000 Trainliners from 50+ nationalities, based across London, Paris, Barcelona, Milan, Edinburgh and Madrid. With our focus on growth in the UK and Europe, now is the perfect time to join us on this high-speed journey.
Introducing our Security team @ Trainline
We focus on designing, implementing, and monitoring security controls to ensure a robust security posture in a fast-evolving environment. As part of our mission to continuously improve and mature Trainline's security capabilities, we work in close collaboration with cross functional teams, including Cloud Engineering, SRE, Platform Engineering, and more, to integrate the latest technologies and best practices into our products.
You will play a important role in safeguarding all digital channels that collectively generate billions of pounds in annual ticket sales, ensuring that our systems stay secure, resilient, and innovative in the face of evolving threats.
As a Senior Product Security Engineer at Trainline, you will be responsible for...
Security in the Development Lifecycle :
Drive the integration of security into every stage of the Software Development Lifecycle (SDLC).

Design, implement, and manage security controls to ensure secure product design, development, and deployment.

Threat Analysis and Mitigation :
Collaborate with cross-functional teams to perform threat modelling, identify security risks, and implement effective countermeasures.

Proactively assess the security posture of applications through code reviews, manual penetration testing, and static/dynamic security testing (SAST/DAST).

Security Tooling and Automation :
Implement and maintain security tools used in the development and deployment processes (e.g., scanning tools, vulnerability management systems, SAST, DAST, ASPM).

Automate security processes to streamline secure development and operational workflows.

Incident Detection and Response :
Work with engineering and platform teams to detect, analyse, and remediate vulnerabilities in systems and applications.

Ensure vulnerabilities are mitigated effectively and implement permanent fixes to prevent reoccurrence.

Training and Security Advocacy :
Develop and deliver training programs to enhance the organisation’s understanding of secure coding and deployment practices.

Serve as a security mentor and advocate, fostering a culture of security awareness across engineering and business teams.

Compliance and Standards :
Ensure product security practices align with relevant security frameworks and standards (e.g., OWASP, NIST, ISO 27001, GDPR, PCI DSS).

Support regulatory compliance efforts and maintain evidence to meet audit requirements.

Collaboration and Communication :
Function as the primary interface between security, development, and infrastructure teams, ensuring seamless collaboration on security initiatives.

Provide clear documentation, reports, dashboards, and metrics to communicate application security status and progress.

Continuous Improvement :
Stay up to date with emerging threats, vulnerabilities, and best practices in product security.

Identify opportunities to enhance security processes and implement innovative solutions to improve resilience and efficiency.

We'd love to hear from you if you have...
Application Security Expertise:
Deep understanding of identifying, assessing, and mitigating security risks in application designs, code, and deployed products.

Experience managing and using security testing tools such as SAST, DAST, and vulnerability scanning solutions.

Strong grasp of secure coding practices and proficiency in integrating security into the Software Development Lifecycle (SDLC).

Technical Knowledge and Implementation experience:
Direct experience with threat modelling, security reviews, and penetration testing.

Proven ability to secure cloud-native architectures, containerization technologies, and Infrastructure as Code (IaC) environments.

Familiarity with industry standards and frameworks such as OWASP, BSIMM, PCI DSS, ISO 27001, and GDPR.

Security Integration experience:
Demonstrated ability to seamlessly integrate secure development practices into SDLC/SSDLC workflows.

Skilled in implementing technical security controls and driving security automation within CI/CD pipelines.

Risk Management and Compliance knowledge:
Experience with identifying and managing security risks, including conducting risk assessments.

Working knowledge of regulatory compliance standards and frameworks.

More information:
Enjoy fantastic perks like private healthcare & dental insurance, a generous work from abroad policy, 2-for-1 share purchase plans, an EV Scheme to further reduce carbon emissions, extra festive time off, and excellent family-friendly benefits.
We prioritise career growth with clear career paths, transparent pay bands, personal learning budgets, and regular learning days. Jump on board and supercharge your career from day one!
Our values represent the things that matter most to us and what we live and breathe everyday, in everything we do:
Think Big

- We're building the future of rail



Own It

- We focus on every customer, partner and journey

Travel Together

- We're one team



Do Good

- We make a positive impact

We know that having a diverse team makes us better and helps us succeed. And we mean all forms of diversity - gender, ethnicity, sexuality, disability, nationality and diversity of thought. That's why we're committed to creating inclusive places to work, where everyone belongs and differences are valued and celebrated.
Interested in finding out more about what it's like to work at Trainline? Why not check us out on

LinkedIn ,

Instagram

and

Glassdoor !

#J-18808-Ljbffr

Related Jobs

View all jobs

Senior Blockchain Security Engineer

Senior Blockchain Security Engineer, Offensive Security

Senior Blockchain Security Engineer

Senior Blockchain Security Engineer, Offensive Security

Senior Security Engineer, Detection and Response

Principal Security Consultant (1-year Fixed Term)

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

How to Present Cyber Security Solutions to Non-Technical Audiences: A Public Speaking Guide for Job Seekers

Cyber security is no longer just an IT issue—it’s a board-level priority. Whether you’re applying for a role in penetration testing, security operations, risk management, or compliance, your ability to clearly explain cyber threats and solutions to non-technical stakeholders is vital. This guide will help cyber security job seekers develop one of the most in-demand soft skills in the industry: public speaking. You’ll learn how to simplify complex concepts, structure effective presentations, use storytelling and analogies, and handle common stakeholder questions with confidence.

Cyber Security Jobs Employer Hotlist 2025: 50 UK Companies Actively Hiring Right Now

Bookmark this guide—refreshed every quarter—so you always know who’s really expanding their cyber security teams. Ransomware payouts broke records in 2024, the UK’s new Cyber Security Bill imposed mandatory breach disclosure, and the National Cyber Force’s move to Samlesbury has super‑charged the northern skills market. Result? Demand for security architects, SOC analysts, penetration testers, cloud‑security engineers, threat hunters & GRC specialists is at an all‑time high in 2025. Below you’ll find 50 organisations that have posted UK‑based cyber security vacancies or announced head‑count growth during the past eight weeks. They’re organised into five quick‑scan categories. For every employer you’ll see: Main UK hub Example live or recent vacancy Why it’s worth a look (tech stack, culture, mission) Search any company on CyberSecurityJobs.tech to view current ads, or set a free alert so fresh openings land straight in your inbox.

Return-to-Work Pathways: Relaunch Your Cyber Security Career with Returnships, Flexible & Hybrid Roles

Re-entering the workforce after a career break can feel especially challenging in a fast-moving field like cyber security. Whether you stepped away for parenting, caregiving or another life chapter, the UK’s cyber security sector now offers a range of return-to-work pathways—from structured returnships to flexible and hybrid roles. These programmes value the transferable skills and resilience you’ve developed during your break, pairing you with mentorship, upskilling opportunities and supportive networks to ease your transition back into cyber security. In this article, tailored for parents and carers, you’ll discover how to: Understand the growing demand for cyber security talent in the UK Translate your organisational, communication and problem-solving skills into cyber security roles Tackle common re-entry challenges with practical solutions Refresh your technical knowledge through targeted learning Access returnship and re-entry programmes specific to cyber security Find roles that accommodate family commitments—whether hybrid, flexible or full-time Balance your career relaunch with caring responsibilities Master applications, interviews and networking in cyber security Draw inspiration from real returner success stories Whether you aim to return as an analyst, penetration tester, security engineer or compliance specialist, this guide will equip you with the steps and resources to reignite your cyber security career.