National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Senior Product Security Engineer FullTime London

Trainline plc
London
1 month ago
Applications closed

Related Jobs

View all jobs

Senior Security Engineer

Senior Blockchain Security Engineer

Senior Security Engineer, Detection and Response

Senior Security Engineer

Principal Geospatial Data Engineer

Senior Product Security Engineer

About us:

We are champions of rail, inspired to build agreener, more sustainablefuture of travel. Trainline enables millions of travellers to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website, and B2B partner channels.

Great journeys start with Trainline

Now Europe’s number 1 downloaded rail app, with over 125 million monthly visits and £5.9 billion in annual ticket sales, we collaborate with 270+ rail and coach companies in over 40 countries. We want to create a world where travel is as simple, seamless, eco-friendly and affordable as it should be.

Today, we're a FTSE 250 company driven by our incredible team of over 1,000 Trainliners from 50+ nationalities, based across London, Paris, Barcelona, Milan, Edinburgh and Madrid. With our focus on growth in the UK and Europe, now is the perfect time to join us on this high-speed journey.

Introducing our Security team @ Trainline

We focus on designing, implementing, and monitoring security controls to ensure a robust security posture in a fast-evolving environment. As part of our mission to continuously improve and mature Trainline's security capabilities, we work in close collaboration with cross functional teams, including Cloud Engineering, SRE, Platform Engineering, and more, to integrate the latest technologies and best practices into our products.

You will play a important role in safeguarding all digital channels that collectively generate billions of pounds in annual ticket sales, ensuring that our systems stay secure, resilient, and innovative in the face of evolving threats.

As a Senior Product Security Engineer at Trainline, you will be responsible for...

Security in the Development Lifecycle:

  • Drive the integration of security into every stage of the Software Development Lifecycle (SDLC).

  • Design, implement, and manage security controls to ensure secure product design, development, and deployment.

Threat Analysis and Mitigation:

  • Collaborate with cross-functional teams to perform threat modelling, identify security risks, and implement effective countermeasures.

  • Proactively assess the security posture of applications through code reviews, manual penetration testing, and static/dynamic security testing (SAST/DAST).

Security Tooling and Automation:

  • Implement and maintain security tools used in the development and deployment processes (e.g., scanning tools, vulnerability management systems, SAST, DAST, ASPM).

  • Automate security processes to streamline secure development and operational workflows.

Incident Detection and Response:

  • Work with engineering and platform teams to detect, analyse, and remediate vulnerabilities in systems and applications.

  • Ensure vulnerabilities are mitigated effectively and implement permanent fixes to prevent reoccurrence.

Training and Security Advocacy:

  • Develop and deliver training programs to enhance the organisation’s understanding of secure coding and deployment practices.

  • Serve as a security mentor and advocate, fostering a culture of security awareness across engineering and business teams.

Compliance and Standards:

  • Ensure product security practices align with relevant security frameworks and standards (e.g., OWASP, NIST, ISO 27001, GDPR, PCI DSS).

  • Support regulatory compliance efforts and maintain evidence to meet audit requirements.

Collaboration and Communication:

  • Function as the primary interface between security, development, and infrastructure teams, ensuring seamless collaboration on security initiatives.

  • Provide clear documentation, reports, dashboards, and metrics to communicate application security status and progress.

Continuous Improvement:

  • Stay up to date with emerging threats, vulnerabilities, and best practices in product security.

  • Identify opportunities to enhance security processes and implement innovative solutions to improve resilience and efficiency.

We'd love to hear from you if you have...

Application Security Expertise:

  • Deep understanding of identifying, assessing, and mitigating security risks in application designs, code, and deployed products.

  • Experience managing and using security testing tools such as SAST, DAST, and vulnerability scanning solutions.

  • Strong grasp of secure coding practices and proficiency in integrating security into the Software Development Lifecycle (SDLC).

Technical Knowledge and Implementation experience:

  • Direct experience with threat modelling, security reviews, and penetration testing.

  • Proven ability to secure cloud-native architectures, containerization technologies, and Infrastructure as Code (IaC) environments.

  • Familiarity with industry standards and frameworks such as OWASP, BSIMM, PCI DSS, ISO 27001, and GDPR.

Security Integration experience:

  • Demonstrated ability to seamlessly integrate secure development practices into SDLC/SSDLC workflows.

  • Skilled in implementing technical security controls and driving security automation within CI/CD pipelines.

Risk Management and Compliance knowledge:

  • Experience with identifying and managing security risks, including conducting risk assessments.

  • Working knowledge of regulatory compliance standards and frameworks.

More information:

Enjoy fantastic perks like private healthcare & dental insurance, a generous work from abroad policy, 2-for-1 share purchase plans, an EV Scheme to further reduce carbon emissions, extra festive time off, and excellent family-friendly benefits.

We prioritise career growth with clear career paths, transparent pay bands, personal learning budgets, and regular learning days. Jump on board and supercharge your career from day one!

Our values represent the things that matter most to us and what we live and breathe everyday, in everything we do:

  • Think Big- We're building the future of rail

  • Own It- We focus on every customer, partner and journey

  • Travel Together- We're one team

  • Do Good- We make a positive impact

We know that having a diverse team makes us better and helps us succeed. And we mean all forms of diversity - gender, ethnicity, sexuality, disability, nationality and diversity of thought. That's why we're committed to creating inclusive places to work, where everyone belongs and differences are valued and celebrated.

Interested in finding out more about what it's like to work at Trainline? Why not check us out onLinkedIn,InstagramandGlassdoor!


#J-18808-Ljbffr

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs Careers

Cyber Security Jobs Skills Radar 2026: Emerging Frameworks, Tools & Certifications to Learn Now

Cyber threats are evolving—and so must the people defending against them. As ransomware, AI-enhanced phishing, and supply chain attacks grow more advanced, UK employers are urgently hiring cyber security professionals with the right mix of strategic and hands-on skills. Welcome to the Cyber Security Jobs Skills Radar 2026, your go-to guide for the most in-demand tools, frameworks, certifications, and technologies shaping the UK's cyber workforce. Whether you're a SOC analyst, penetration tester, or cloud security architect, this annual radar is designed to help you stay ahead of the market.

Jobs

How to Find Hidden Cyber Security Jobs in the UK Using Professional Bodies like BCS, CIISec & More

The demand for skilled cyber security professionals in the UK has never been higher. With threats increasing in sophistication and frequency, organisations are urgently hiring ethical hackers, threat analysts, GRC specialists, and security architects. But many of the most valuable roles—particularly in government, defence, and critical infrastructure—are never publicly advertised. Instead, these jobs are shared behind the scenes through trusted networks, private communities, and professional bodies. In this article, we explore how to uncover hidden cyber security jobs in the UK using organisations like the BCS (The Chartered Institute for IT), CIISec (The Chartered Institute of Information Security), ISACA, and ISC² UK Chapter. We’ll show you how to use membership directories, special interest groups, CPD events and informal networks to gain early access to roles most people never see.

Jobs

How to Get a Better Cyber Security Job After a Lay-Off or Redundancy

Redundancy is never easy—especially in a fast-moving field like cyber security, where your skills and experience are constantly evolving. But if you’ve recently been made redundant from a cyber security role, know this: the UK cyber workforce remains in high demand, and your expertise is more valuable than ever. Whether you’re a SOC analyst, penetration tester, incident responder, security architect or GRC specialist, there are still thousands of opportunities across sectors including finance, defence, government, retail, and critical infrastructure. This guide will help you turn redundancy into a career relaunch, with a clear action plan tailored to the UK cyber security job market.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.