Sunderland | Hybrid | Permanent
What this role looks like
At tombola, everything we build is in house, which means security is not something we bolt on at the end, it is built in from the start.
As a Product Security Engineer, you will sit right at the heart of that. You will work closely with our development teams, getting real visibility of what is being built and shaping how we keep it secure as we go.
This is not a role where you are hidden away running tests in isolation. You will be collaborating, influencing, translating risk into real action, and helping teams make better security decisions every day.
You will play a key part in protecting our platform, our players, and our business as we continue to grow.
We’re big on working together, so you’ll spend around 3 days a week in our Sunderland office getting that face to face time with the team, with around 2 days working from home for a bit of focus and flexibility.
What you will be doing
You will be involved across three key areas of product security:
External testing
Working with third party partners to meet regulatory requirements and making sure we are always one step ahead.
- Supporting annual and quarterly security testing
- Choosing the right external tools and providers
- Turning findings into clear, actionable improvements across our platform
Internal testing
Taking ownership of how we proactively test and improve our security internally.
- Running automated and manual security testing across our sites
- Identifying and prioritising vulnerabilities across the platform
- Continuously improving our tooling to keep pace with evolving threats
Secure development lifecycle (SDLC)
Embedding security into how we build, not just how we test.
- Partnering with developers, product and infrastructure teams
- Helping prioritise and resolve vulnerabilities early in the lifecycle
- Supporting pre go live testing to reduce risk
- Building and integrating security tooling into CI CD pipelines
- Empowering teams to make better security decisions from day one