Junior Product Security Engineer 🔐

Job Description

Sunderland | Hybrid | Permanent

What this role looks like 🎯

At tombola, everything we build is in house, so security is built in from day one, not added at the end.

As a Junior Product Security Engineer, you’ll be right at the heart of that. You’ll work closely with our development teams, getting visibility of what’s being built and supporting how we keep it secure as we go.

This is a great opportunity for someone earlier in their security career who wants to learn, get hands-on experience, and build their knowledge in a supportive environment. You won’t be working in isolation, you’ll be collaborating with teams, learning from others, and getting stuck into real work from day one.

We’re big on working together, so you’ll spend 3 days a week in our Sunderland office and 2 days working from home.

What you will be doing 👀

You’ll get exposure across different areas of product security, including:

Supporting security testing
Helping with internal and external testing activities to keep our platform secure.

• Supporting regular security testing

• Working with third party partners

• Helping review findings and track actions

Learning and contributing to internal testing
Getting hands-on with tools and approaches used to identify vulnerabilities.

• Running automated security checks

• Supporting vulnerability identification and tracking

• Learning how we test and improve security internally

Getting involved in the development process
Working alongside developers to understand how security fits into what we build.

• Supporting teams to understand security best practice

• Helping identify issues early in the development process

• Learning how security is built into our pipelines and ways of working

What we are looking for 🧠

You don’t need to have everything below, but this is the kind of experience that will help:

• A genuine interest in security and a willingness to learn

• Some exposure to security, either through work, study or personal projects

• Basic understanding of common vulnerabilities (e.g. OWASP Top Ten)

• An interest in how applications and systems are built

• Awareness of cloud or modern development environments

• Problem solving mindset and curiosity

Nice to have 👍

• A degree (or similar) in Cyber Security, Computer Science or a related field

• Any relevant certifications or training

• Exposure to security tools or testing approaches

What will set you apart ⭐

• Good communication skills and willingness to ask questions

• A proactive mindset and eagerness to develop

• Interest in working closely with different teams

• Someone who takes pride in doing things properly

Why tombola? 🎱

We’re not your typical tech company. Everything we build is ours, which means you’ll have the chance to learn, grow and make a real impact from early on.

You’ll be part of a team that genuinely cares about:

• Doing things the right way

• Supporting each other

• Building products we’re proud of

Plus… we’ve got some pretty great benefits too, click here to check them out.

At tombola we know that our differences make us stronger and that thinking differently is key to long term success. We work hard to create a culture of inclusivity where everyone can celebrate our Free to be me value. We are committed to creating opportunities for everyone here at tombola, we welcome applications from all backgrounds and encourage individuals to apply, even if you don’t meet every requirement.