Manager, Product Security - Poppulo Luton, England, United Kingdom Bookmark Share Print 139 0 0

Listing Description


Are you searching for an opportunity to play a key role in driving the dramatic growth of a highly successful software company? 

Here at Poppulo the market’s most comprehensive omnichannel employee communications platform with unmatched personalization, measurement capabilities, and class-leading space management solution. And we want you to be part of it.

We serve 6,000+ customers, connecting with and serving content to over 35 million employees in more than 80 countries. 

Confidence can sometimes hold us back from applying for a job. But truly, there's no such thing as a 'perfect' candidate. We are a place where everyone can grow. So however you identify and whatever background you bring with you, please apply if you meet the requirements of this role in the broadest sense and if this is a role that would make you excited to come to work every day. 

Key Responsibilities

  • Manage the application security team to evaluate and analyze the security posture of the organization's SaaS and on-premise software products.

  • Oversee application security vulnerability testing and is familiar with application Pen test tools and methodologies.

  • Meet or exceed contractual and compliance obligations for application Pen testing and software composition.

  • Work closely with Product and Development teams to ensure that vulnerabilities are remediated in a timely manner.

  • Collaborate with product and development teams in application security and application architecture.

  • Work closely with the Operational security team on end point scanning and attack surface security.

  • Ensure that SCA and the resultant SBOM are commensurate with the organization's risk posture and licensing requirements.

  • Responsible for ensuring that the Development team receives periodic training on secure development practices.

  • Formalizing a bug bounty program for the intake of discovered vulnerabilities.

  • Participate in and support application security reviews and threat modeling.

  • Performs audits of development to ensure adherence to the SDLC.

  • Growing the organization's application and infrastructure security program to address the ever-evolving threat landscape.

Candidate Expertise Required 

  • 2-3 years managing web application security.

  • 1-3+ years of experience in software engineering working in .NET, JavaScript, React, HTML, AWS Micro Services, Python, or AWS-based lambda.

  • 2+ years working on security principles in software engineering with expert knowledge in Open Web Application Security Project (OWASP) security principles.

  • Working knowledge of software vulnerabilities and CVE ratings.

  • Experienced in Network, Web and Mobile technologies and vulnerabilities

  • Familiarity with penetration testing tools such as Nessus vulnerability scanners, Burp Suite Pro, Metasploit, Kali Linux.

  • Ability to test a variety of projects simultaneously and to learn new tools and security testing methodologies in a team-oriented environment

  • Working knowledge of CI/CD pipelines and traditional software deployment methods.

  • Working knowledge of AWS and Azure container solutions, including Kubernetes.

  • Working knowledge of container lifecycles and container security

  • Familiarity with AWS, Azure, and data center technologies.

  • Knowledgeable about source code repositories and software composition analysis

  • Experience with common security libraries, security controls, and common security flaws.

  • Basic development or scripting experience and skills.

  • Experience with OWASP, SAST/DAST analysis, and common security tools.

  • A basic understanding of network and web related protocols (e.g. TCP/IP, UDP, HTTP, HTTPS, protocols).

  • Comfortable working with developers and product managers.

  • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

  • Conduct or procure secure coding training for Software Engineers.

  • Facilitate our secure SDLC which includes AVS scanning, SD3+C, and PD3+C methodologies, etc.

  • Facilitate security design sessions, documenting and diagramming the proposed design.

  • Perform threat modelling using DREAD and STRIDE.

  • Review and maintenance of service documentation.

  • Develop detailed vulnerability reports for application owners and management teams.

  • Conduct detailed penetration test report read-outs with application owners and management teams and provide remediation recommendations.

  • Assist with application security standards and policy documentation

  • Excellent organizational, analytical, verbal and written communication skills are essential.

  • Strong customer service skills.

Why Us? 

  • An excellent workplace culture 

  • Competitive salary 

  • Company performance-related bonus

  • Medical insurance 

  • Flexible working hours 

  • Educational assistance 

  • In-house soft skills training 

Who We Are

We are a values-driven organization that encourages our employees to bring their authentic selves to work every day and empowers everyone to make a tangible impact on our products, clients and culture. We offer a dynamic environment with driven, fun and flexible individuals, who thrive on challenge and responsibility. This is an opportunity to contribute to our culture and join a company that’s on the move. 

Named a Great Place to Work in 2015, 2016, 2017, 2018, 2019, 2020 and 2021 , we are one of the fastest growing technology companies in Ireland with additional offices in the US and the UK. 

This is an opportunity to contribute to our culture and join a company that’s on the move. We live the Poppulo company values each day and they are key to everything we do. 

“Bring Your Best Self”, “See It”, “Own It”, “Solve It”, and “Together We're Better” 

Poppulo is an equal opportunity employer.  

We disclose your personal information to our private equity sponsor, Vista Equity Partners, and its affiliates, including Vista Consulting Group (collectively, “Vista”), for administration, research, database development, workforce analytics and business operation purposes, in line with the terms of this Privacy Policy. Vista processes and shares your personal information with its affiliates, including other Vista portfolio companies, on the basis of its legitimate interests in managing, administering and improving its business and overseeing the recruitment process and, if applicable, your employment relationship with Four Winds Interactive LLC. If you have consented to us doing so, we also share your personal information with other Vista portfolio companies for the purpose of being considered for other job opportunities in the pooling system, both inside and outside the EEA. Please find a full list of all Vista portfolio companies at: and Vista’s privacy policy at Where this requires us to transfer your personal information outside of the EEA, please refer to the FWI  Privacy Policy for further details on cross-border transfers. In connection with the recruitment process, your personal data may be transferred outside of the EEA to iCIMS and/or Greenhouse, Hirebridge, LLC and Criteria Corp., which provide applicant tracking and evaluation services. Hirebridge, LLC and Criteria Corp. have agreed to comply with the EU Standard Contractual Clauses to ensure that your personal information is adequately protected whilst outside of the EEA. 

Listing Details

  • Citizenship: Not Provided
  • Incentives: Not Provided


  • Education: Not Provided
  • Travel: Not Provided
  • Telework: Not Provided

About Us

NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

Our Contacts

1765 Greensboro Station Pl.
Suite 900
Tysons Corner Va 22102

(703) 594-7765