Skip navigation

Have you considered using our job search? Click here to search our current jobs.

Have you considered using our job search? Click here to search our current jobs.

Head of Product Security


Information Technology
United Kingdom - Malmesbury Office

About Dyson IT

At Dyson, we demand the highest standard of performance from the technologies we engineer. Our people expect the same from the technology that supports them. We are a community that appreciates and advocates better engineering. A community of pioneers.  Dyson IT is transforming. Our aim, to create robust future-fit IT architecture, to manage data effectively and efficiently and continue to grow our world-class team. A team who is strategic, enabling business acceleration, growth and success.

Our Cyber Security team

It’s no secret that our intellectual property is critical to our success. But how do we keep it from the prying eyes of the bad guys? Dyson’s Global Cyber Security works to keep our secrets secret and secure our crown jewels using advanced technologies to stay one step ahead of the game.

We take a pragmatic approach, transforming cyber security in order to enhance our business resilience, enable our colleagues to move fast, delight our customers, and better manage potential cyber disruption. Investing in new cyber security capabilities across technology, process, and people, we build on and leverage our strong cyber security ecosystems to tackle future threats.

There are four pillars within Dyson Cyber Security: Security Risk & Compliance, Security Design and Delivery Assurance, Cyber Defence, and Cyber Delivery. Together, they enable the secure and successful delivery of new projects.

Dyson’s Global Cyber Security, as you would expect, is constantly evolving to address the emerging security needs as we develop new products and the security threat landscape changes.

About the role

We are recruiting within our Cyber Team for an exceptional Head of Product Security  This role is responsible for ensuring that Cyber Security is embedded in the products we design and sell.

This role will work closely with several development scrum teams, engineers, architects, developers, product owners and stakeholders daily helping ensure Dyson’s latest ideas and innovations have security designed in from the start. 

This role will lead a highly talented team of cyber specialists who provide consultancy to other scrum teams in the form of architecture work, software development, advice, policy, requirements and guidance.

This role is responsible for working with stakeholders to agree and sign off security standards covering all aspects of product development including how the team is engaged as part of the SDLC.

This role does support remote working and has an expectation the successful candidate will be able to go into the Bristol office at least 2-3 times a week.

The Person

Dyson looks for people with strong technical skills combined with a positive mindset, that seek to find the best solutions for all involved, challenging where things look wrong. We seek individuals that are constantly seeking to improve both themselves and the place where they work. So, whether it is beating a security challenge, or helping to refine and improve the way we deliver security, personal engagement in making things better is vital.

You will ideally have experience with waterfall, agile, and hybrid delivery and be willing to define new approaches that enable Dyson to securely deliver rapid changes in business trajectory.

The successful candidate will have technical experience in IT infrastructure (on-prem & cloud-native) hardening, design & delivery of security architectures, establishing & maintaining security best-practice as well as providing security consulting. You’ll need to be conversant with methodologies around DevSecOps, Risk Management, IoT/IIoT/OT Security as well as being able to describe solutions using Enterprise Architecture approaches.

Career Path

Security Assurance job roles contain a number of levels that allow candidates to gain rounded security experience as they progress though levels. Everyone is expected to support the growth of those below them in seniority through knowledge sharing, mentoring, and delegation.

This role is part of the Security Design Assurance career path and links with the Security Delivery Assurance path which can provide entry level architects who bring with them the knowledge and skills they gain. There are two levels to the Security Design Assurance career path: Entry Level; and Practitioner. For each tier there are requisite levels of demonstrable experience and professional accreditations required before progressing to the next level.


  • Leading a team of security specialists supporting Dyson's IoT Projects.

  • Responsible for security of Dyson's IoT program, including the millions IoT Dyson products in customers’ homes.

  • Responsible for security assurance of the products Dyson releases.

  • Part of the design and innovation team that comes up with new ways to build IoT products

  • Maintain positive engagement and stakeholder support for IoT security to ensure it is understood and supported.

  • Help teams to comply with Dyson Security policies and best-practices.

  • Ensure that security requirements are identified, represented and met in all projects and initiatives.

  • Produce & maintain security documentation including technical design patterns as well as operations manuals.

  • Keep abreast of security advisories/alerts/trends/practices as part of the professional development plan.

  • Communicate with technical and non-technical audiences at various levels up to Senior Leadership, including project managers, delivery teams, the global Cyber Security team, and business risk owners + 3rd parties.

  • Drive your own ongoing skills growth within Dyson and mentor those below you.

  • Help design and build repeatable methodologies that improve Cyber security and efficiency.

Required Skills

  • Strong background in IoT and Cyber Security.

  • Translating technical risks into business risks

  • Designing solutions to comply with industry regulations (e.g. PCI, GDPR and more bespoke regulations).

  • Providing pragmatic security guidelines and advice.

  • Specifying appropriate controls to the context of a problem.

  • Pragmatic risk assessment and management appropriate to the context, e.g. utilising OWASP AppSec guidance.

  • Designing security solutions architecture using software engineering best practise—UML modelling & sequence diagrams.

  • Defining and publishing policies and procedures.

  • Experience defining sprints and programme increments.

  • Good understanding of Agile development methodologies, especially SCRUM/SAFE.

  • Good understanding of Atlassian tooling.

  • Good written and verbal communication skills, able to negotiate, influence, inspire and motivate.

  • Strong relationship building skills, including the ability to relate constructively to people at all levels of the organisation.

  • Ability to articulate ideas to both technical and non-technical people and an ability to drill down client requirements.


  • 27 days holiday (plus statutory bank holidays )

  • Pension scheme 

  • Performance related bonus 

  • Life assurance 

  • Sports centre 

  • Free on-site parking 

  • Subsidised café, restaurants and free lunches

  • Discounts on Dyson machines

  • Free Hair Salon

  • Concierge service


Our culture is unique. It's not easy or comfortable. It's certainly not for everyone, but if you thrive on challenge and are excited by change – it could be for you.

At Dyson, it's about more than our machines. We recognise that our success comes from our inventive people. We believe in including everybody and supporting you on your journey with us

Interview guidance

We are following the government guidelines regarding COVID19. At this time all interviews will be conducted via video or telephone. We’re taking these precautionary measures to protect both our employee and candidate wellbeing. Our Talent Acquisition team will work with you and provide further information as appropriate. 

Closing date: 28 October 2021