Application Security Engineer
Apply NowJob details
Job Title : Application Security Engineer Location : London / Remote with Flexible Working Arrangements Salary : Up to £80k per annum About the Role As an Application Security Engineer, you will play a critical role in ensuring the secure development of software across a global FinTech organisation. Working closely with software development, infrastructure, and business teams, you will help embed security practices into every stage of the software development lifecycle. You will also be responsible for threat modelling, automating security testing, and configuring security defences like Web Application Firewalls (WAF). This role is well-suited for an individual with strong technical expertise in application security and excellent communication skills. Key Responsibilities Integrate Security Practices : Collaborate with development teams to embed security into the software development lifecycle, promoting a shift-left security culture. Security Automation : Configure and manage security tools in CI/CD pipelines (e.g., GitLab, Jenkins) to automate security testing. Threat Modelling : Conduct threat modelling exercises with development and architecture teams to identify and mitigate potential risks early. WAF Configuration & Defence : Configure Web Application Firewalls (WAF) and other security defences, particularly using Akamai technologies. Monitoring & Incident Response : Build proactive monitoring tools and automation for security events, and support incident response efforts. Security Training & Advocacy : Deliver training on security best practices and tools, and write accessible documentation for security guidelines across the organization. Collaboration & Communication : Work cross-functionally with other teams to communicate security requirements and foster an inclusive security culture. Required Skills & Experience Application Security Experience : Proven experience in application security, with knowledge of security best practices and risk mitigation strategies. CI/CD Expertise : Proficiency with CI/CD pipeline tools such as GitLab, Jenkins, Azure DevOps, or GitHub Actions for security automation. Programming & Scripting : Ability to read and write code in languages such as Java, Python, JavaScript, and script in languages like Bash or PowerShell. Cloud Security Knowledge : Experience with cloud infrastructure (preferably Azure) and security measures in cloud environments. Security Tooling : Experience with common Application Security tools such as SAST, DAST, SCA, and IaC security scanning. Web Application Firewalls : Experience configuring and managing WAFs, particularly using Akamai. Relevant security certifications such as CompTIA Security, CEH (Certified Ethical Hacker), CISSP (Certified Information Systems Security Professional), or equivalent. Desirable Skills Threat Intelligence : Familiarity with OWASP Top 10, MITRE ATT&CK, and other threat frameworks, and their application to business risk management. Containerisation & Orchestration : Knowledge of Docker and Kubernetes for securing containerized applications. Agile Methodology : Experience working in agile teams, using tools like Jira for tracking and development. Soft Skills Communication : Excellent written and verbal communication skills, with the ability to explain complex security concepts in simple terms. Collaboration : Strong team player, capable of working collaboratively across departments and with diverse teams. Problem-Solving : Adept at troubleshooting security issues, identifying root causes, and implementing innovative solutions.
Apply Now