Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Join us to embed security in the software development lifecycle and conduct thorough application security testing.
- Company: Be part of a forward-thinking tech company dedicated to secure coding and innovative solutions.
- Benefits: Enjoy flexible working options, competitive salary, and opportunities for professional growth.
- Why this job: Make a real impact by protecting applications and educating teams on security best practices.
- Qualifications: 5+ years in application security with strong coding knowledge and hands-on experience in security tools.
- Other info: Ideal for those passionate about security and eager to work in a collaborative environment.
The predicted salary is between 48000 - 72000 £ per year.
The Role
- Embed security best practices within the SDLC, collaborating with developers to ensure secure coding.
- Conduct security assessments, identify potential threats, and mitigate risks in web and mobile applications.
- Perform application security testing (SAST, DAST) and manual security code reviews.
- Implement and manage security tools such as SAST, DAST, SCA, and CI/CD security integrations.
- Investigate security incidents, prioritise remediation and guide teams on secure development practices.
- Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.).
- Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices.
Skills
- 5+ years of experience in application security, penetration testing, or software security engineering.
- Strong knowledge of secure coding principles in one or more languages (e.g., Python, Java, JavaScript, Go, .NET).
- Hands-on experience with SAST, DAST, SCA and security automation in CI/CD pipelines.
- Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes).
- Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks.
- Experience conducting threat modelling, code reviews and penetration testing.
- Excellent communication skills with the ability to influence and educate development teams.
- Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP are a plus.
- Experience with Infrastructure-as-Code security (Terraform, CloudFormation) is desirable.
- Knowledge of API security best practices and standards (OAuth, JWT, OpenID) is desirable.
- Familiarity with DevSecOps principles and security automation in CI/CD pipelines is desirable.
Senior Application Security Engineer employer: RiverSafe
Contact Detail:
RiverSafe Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Application Security Engineer
✨Tip Number 1
Familiarise yourself with the specific security tools mentioned in the job description, such as SAST and DAST. Having hands-on experience with these tools will not only boost your confidence but also demonstrate your practical knowledge during interviews.
✨Tip Number 2
Brush up on your understanding of secure coding principles in languages like Python or Java. Being able to discuss real-world examples of how you've applied these principles can set you apart from other candidates.
✨Tip Number 3
Stay updated on the latest security threats and vulnerabilities by following industry news and participating in relevant forums. This will help you engage in informed discussions during interviews and show your passion for application security.
✨Tip Number 4
Prepare to discuss your experience with cloud security and container security, as these are increasingly important in application security roles. Be ready to share specific projects where you've implemented security measures in cloud environments or with containerisation technologies.
We think you need these skills to ace Senior Application Security Engineer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights your experience in application security, penetration testing, and secure coding principles. Use specific examples that demonstrate your hands-on experience with SAST, DAST, and CI/CD security integrations.
Craft a Strong Cover Letter: In your cover letter, express your passion for application security and how your skills align with the job requirements. Mention your familiarity with industry standards like OWASP Top 10 and regulatory requirements such as GDPR and PCI-DSS.
Showcase Relevant Projects: If you have worked on projects involving cloud security or container security, be sure to include these in your application. Highlight any specific tools or frameworks you used, such as Terraform or Docker, to demonstrate your practical knowledge.
Prepare for Technical Questions: Anticipate technical questions related to secure coding practices, threat modelling, and security assessments. Be ready to discuss your experience with various security certifications and how they apply to the role.
How to prepare for a job interview at RiverSafe
✨Showcase Your Technical Expertise
Be prepared to discuss your hands-on experience with SAST, DAST, and security automation in CI/CD pipelines. Highlight specific projects where you implemented these tools and the impact they had on application security.
✨Demonstrate Secure Coding Knowledge
Familiarise yourself with secure coding principles in languages relevant to the role, such as Python or Java. Be ready to explain how you've applied these principles in past projects and how you can educate others on them.
✨Discuss Industry Standards and Frameworks
Understand key industry standards like OWASP Top 10 and NIST. Prepare to discuss how you have ensured compliance with these standards in previous roles and how you would approach this at their company.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that assess your problem-solving skills in real-world situations. Think of examples where you identified threats, conducted threat modelling, or responded to security incidents, and be ready to walk through your thought process.
