Senior Application Security Engineer

Senior Application Security Engineer

Full-Time 70000 - 80000 £ / year (est.) No working from home possible
Additional Resources

At a Glance

  • Tasks: Secure applications and collaborate with teams to enhance security in software development.
  • Company: Established health research charity focused on improving medical outcomes.
  • Benefits: Competitive salary, hybrid work model, and excellent benefits package.
  • Other info: Join a dynamic team with opportunities for professional growth in a meaningful field.
  • Why this job: Make a real difference in healthcare by securing vital applications and data.
  • Qualifications: Experience in application security and strong skills in Python and Terraform.

The predicted salary is between 70000 - 80000 £ per year.

Requirements

  • Previously worked as a Senior Application Security Engineer, Lead Application Security Engineer, Principal Application Security Engineer, Application Security Engineer, Senior Product Security Engineer, Product Security Engineer, Senior Dev Sec Ops Engineer, Dev Sec Ops Engineer, Application Security Consultant, or in a similar role.
  • Hands‑on experience embedding application security into the SDLC.
  • Experience securing APIs, internet‑facing services, Kubernetes environments, preferably AKS, and containerised environments.
  • Experience working with engineering teams and implementing security testing tools such as SAST, DAST, IAST, and SCA.
  • Knowledge of security automation, security‑as‑code, policy‑as‑code, and secure engineering practices including code review, testing, source control, and documentation.
  • Familiarity with CI/CD tools such as Git Hub and Git Hub Actions.
  • Highly skilled in Terraform and Python.
  • Strong understanding of Azure security controls and cloud security governance.
  • Experience with threat modelling in software engineering contexts.
  • Knowledge of ISO 27001 and its relevance to secure engineering.
  • Familiarity with Agile and Dev Sec Ops methodologies.
  • Eligible to work in the UK.

Responsibilities

  • Work closely with engineering and architecture teams to promote secure development from the earliest stages of delivery.
  • Implement and maintain application security testing solutions, enabling developers to identify and remediate security risks.
  • Enhance secure development processes by integrating security controls throughout CI/CD pipelines.
  • Strengthen the security of Git Hub Actions and comparable continuous integration and deployment platforms.
  • Provide technical guidance on secure API design and protecting externally accessible systems.
  • Support the security of Azure cloud infrastructure, including Azure Kubernetes Service (AKS).
  • Assist with the protection of cloud‑hosted data platforms and associated technologies.
  • Develop and maintain security‑as‑code and policy‑as‑code using appropriate tooling.
  • Automate security processes through infrastructure‑as‑code and scripting technologies.
  • Produce and maintain technical documentation, security procedures, and service documentation.
  • Support development teams with the adoption and integration of security tooling and best practices.
  • Contribute to wider cyber security initiatives, including threat modelling and compliance activities.
  • Technologies
  • API
  • Azure
  • CI/CD
  • Cloud
  • Dev Sec Ops
  • Git Hub
  • Support
  • Kubernetes
  • Python
  • Security
  • Terraform
  • More

We are a well-established health research organisation and charity that supports large-scale medical research to improve disease prevention, diagnosis, and treatment.

This is a full‑time permanent Senior Application Security Engineer role on a hybrid basis with our Central London office.

We offer a salary from £70,000 per annum and an excellent benefits package.

Visa sponsorship is not available.

  • last updated 27 week of 2026
  • #J-18808-Ljbffr
Additional Resources

Contact Details:

Additional Resources Recruitment Team

We think you need these skills to ace Senior Application Security Engineer

Application Security
SDLC Integration
API Security
Kubernetes Security
SAST
DAST
IAST