Senior Application Security Engineer in London

Amach is an industry‑leading technology driven company founded in 2013, headquartered in Dublin with remote teams in the UK and Europe. We help airlines modernise their operating model using cloud, data and AI, delivering solutions with deep aviation domain expertise.

Senior Application Security Engineer is responsible for leading the application security practice, taking ownership of key security KPIs, and strengthening the security of software, systems and engineering processes. Candidates must be willing to work from the Central London office two days per week.

Responsibilities

• Lead the application security practice and drive measurable improvements in application security maturity.
• Embed secure development practices across the engineering lifecycle, from design to deployment.
• Provide expert guidance on secure architecture and design decisions.
• Facilitate threat‑modelling sessions and review security‑sensitive decisions on authentication, cryptography and logging.
• Integrate and configure automated security tooling (SAST, DAST, SCA) and oversee testing programs including penetration testing, vulnerability scanning and bug bounty initiatives.
• Triage vulnerabilities and support engineering teams with practical remediation and mitigation plans.
• Deliver training, raise awareness and champion secure‑by‑default practices across the organisation.
• Contribute to documentation, internal security standards and engineering processes.
• Support internal and external audits and promote a strong security culture across the organisation.

Required Skills

• 8+ years of experience in application security, software engineering and/or product security.
• Strong hands‑on experience in secure software development environments.
• Proficiency in coding and scripting (Python, Bash); working knowledge of GitHub‑based delivery pipelines.
• Experience leading or shaping application security practices across engineering teams.
• Deep understanding of web and API vulnerabilities, including OWASP Top 10 and modern attack patterns.
• Familiarity with modern cloud‑native environments (especially AWS), containers and microservices architectures.
• Experience working closely with software engineers to embed security into day‑to‑day development.
• Proven ability to review security‑sensitive technical designs (auth, crypto, logging).
• Hands‑on experience integrating and tuning SAST, DAST and SCA within CI/CD workflows.
• Experience supporting or evaluating security testing programmes such as penetration testing, vulnerability scanning and bug bounty.
• Practical experience triaging vulnerabilities and collaborating with engineering teams on realistic remediation plans.
• Comfortable acting as a go‑to person for technical security discussions and presenting to senior technical and non‑technical stakeholders.
• Strong communication skills and ability to provide guidance, training and practical advice that promotes secure‑by‑default engineering behaviours.
• Experience automating security controls and checks in modern software delivery pipelines.
• Ability to review application and platform designs from a security perspective.
• Strong collaboration skills and a practical, engineering‑focused approach to improving security outcomes.

Benefits

• Opportunity to join a fast‑growing company.
• Options for career advancement.
• Learning and development opportunities.
• Flexible working environment.
• Competitive salary based on experience.

Equal Opportunity Employer

Amach is an equal opportunity employer and makes employment decisions on the basis of merit. We celebrate diversity and are committed to creating an inclusive environment for all employees.