At a Glance
- Tasks: Lead application security practices and champion secure software development.
- Company: Join a dynamic team in a leading tech company focused on security.
- Benefits: Flexible hybrid working, competitive salary, and opportunities for growth.
- Other info: Inclusive culture that values diverse experiences and backgrounds.
- Why this job: Make a real impact by embedding security into innovative projects.
- Qualifications: Experience in software engineering with a strong security mindset.
The predicted salary is between 70000 - 90000 £ per year.
We’re looking for a talented and passionate Senior Application Security Engineer to join our security engineering team. You’ll have a background in software engineering and a deep interest in application and API security. You thrive on collaboration, enjoy helping others grow, and see security as an enabler — not a blocker. You’ll be an AppSec advocate who supports our engineers in identifying and addressing security issues across the software development lifecycle.
Responsibilities
- Lead the application security practice within the Loyalty division security team, taking responsibility for key security KPIs in this area.
- Champion secure software development by working closely with engineers and product teams, embedding security practices into our engineering culture.
- Provide training, offer expert advice, and drive awareness of security from the earliest stages of design through to deployment.
- Help integrate automated security tooling and checks into our CI/CD pipelines, facilitate threat modelling sessions, and review security‑sensitive design decisions around authentication, cryptography, and logging.
- Ensure tools such as SAST, DAST, and SCA are effective and efficient, and that testing programmes—including pen testing, vulnerability scanning, and bug bounty—are delivering value.
- Triage vulnerabilities, support engineering teams with practical mitigations, and contribute to documentation that strengthens our internal standards and processes.
- Maintain a strong security culture and support internal and external audits where needed.
Qualifications
- Experience in software engineering, with a strong security mindset.
- Deep understanding of web and API vulnerabilities, including the OWASP Top 10.
- Proficient in coding, scripting (e.g., Python, Bash), and automating security in CI/CD.
- Hands‑on experience with security tools like SAST, DAST, and SCA.
- Familiar with cloud environments (especially AWS), containers, and microservices.
- Comfortable reviewing technical designs, performing threat modelling, and advising on secure architecture.
- Strong communicator who collaborates well with engineers and promotes secure‑by‑default practices.
We might not be right for you if you only want to focus on your to‑do list, lack fast iteration, or want to create but not build. This is an end‑to‑end role where you need to own your space from ideation through delivery and review.
This role will work as part of our Loyalty Division and is based out of our London office. We call our approach to hybrid working “The Blend”‑it’s about giving you the flexibility to choose where you do your best work, while staying connected with your team. You should be prepared to spend at least two days per week in the office, with the rest of the time working from home.
We actively encourage applications from people with different experiences and backgrounds and are committed to ensuring our recruitment process is fair, inclusive, and accessible.
Senior Application Security Engineer employer: Avios Group (AGL) Limited
As a Senior Application Security Engineer at our London office, you'll be part of a dynamic and inclusive work culture that values collaboration and continuous learning. We offer flexible hybrid working arrangements, allowing you to choose where you perform best while fostering strong team connections. With a commitment to employee growth, you'll have opportunities to lead security initiatives, advocate for secure practices, and engage in meaningful projects that enhance your skills and career trajectory.
StudySmarter Expert Advice🤫
We think this is how you could land Senior Application Security Engineer
✨Tip Number 1
Network like a pro! Reach out to current employees on LinkedIn or at industry events. A friendly chat can give you insider info about the company culture and maybe even a referral.
✨Tip Number 2
Show off your skills in real-time! If you get the chance, ask for a technical interview or a coding challenge. This is your moment to shine and demonstrate your expertise in application security.
✨Tip Number 3
Prepare for behavioural questions by thinking of examples that highlight your collaboration and problem-solving skills. We want to see how you work with others and tackle challenges head-on!
✨Tip Number 4
Don’t forget to follow up after interviews! A quick thank-you email can keep you top of mind and show your enthusiasm for the role. Plus, it’s a great way to reiterate your interest in joining the team.
We think you need these skills to ace Senior Application Security Engineer
Some tips for your application 🫡
Show Your Passion for Security:Let us see your enthusiasm for application and API security! Share any personal projects or experiences that highlight your commitment to secure software development. We love candidates who can demonstrate their passion through real-world examples.
Tailor Your Application:Make sure to customise your CV and cover letter to reflect the specific skills and experiences mentioned in the job description. We want to see how your background aligns with our needs, so don’t be shy about showcasing your relevant expertise!
Highlight Collaboration Skills:Since we value teamwork, emphasise your ability to work closely with engineers and product teams. Share instances where you’ve successfully collaborated to embed security practices into engineering culture. We’re looking for AppSec advocates!
Apply Through Our Website:We encourage you to apply directly through our website for a smoother application process. It’s the best way for us to receive your application and ensures you don’t miss out on any important updates from our team!
How to prepare for a job interview at Avios Group (AGL) Limited
✨Know Your Stuff
Make sure you brush up on your knowledge of web and API vulnerabilities, especially the OWASP Top 10. Be ready to discuss how these vulnerabilities can impact applications and share examples from your past experiences where you've tackled similar issues.
✨Show Your Coding Skills
Since coding is a big part of this role, be prepared to demonstrate your proficiency in languages like Python or Bash. You might be asked to solve a problem on the spot, so practice coding challenges that involve security automation in CI/CD pipelines.
✨Emphasise Collaboration
This position requires a strong communicator who can work well with engineers and product teams. Think of examples where you've successfully collaborated to embed security practices into a team’s culture and be ready to share how you’ve helped others grow in their understanding of security.
✨Be Ready for Scenario Questions
Expect scenario-based questions that assess your ability to triage vulnerabilities and provide practical mitigations. Prepare by thinking through past experiences where you had to make tough decisions regarding security and how you communicated those to your team.
