Senior Application Security Engineer in London

We are seeking a Senior Security Engineer (Application) to help strengthen and mature application security practices across a fast-moving engineering organisation. This is a hands-on technical role focused on embedding security into engineering workflows, improving secure development practices and ensuring security is integrated throughout the software delivery lifecycle. The successful candidate will work closely with platform engineering, software engineering and architecture teams to identify security risks early, implement scalable controls and tooling and help drive modern DevSecOps and security-by-design practices across the organisation. The role requires a strong technical security engineer who remains close to engineering, understands modern application attack vectors and can balance security, scalability and developer experience. Operating within the wider Security Engineering function, the role will contribute towards improving organisational security maturity, strengthening application security capabilities and ensuring security standards evolve alongside modern engineering and platform practices.

Main Responsibilities

• Partner with all engineering teams to embed security-by-design principles into applications, platforms and engineering workflows
• Perform threat modelling exercises across new applications, services, APIs and platform changes
• Review application architectures and engineering designs to identify security risks and recommend mitigations
• Drive secure-by-design and DevSecOps practices across engineering workflows and CI/CD pipelines
• Implement and manage secure code scanning, software supply chain security and application security tooling across modern delivery platforms
• Support implementation, tuning and operational maturity of application security tooling including SAST, DAST, SCA, secrets detection and cloud security platforms
• Identify, prioritise and support remediation of application, API and software supply chain vulnerabilities
• Define and maintain secure development standards, reusable security patterns and application security guardrails
• Work closely with developers to improve secure coding practices, vulnerability remediation and security awareness
• Support API security, authentication, authorisation and secrets management best practices across distributed systems
• Work closely with platform teams to improve security across containerised applications, Kubernetes environments and cloud-native platforms
• Develop security automation and self-service capabilities that improve developer experience whilst reducing risk
• Strong understanding of Layer 7 security concepts including API security, web application security, authentication, session management and protection against common web-based attack vectors such as OWASP Top 10 threats
• Contribute towards incident response, vulnerability management and security investigations where required
• Continuously evaluate emerging application security threats, tooling and industry best practices to improve the organisation’s security posture

Main Requirements

• 3+ years experience in a dedicated or heavily security-focused engineering role
• Strong background in application or product security engineering within modern software environments
• Experience embedding security into CI/CD pipelines and software engineering workflows
• Strong understanding of DevSecOps principles and secure software development lifecycle practices
• Hands-on experience with secure code scanning and application security tooling including SAST, DAST, SCA, dependency scanning and secrets detection platforms
• Experience with modern cloud and security platforms such as Wiz, Prisma Cloud or similar tooling
• Strong understanding of modern application attack vectors, API security and software supply chain security risks
• Experience working with containerised applications, Kubernetes and cloud-native environments
• Ability to help design and implement scalable security controls within modern engineering and platform environments
• Strong troubleshooting, communication and stakeholder management capabilities
• Experience operating within regulated or high-availability environments is advantageous

What’s in it for you?

• Experience a dynamic and team-orientated work environment.
• Opportunities for personal growth and learning
• An open, inclusive and supportive team where you will be valued, and your suggestions will be welcome.
• 26 days paid holiday per year. This is in addition to local public holidays.
• Hybrid Working
• Risk Benefits such as pension, Life Assurance (4x annual salary), Private Medical Insurance
• Flexible core hours between 10am – 4pm
• Receive support whenever you need it with our Employee Assistance Program, available 24/7.
• Local discounts and more…

Our team is committed to keeping remuneration and benefits under constant review to make sure what we offer stays relevant.