Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Join our team to conduct security reviews and educate engineers on application security.
- Company: Fortinet, a leader in cybersecurity with a collaborative culture.
- Benefits: Competitive salary, flexible work options, and opportunities for professional growth.
- Why this job: Make a real impact by securing innovative applications and driving security best practices.
- Qualifications: 5+ years in information security and strong coding skills in Java, .NET, Python, or JavaScript.
- Other info: Be part of a global team with excellent career advancement opportunities.
The predicted salary is between 36000 - 60000 £ per year.
Fortinet is looking for a Sr. Application Security Engineer to join the Corporate Information Security team. This is a highly technical role, with responsibilities conducting security reviews on various Fortinet applications, providing security education to our engineers and handling externally reported vulnerabilities.
Key Responsibilities:
- Serve as an application security subject matter expert who provides guidance to internal teams.
- Work closely with development teams, perform code reviews, penetration tests, and architectural reviews on existing codes and new features.
- Develop, implement, and communicate vulnerability mitigation strategies to development teams.
- Handle externally reported vulnerabilities as a member of Corporate Information Security Responsible Disclosure Program committee.
- Drive Fortinet static and dynamic application security testing program.
- Develop strategies, evaluate solutions, design and implement tools, processes and controls to ensure that security and privacy are designed in Fortinet applications.
- Advise development teams on SDLC best practices.
- Proactively research new attack vectors on applications that may affect Fortinet applications and infrastructure.
- Be part of a global distributed team to share knowledge, workload and assignments. Strong sense of teamwork is required.
- Coach peers in application security concepts and best practices.
Required Skills/Experience:
- 5+ years of work experience as an Information Security Researcher or Engineer.
- 3+ years of experience with manually auditing source code to find security issues or programming skills in one or more of: Java, .NET, Python or JavaScript frameworks.
- Strong understanding on OWASP TOP 10 vulnerabilities.
- Strong understanding of common API security risks.
- Strong understanding on Cloud-Native application architecture, microservices, containerization technologies, secure deployment and implementation issues.
- Proven experience in application penetration testing.
- Proven experience in security code review.
- Proven experience in application security testing (DAST, SAST, IAST, SCA) tools and processes.
- Strong foundation in computer and network security, authentication & authorization, security protocols and applied cryptography.
- Solid understanding with web security standards such as CSP, SOP, CORS, and emerging web security technologies.
- Solid understanding on CI/CD pipelines, build systems and DevSecOps principles.
- Experience defining security architecture patterns and standards in a large enterprise organization.
- Experience with cloud-based security solutions and familiarity with cloud service providers, particularly in relation to application security.
- Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.
- Efficiency with web proxies such as Burp or OWASP ZAP or Fiddler.
- Understanding of OAuth and JWT implementations.
- Ability to organize & communicate effectively, both written and verbal, with technical and non-technical people across functional teams.
- A BS degree in Computer Science, Cyber Security, other tech-related degree, or equivalent experience.
- Experience in Cloud Security Posture Management (CSPM) and/or Application Security Posture Management (ASPM) tools is a plus.
- Having OSWE OSCP, GWEB, GPEN or similar certificate is a plus.
- Experience in Mobile Application Penetration Testing is a plus.
- Familiarity with AI&ML & LLM concepts, AI Red Teaming, AI Guardrails is a plus.
Senior Application Security Engineer in Reading employer: Fortinet
Contact Detail:
Fortinet Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Application Security Engineer in Reading
✨Tip Number 1
Network like a pro! Attend industry meetups, webinars, or conferences where you can connect with fellow security enthusiasts. Don't be shy—introduce yourself and share your passion for application security; you never know who might have a lead on your dream job!
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your projects, code reviews, or any penetration tests you've conducted. This not only demonstrates your expertise but also gives potential employers a taste of what you can bring to the table.
✨Tip Number 3
Prepare for interviews by brushing up on common application security topics, especially the OWASP TOP 10. Be ready to discuss your experience with tools like Burp or OWASP ZAP, and how you've tackled vulnerabilities in past roles—this will show you're the right fit for the team!
✨Tip Number 4
Don't forget to apply through our website! It’s the best way to ensure your application gets noticed. Plus, we love seeing candidates who are proactive about their job search—so go ahead and hit that apply button!
We think you need these skills to ace Senior Application Security Engineer in Reading
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Senior Application Security Engineer role. Highlight your experience with security reviews, code audits, and any relevant tools you've used. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about application security and how your background makes you a perfect fit for our team. Don't forget to mention any specific projects or achievements that showcase your expertise.
Showcase Your Technical Skills: In your application, be sure to highlight your technical skills, especially in areas like OWASP TOP 10 vulnerabilities, penetration testing, and secure coding practices. We love seeing candidates who can demonstrate their knowledge and experience in these key areas.
Apply Through Our Website: We encourage you to apply through our website for the best chance of getting noticed. It helps us keep track of applications and ensures you’re considered for the role. Plus, it’s super easy to do!
How to prepare for a job interview at Fortinet
✨Know Your Stuff
Make sure you brush up on your knowledge of application security, especially the OWASP TOP 10 vulnerabilities. Be ready to discuss your experience with code reviews and penetration testing, as well as any specific tools you've used like Burp or OWASP ZAP.
✨Showcase Your Team Spirit
Since teamwork is key in this role, be prepared to share examples of how you've collaborated with development teams in the past. Highlight any experiences where you coached peers or contributed to a team project, as this will demonstrate your ability to work well in a distributed environment.
✨Talk About Vulnerability Management
Discuss your approach to handling externally reported vulnerabilities. Be ready to explain how you've developed and communicated mitigation strategies in previous roles, and how you would apply that knowledge at Fortinet.
✨Stay Current with Trends
Research the latest trends in application security, including cloud-native architectures and emerging web security technologies. Being able to discuss new attack vectors and how they might affect Fortinet applications will show that you're proactive and knowledgeable in your field.
