Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead secure development practices and integrate security into software delivery.
- Company: Join a forward-thinking fintech company focused on application security.
- Benefits: Enjoy 25 days of annual leave, competitive salary, and professional growth opportunities.
- Why this job: Make a real impact by enhancing application security in a dynamic environment.
- Qualifications: Experience in application security and strong understanding of secure coding techniques.
- Other info: Collaborative culture with opportunities for mentorship and continuous improvement.
The predicted salary is between 48000 - 84000 £ per year.
IFX Payments is seeking a technically skilled and proactive Application Security Engineer to embed secure development practices across its software delivery lifecycle. This role is critical in reducing application-layer risks, implementing secure coding standards, and ensuring that threat modelling and architecture reviews are consistently applied across all development efforts.
You will work closely with engineering and platform teams to integrate security into CI / CD pipelines, automate vulnerability detection, and drive continuous improvement in application security posture.
Key Responsibilities- Secure Development Lifecycle (SDLC)
- Embed security controls into CI / CD pipelines and development workflows.
- Implement and manage SAST, DAST, and SCA tools to detect vulnerabilities early in the lifecycle.
- Conduct secure code reviews and support developers in remediating findings.
- Lead threat modelling sessions using standard methodologies to identify design flaws.
- Review application architectures to ensure alignment with security objectives and mitigation of common threats.
- Maintain and update reference architectures based on threat modelling insights.
- Deploy and manage application security tools and integrate them with existing platforms.
- Automate security tasks using scripting (e.g., Python, PowerShell) or SOAR platforms.
- Ensure alignment with ISO 27001, FCA, and NIST standards.
- Contribute to audit readiness and support compliance automation platforms such as Drata.
- Work with engineering teams to promote secure coding practices.
- Support the rollout of role‑based security training and awareness initiatives.
- Act as a security champion within development squads and mentor junior engineers.
- Broad experience in application security or secure software development.
- Strong understanding of OWASP Top 10, secure coding techniques, and threat modelling.
- Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners.
- Familiarity with cloud platforms (Azure or AWS), CI / CD pipelines, and DevOps practices.
- Knowledge of regulatory frameworks (ISO 27001, FCA, NIST).
- Excellent communication skills and ability to work cross‑functionally.
- Experience in fintech or regulated environments.
- Certifications such as OSCP, CSSLP, or CISSP.
- Familiarity with compliance automation platforms (e.g., Drata).
- Exposure to legacy system security challenges and modernisation strategies.
- A true team player with a winning mentality and strong work ethic committed to continuous improvement and high performance.
- Adaptable, tenacious and flexible who is able to perform under pressure.
Job Benefits: 25 days’ annual leave, plus
AppSec Lead / DevSecOps Lead in London employer: IFX Payments
Contact Detail:
IFX Payments Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land AppSec Lead / DevSecOps Lead in London
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can refer you directly.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your projects, especially those related to application security. This gives potential employers a taste of what you can do beyond just a CV.
✨Tip Number 3
Prepare for interviews by brushing up on common AppSec scenarios and tools. Practice explaining your thought process during threat modelling or secure coding reviews, as this will demonstrate your expertise and problem-solving skills.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace AppSec Lead / DevSecOps Lead in London
Some tips for your application 🫡
Tailor Your CV: Make sure your CV speaks directly to the role of AppSec Lead. Highlight your experience with secure coding practices, threat modelling, and any relevant tools you've used. We want to see how your skills align with what we're looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about application security and how you can contribute to our team. Be sure to mention specific experiences that relate to the job description.
Showcase Your Technical Skills: Don’t hold back on showcasing your technical prowess! Mention your familiarity with SAST, DAST, and CI/CD pipelines. We love seeing candidates who can demonstrate their hands-on experience with security tools and automation.
Apply Through Our Website: We encourage you to apply through our website for a smoother process. It helps us keep track of your application and ensures you don’t miss out on any important updates from us. Plus, it’s super easy!
How to prepare for a job interview at IFX Payments
✨Know Your Stuff
Make sure you brush up on your knowledge of application security, especially the OWASP Top 10. Be ready to discuss secure coding techniques and how you've applied them in past projects. This shows you're not just familiar with the theory but can also put it into practice.
✨Showcase Your Tools
Familiarise yourself with the security tools mentioned in the job description, like SAST, DAST, and SCA. If you've used these tools before, be prepared to share specific examples of how they helped you detect vulnerabilities early in the development lifecycle.
✨Collaboration is Key
This role involves working closely with engineering teams, so highlight your experience in cross-functional collaboration. Share examples of how you've promoted secure coding practices or mentored junior engineers in previous roles to demonstrate your team player mentality.
✨Stay Current with Compliance
Understanding regulatory frameworks like ISO 27001, FCA, and NIST is crucial. Be ready to discuss how you've ensured compliance in your previous roles and how you would approach audit readiness in this position. This will show that you take governance seriously.
