Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Secure software delivery by embedding security across platforms and leading threat modelling.
- Company: Join Cloudsmith, a leader in software supply chain security.
- Benefits: Enjoy remote work options and a collaborative culture.
- Why this job: Combine your passion for building and breaking to enhance security in a dynamic environment.
- Qualifications: Experience in software development, application security, and cloud technologies is essential.
- Other info: This role requires physical presence in the UK or Ireland; no remote work from other countries.
The predicted salary is between 43200 - 72000 £ per year.
Some people like building things. Others like breaking them. You? You love both and more importantly, you love stopping bad actors from breaking the things you helped build. If that sounds like your vibe, we’ve got a job you’ll want to see. This job is with the software supply chain company - securing and powering how software gets delivered everywhere.
What you'll do:
- Embed security across the platform, from source to prod.
- Architect security controls across distributed, cloud-native systems.
- Lead threat modeling and security reviews (and get people to enjoy them).
- Pen-test services and infra (ethically, please).
- Extend security automation and monitoring with tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc.
- Harden everything from container runtimes to APIs to artifact pipelines.
- Write secure code, review other people’s code, and help everyone level up their secure coding game.
- Build tools, automate boring stuff, and occasionally drop a ‘sploity’ proof of concept for fun.
You need:
- A background in software development. At your core, you’re a software engineer.
- Python for sure and a bit of TypeScript never hurt anyone.
- Deep application security knowledge.
- Hands-on experience with SAST, DAST, RASP, and securing cloud (preferably AWS).
- Strong grasp of container security, API security, IaC, and CI/CD.
- You’ve done pen testing, threat modeling, and maybe even built some of your own security tools.
- Big bonus if you’ve secured artifact systems or supply chains before.
- Bigger bonus if you’ve worked with Firecracker, gVisor, or fancy things like SCA and data enclaves.
- You believe security should enable, not block, engineering.
- You’re a diplomat - you gotta work with engineering to secure the SDLC, not spook them.
This job is remote on the Island of Ireland or in the UK. You need to be physically located here - you cannot work remotely from another country. Work permit sponsorship is not available.
Senior Application Security Engineer employer: JR United Kingdom
Contact Detail:
JR United Kingdom Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Application Security Engineer
✨Tip Number 1
Familiarise yourself with the latest trends in application security, especially around SAST, DAST, and cloud security. Being well-versed in these areas will not only boost your confidence but also help you engage in meaningful conversations during interviews.
✨Tip Number 2
Showcase your hands-on experience with security tools like CircleCI and AWS Security Hub. Prepare to discuss specific projects where you've implemented these tools, as practical examples can set you apart from other candidates.
✨Tip Number 3
Network with professionals in the application security field. Attend relevant meetups or webinars, and connect with current employees at Cloudsmith on platforms like LinkedIn. This can provide insights into the company culture and potentially give you a referral.
✨Tip Number 4
Prepare to demonstrate your ability to collaborate with engineering teams. Think of examples where you've successfully worked with developers to enhance security without hindering their workflow, as this aligns with the company's philosophy of enabling rather than blocking.
We think you need these skills to ace Senior Application Security Engineer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights your software development background and specific experience in application security. Emphasise your skills in Python, TypeScript, and any relevant tools like SAST, DAST, and CI/CD.
Craft a Compelling Cover Letter: In your cover letter, express your passion for both building and securing applications. Mention your experience with threat modelling, pen testing, and how you’ve collaborated with engineering teams to enhance security without hindering progress.
Showcase Relevant Projects: If you have worked on projects involving container security, API security, or have built security tools, make sure to include these in your application. Provide specific examples of how you’ve contributed to securing software supply chains.
Highlight Soft Skills: Since the role requires collaboration with engineering teams, highlight your diplomatic skills and ability to communicate complex security concepts in an approachable way. This will show that you can work effectively within a team.
How to prepare for a job interview at JR United Kingdom
✨Showcase Your Technical Skills
Be prepared to discuss your experience with Python, TypeScript, and the various security tools mentioned in the job description. Highlight specific projects where you've implemented security measures or developed security tools.
✨Demonstrate Your Problem-Solving Ability
Expect to face scenario-based questions that assess your ability to identify vulnerabilities and propose solutions. Use examples from your past experiences to illustrate how you approached similar challenges.
✨Emphasise Collaboration
Since the role requires working closely with engineering teams, be ready to discuss how you've successfully collaborated with others in the past. Share instances where you helped bridge the gap between security and development.
✨Prepare for Cultural Fit Questions
Understand the company's values and culture. Be ready to explain how your approach to security aligns with their philosophy of enabling rather than blocking engineering efforts. This will show that you're not just technically qualified but also a good fit for their team.
