At a Glance
- Tasks: Lead application security across the SDLC, including threat modelling and secure code review.
- Company: Join a fast-growing global SaaS business based in Belfast, leading security initiatives.
- Benefits: Enjoy 35 days annual leave, private health, and hybrid or remote work options.
- Other info: Position reports to the Senior Manager of Information Security.
- Why this job: This role offers a chance to influence security culture and drive change in a global engineering team.
- Qualifications: 5+ years of hands-on application security experience and proficiency in Python, Bash, or Go.
The predicted salary is between 60000 - 80000 Β£ per year.
We're working with a fast-growing global SaaS business to find a Staff Application Security Engineer based in Belfast. This is a senior, high-impact hire that will act as the security lead for the Belfast office and wider UK region, sitting at the intersection of technical expertise, engineering partnership, and security leadership.
The Role
Reporting into the Senior Manager of Information Security, you'll own the application security programme across a global engineering organisation. This isn't a purely advisory position; you'll be hands-on, embedded with engineering teams, and expected to drive real change across the secure software development lifecycle. You'll work closely with Principal Engineers to influence technical direction, lead vulnerability remediation efforts, manage relationships with penetration testing vendors, and champion a security-first culture across the business.
What You'll Be Doing
- Leading application security across the full SDLC, including threat modelling, secure code review, and security architecture consultation
- Owning the enterprise secrets management programme, defining standards and implementing solutions across all environments
- Partnering with offensive security and pen test vendors to identify, validate, and remediate vulnerabilities
- Driving adoption of security tooling including SAST, DAST, Snyk, and related platforms
- Mentoring engineers and building security awareness and maturity across global teams
- Supporting incident response and providing deep technical expertise during security investigations
What We're Looking For
- 5+ years hands-on application security experience, including secure code review, threat modelling, and AppSec tooling
- Strong engineering foundations -- this role requires someone who can partner with Principal Engineers as a technical peer
- Experience with secrets management at enterprise scale
- Proficiency in Python, Bash, or Go for automation and custom tooling
- Familiarity with OWASP Top 10 and proven ability to architect remediation solutions
- Excellent communication skills with the ability to influence technical and non-technical stakeholders across multiple global offices
- A track record of mentoring senior engineers and raising security maturity
Desirable
- Experience with Snyk or similar SCA/SAST platforms
- AWS or GCP security operations experience, particularly serverless and containerised environments
- DevSecOps background and CI/CD pipeline security experience
- Security certifications such as CSSLP, GWEB, or eCPPT
Package: Discretionary bonus, Hybrid or remote options available - based 35 days annual leave inc stat, Enhanced pension, Private health.
Please apply now if you are meeting the above criteria or contact Andrew Harrison directly.
Benefits: Work From Home
Staff Application Security Engineer TLNT1_NI in Belfast employer: Ocho
This fast-growing global SaaS company is located in Belfast and focuses on innovative security solutions. Employees enjoy a discretionary bonus and enhanced pension benefits, fostering a supportive environment for professional growth. The team values collaboration and technical expertise, making it an exciting place for security leaders.
