Senior Application Security Engineer in London

Prolific is not just another player in the AI space – we are the architects of the human data infrastructure that's reshaping the landscape of AI development. In a world where foundational AI technologies are increasingly commoditized, it's the quality and diversity of human-generated data that truly differentiates products and models. The role Security at Prolific isn't an afterthought, it's foundational to how we build. As a company trusted by world‑leading research institutions and AI labs to handle sensitive data at scale, the security of our application layer is critical. We handle participant data, researcher credentials, payment flows, and API integrations that demand rigorous protection at the code level.

As a Senior Application Security Engineer, you'll be the technical authority on application security at Prolific. You'll work hands‑on with our engineering teams to find and fix vulnerabilities in our codebase, perform security testing, build security tooling, and embed secure development practices into how we ship software. This isn't a governance or policy role, you'll be in the code, reviewing pull requests, threat modelling new features, and building the automation that keeps our platform secure as we scale. You'll report to the Head of Engineering/Platform and work cross‑functionally with product engineering, platform, data, and TechOps teams.

What you'll bring to the role:

• Several years in application/product security or security engineering
• Strong knowledge of OWASP Top 10 (Web & API) and modern attack paths (e.g. auth flaws, SSRF, injection, business logic abuse, supply chain)
• Experience working with complex, large‑scale systems and modern architectures
• Hands‑on security testing experience (especially Burp Suite) across web apps and APIs
• Python for security tooling, automation, or custom detection (Django a plus)
• Experience implementing and tuning SAST, SCA, DAST, and secret scanning in CI/CD
• Practical threat modelling experience, including leading lightweight sessions
• Strong collaboration skills, able to clearly explain issues and drive remediation
• Builder mindset, you automate wherever possible

Nice to haves:

• Experience with Django, Vue.js, MongoDB, GCP
• Security champions or bug bounty programmes
• Supply chain security (SCA, SBOMs, dependency review)
• IaC security (e.g. Terraform, policy‑as‑code)
• Experience in scaling environments building out security practices

What you'll be doing in the role:

You'll help secure Prolific's applications end‑to‑end, from hands‑on testing and code review to threat modelling and CI/CD security. You'll partner closely with engineers to identify and fix vulnerabilities, build and tune security tooling, and embed secure development practices across the SDLC. This includes running penetration tests, improving detection coverage, and staying ahead of emerging threats to continuously strengthen our security posture.

Why Prolific is a great place to work:

We've built a unique platform that connects researchers and companies with a global pool of participants, enabling the collection of high‑quality, ethically sourced human behavioural data and feedback. This data is the cornerstone of developing more accurate, nuanced, and aligned AI systems. We believe that the next leap in AI capabilities won't come solely from scaling existing models, but from integrating diverse human perspectives and behaviours into AI development. By providing this crucial human data infrastructure, Prolific is positioning itself at the forefront of the next wave of AI innovation – one that reflects the breadth and the best of humanity. Working for us will place you at the forefront of AI innovation, providing access to our unique human data platform and opportunities for groundbreaking research. Join us to enjoy a competitive salary, benefits, and remote working within our impactful, mission‑driven culture.