Lead Application Security Engineer

Lead Application Security Engineer

Rightmove

Location: London Soho Square – Hybrid (with 2 days a week in the office)

Reporting to: Chief Information Security Officer

Business Unit: Security – General

The role

The role will sit within the Information Security team and focus on guiding and supporting the development teams to deliver secure solutions for Rightmove’s users and partners. Your input will help improve security throughout our SDLC and support our objectives to make everyone believe that they can make their move. You will also work closely with Infrastructure, Compliance, Legal and Data Protection teams to ensure Rightmove’s security requirements are met and incidents are responded to effectively.

What You’ll Be Doing

• Providing technical leadership and acting as a subject matter expert on application security best‑practice.
• Providing security training and guidance to engineering teams to embed security into the software development process.
• Deploying and configuring application security testing tools (SAST, DAST, etc.) and integrating them with CI/CD pipelines and DevOps tools where possible.
• Assessing vulnerability reports from internal tools, penetration tests and external bug submissions.
• Owning vulnerability management across our application estate, triaging issues, prioritising and tracking remediation work.
• Ensuring Rightmove applications comply with security standards, industry best practices and relevant regulations.
• Running threat modelling workshops to discover, analyse and mitigate potential risks before new features and applications are developed.
• Assisting in the investigation and resolution of security incidents related to applications.
• Writing custom applications and scripts to augment our existing information security toolset.
• Working with team members and external partners on penetration tests and red team engagements to assess security posture and recovery capabilities.
• Supporting team members by actively removing blockers.

We’re Looking For Someone Who

• Has proficiency in multiple programming languages and a strong understanding of secure coding practices.
• Has an extensive knowledge of web application architectures and common security vulnerabilities (e.g., OWASP Top 10, SANS CWE Top 25) and application development standards such as OWASP ASVS.
• Is familiar with cloud technologies, DevOps principles, and security tools like Burp Suite, OWASP ZAP, and SAST/DAST/SCA scanners.
• Can manage their own workload and prioritise tasks effectively.
• Can communicate and collaborate with internal and external stakeholders at all levels of technical understanding.
• Can reach and explain difficult decisions and the rationale behind them.
• Follows through on commitments and can be relied upon to get things done.
• Is proactive, hands‑on and wants to improve processes.

What You’ll Bring To The Role

• Minimum of 5 years working in software engineering with a strong focus on web application security.
• A passion for information security and a drive to keep learning new technologies.
• Deep knowledge of common web application security vulnerabilities and best practices.
• Hands‑on experience with security tools such as SAST, DAST, and SCA.
• Familiarity with cloud environments (especially GCP), containers and microservices.
• Proficiency with automating security controls within CI/CD pipelines.
• Ability to explain complex application security concepts to developers and stakeholders.
• Understanding of relevant regulations (e.g., GDPR).
• Strong communication skills and ability to collaborate effectively with engineers and promote secure‑by‑default practices.
• Report writing and note‑taking skills.
• Ability to prioritise operational and project demands.
• Resilience in high‑pressure situations.

About Rightmove

Rightmove’s vision is to give everyone the belief they can make their move. We aim to make moving simpler by providing the best place to access tools, expertise and trust. We are the UK’s largest choice of properties and the go‑to destination for millions planning their next move. Our culture values trust, curiosity, inclusiveness and delivering measurable impact.

What We Offer

• Cash plan for dental, optical and physio treatments.
• Private Medical Insurance, Pension, Life Insurance and Employee Assistance Plan.
• 27 days holiday plus two paid volunteering days a year and holiday buy schemes.
• Hybrid working pattern with 2 days in the office.
• Contributory stakeholder pension.
• Life assurance at 4x basic salary to nominated person.
• Competitive compensation package.
• Paid leave for maternity, paternity, adoption & fertility.
• Travel Loans, Bike to Work scheme, Rental Deposit Loan.
• Charitable contributions through Payroll Giving and donation matching.
• Access deals and discounts across travel, electronics, fashion, gym memberships, cinema, etc.

Equal Opportunity Employer

As an Equal Opportunity Employer, Rightmove will never discriminate based on age, disability, sex, race, religion or belief, gender reassignment, marriage / civil partnership, pregnancy/maternity or sexual orientation. We are committed to creating an inclusive environment for all employees, regardless of background or identity.

By applying, you confirm that you’ve read and understood our Privacy Policy, which explains how we handle and protect your personal information during the recruitment process.

Seniority level

Mid‑Senior level

Employment type

Full‑time

Job function

Information Technology

Industries

Technology, Information and Internet