Senior Application Security Engineer

The Role

• Embed security best practices within the SDLC, collaborating with developers to ensure secure coding.
• Conduct security assessments, identify potential threats, and mitigate risks in web and mobile applications.
• Perform application security testing (SAST, DAST) and manual security code reviews.
• Implement and manage security tools such as SAST, DAST, SCA, and CI/CD security integrations.
• Investigate security incidents, prioritise remediation and guide teams on secure development practices.
• Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.)
• Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices.

Skills

• 5+ years of experience in application security, penetration testing, or software security engineering.
• Strong knowledge of secure coding principles in one or more languages (e.g., Python, Java, JavaScript, Go, .NET).
• Hands-on experience with SAST, DAST, SCA and security automation in CI/CD pipelines.
• Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes).
• Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks.
• Experience conducting threat modelling, code reviews and penetration testing.
• Excellent communication skills with the ability to influence and educate development teams.
• Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP are a plus.
• Experience with Infrastructure-as-Code security (Terraform, CloudFormation is desirable.
• Knowledge of API security best practices and standards (OAuth, JWT, OpenID) is desirable.
• Familiarity with DevSecOps principles and security automation in CI/CD pipelines is desirable.