Application Security Specialist

Application Security Specialist

Full-Time 60000 - 80000 £ / year (est.) No working from home possible
Secure Source

At a Glance

  • Tasks: Lead application security reviews and promote secure coding practices across engineering teams.
  • Company: Join a forward-thinking tech company focused on enhancing application security.
  • Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
  • Other info: Dynamic role with a focus on collaboration and continuous learning.
  • Why this job: Make a real impact by embedding security in innovative products and services.
  • Qualifications: Strong knowledge of application security principles and experience with relevant tools.

The predicted salary is between 60000 - 80000 £ per year.

The Application Security Specialist exists to embed application security expertise across Europe’s products and services, supporting the Secure Development Practice and enabling a consistent ‘shift-left’ approach. The role is accountable for advancing application security capability, leading security reviews on higher-risk systems, and ensuring secure development practices are adopted across engineering teams. The post holder will act as a technical authority on application security, helping reduce vulnerability risk and improve security outcomes across both internal IT systems and customer-facing solutions.

Application security capability development (CoE contribution)

  • Contribute to establishing and operating a pan-European application security capability within the Secure Development CoE.
  • Build and maintain a network of application security practitioners across development teams.
  • Develop an understanding of current application security maturity, tooling and practices across Europe.
  • Define and promote consistent application security methodologies, patterns and practices.
  • Contribute to CoE forums, standards discussions and knowledge sharing across teams.

Application security reviews and assurance

  • Lead application security reviews for high-risk products and services.
  • Coordinate with Product Security Development Specialists to define scope, coverage and prioritisation.
  • Conduct and oversee:
    • static application security testing (SAST)
    • dynamic testing (DAST)
    • fuzz testing where appropriate
    • API and interface security reviews
    • architecture and design-level assessments
    • assessment against OWASP Top 10 and other relevant standards
  • Interpret findings and translate them into actionable remediation plans.

Secure development standards and guidance

  • Support the development and maintenance of secure coding standards across key languages such as C, C++, Java and other relevant stacks.
  • Contribute to application security policies and supporting technical documentation.
  • Provide practical guidance to developers on secure coding and remediation approaches.
  • Align standards with recognised frameworks such as OWASP and relevant secure development frameworks.

Developer enablement and training

  • Deliver and coordinate application security training for development teams.
  • Introduce internal or external specialised training content.
  • Support secure coding awareness, hands-on workshops and threat-focused learning.
  • Act as a point of contact for development teams needing security guidance.

Security culture and shift-left adoption

  • Promote a security-first mindset within engineering and product teams.
  • Embed security considerations into design, development and deployment processes.
  • Support early-stage security engagement in development lifecycles.
  • Champion pragmatic and developer-friendly security practices.

Threat and vulnerability management (product focus)

  • Support the threat and vulnerability management process across product and service lines.
  • Assist in triaging, prioritising and managing application-level vulnerabilities.
  • Provide technical input into remediation planning and risk decisions.
  • Identify recurring issues and systemic weaknesses in development practices.

CI/CD security integration and tooling

  • Design and support secure CI/CD pipeline patterns.
  • Identify, evaluate and help implement appropriate security tooling across development pipelines.
  • Integrate SAST, DAST, SCA and other application security tools into build and release processes.
  • Support automation of security controls and checks within development workflows.
  • Contribute to the development of secure practices for AI-enabled applications.
  • Support emerging controls and patterns related to AI model security, data handling and misuse risks.
  • Assist teams in embedding security into AI and data-driven development processes.
  • Monitor application security trends, vulnerabilities and emerging threats.
  • Recommend improvements to processes, tooling and developer practices.
  • Contribute to maturity improvement of the Secure Development Practice.

Task level

  • Conducting application security scans and manual reviews.
  • Supporting remediation of vulnerabilities.
  • Producing technical findings and guidance.
  • Delivering training and guidance sessions.

Process and policy level

  • Designing and embedding application security processes in SDLC.
  • Developing secure coding standards and review frameworks.
  • Implementing security controls into CI/CD pipelines.

Theoretical and cross-disciplinary level

  • Applying secure development frameworks such as SSDF.
  • Understanding application, infrastructure and data security interactions.
  • Translating security theory into practical secure development practices.
  • Operating across software engineering, cyber security and risk domains.

Technical Skills required

  • Strong knowledge of application security principles and practices.
  • Experience with SAST, DAST and software composition analysis tools.
  • Knowledge of secure coding practices across languages such as Java, C, C++.
  • Experience with CI/CD pipelines and DevSecOps integration.
  • Threat modelling techniques and tools.
  • Understanding of OWASP Top 10 and common vulnerability classes.
  • Experience with API security and web application security.
  • Understanding of fuzz testing and advanced testing techniques.
  • Familiarity with secure AI development considerations.
  • Knowledge of secure development frameworks such as SSDF.
  • Understanding of vulnerability management processes.

Application Security Specialist employer: Secure Source

As an Application Security Specialist, you will thrive in a dynamic and innovative environment that prioritises security and developer enablement. Our company fosters a collaborative work culture, offering extensive training opportunities and a commitment to professional growth, all while being at the forefront of application security across Europe. Join us to make a meaningful impact on secure development practices and be part of a team that champions a security-first mindset.

Secure Source

Contact Details:

Secure Source Recruitment Team

We think you need these skills to ace Application Security Specialist

Application Security Principles
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Software Composition Analysis (SCA)
Secure Coding Practices
CI/CD Pipeline Security
DevSecOps Integration