At a Glance
- Tasks: Lead application security reviews and promote secure coding practices across engineering teams.
- Company: Join a forward-thinking tech company focused on enhancing application security.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Other info: Dynamic role with a focus on collaboration and continuous learning.
- Why this job: Make a real impact by embedding security in innovative products and services.
- Qualifications: Strong knowledge of application security principles and experience with relevant tools.
The predicted salary is between 60000 - 80000 £ per year.
The Application Security Specialist exists to embed application security expertise across Europe’s products and services, supporting the Secure Development Practice and enabling a consistent ‘shift-left’ approach. The role is accountable for advancing application security capability, leading security reviews on higher-risk systems, and ensuring secure development practices are adopted across engineering teams. The post holder will act as a technical authority on application security, helping reduce vulnerability risk and improve security outcomes across both internal IT systems and customer-facing solutions.
Application security capability development (CoE contribution)
- Contribute to establishing and operating a pan-European application security capability within the Secure Development CoE.
- Build and maintain a network of application security practitioners across development teams.
- Develop an understanding of current application security maturity, tooling and practices across Europe.
- Define and promote consistent application security methodologies, patterns and practices.
- Contribute to CoE forums, standards discussions and knowledge sharing across teams.
Application security reviews and assurance
- Lead application security reviews for high-risk products and services.
- Coordinate with Product Security Development Specialists to define scope, coverage and prioritisation.
- Conduct and oversee:
- static application security testing (SAST)
- dynamic testing (DAST)
- fuzz testing where appropriate
- API and interface security reviews
- architecture and design-level assessments
- assessment against OWASP Top 10 and other relevant standards
- Interpret findings and translate them into actionable remediation plans.
Secure development standards and guidance
- Support the development and maintenance of secure coding standards across key languages such as C, C++, Java and other relevant stacks.
- Contribute to application security policies and supporting technical documentation.
- Provide practical guidance to developers on secure coding and remediation approaches.
- Align standards with recognised frameworks such as OWASP and relevant secure development frameworks.
Developer enablement and training
- Deliver and coordinate application security training for development teams.
- Introduce internal or external specialised training content.
- Support secure coding awareness, hands-on workshops and threat-focused learning.
- Act as a point of contact for development teams needing security guidance.
Security culture and shift-left adoption
- Promote a security-first mindset within engineering and product teams.
- Embed security considerations into design, development and deployment processes.
- Support early-stage security engagement in development lifecycles.
- Champion pragmatic and developer-friendly security practices.
Threat and vulnerability management (product focus)
- Support the threat and vulnerability management process across product and service lines.
- Assist in triaging, prioritising and managing application-level vulnerabilities.
- Provide technical input into remediation planning and risk decisions.
- Identify recurring issues and systemic weaknesses in development practices.
CI/CD security integration and tooling
- Design and support secure CI/CD pipeline patterns.
- Identify, evaluate and help implement appropriate security tooling across development pipelines.
- Integrate SAST, DAST, SCA and other application security tools into build and release processes.
- Support automation of security controls and checks within development workflows.
- Contribute to the development of secure practices for AI-enabled applications.
- Support emerging controls and patterns related to AI model security, data handling and misuse risks.
- Assist teams in embedding security into AI and data-driven development processes.
- Monitor application security trends, vulnerabilities and emerging threats.
- Recommend improvements to processes, tooling and developer practices.
- Contribute to maturity improvement of the Secure Development Practice.
Task level
- Conducting application security scans and manual reviews.
- Supporting remediation of vulnerabilities.
- Producing technical findings and guidance.
- Delivering training and guidance sessions.
Process and policy level
- Designing and embedding application security processes in SDLC.
- Developing secure coding standards and review frameworks.
- Implementing security controls into CI/CD pipelines.
Theoretical and cross-disciplinary level
- Applying secure development frameworks such as SSDF.
- Understanding application, infrastructure and data security interactions.
- Translating security theory into practical secure development practices.
- Operating across software engineering, cyber security and risk domains.
Technical Skills required
- Strong knowledge of application security principles and practices.
- Experience with SAST, DAST and software composition analysis tools.
- Knowledge of secure coding practices across languages such as Java, C, C++.
- Experience with CI/CD pipelines and DevSecOps integration.
- Threat modelling techniques and tools.
- Understanding of OWASP Top 10 and common vulnerability classes.
- Experience with API security and web application security.
- Understanding of fuzz testing and advanced testing techniques.
- Familiarity with secure AI development considerations.
- Knowledge of secure development frameworks such as SSDF.
- Understanding of vulnerability management processes.
Application Security Specialist employer: Secure Source
As an Application Security Specialist, you will thrive in a dynamic and innovative environment that prioritises security and developer enablement. Our company fosters a collaborative work culture, offering extensive training opportunities and a commitment to professional growth, all while being at the forefront of application security across Europe. Join us to make a meaningful impact on secure development practices and be part of a team that champions a security-first mindset.