Application Security Engineer

Hello! We’re Teya. Teya is a payment and software service provider, headquartered in London serving small, local businesses across Europe. Founded in 2019, we build easy to use, integrated tools that enable our members to accept payments and boost business performance. At Teya we believe small, local businesses are the lifeblood of our communities. We’re here because we don’t believe there’s a level playing field that gives small businesses with a fighting chance against the giants of the high street. We’re here because we see banks and legacy service providers making things harder for them. We don’t think the best technology or the best service should be reserved for those with the biggest headquarters. We’re here to fight for a future where small, local businesses can thrive, and to commit the same dedication they offer all of us. Become a part of our story. We’re looking for exceptional talent to join our mission. We offer a chance to create impact in a high-energy and connected culture, while benefiting from continuous learning opportunities, a supportive community which is proud to serve our mission, and comprehensive benefits.

Your mission: At Teya, security is an enabler of fast, reliable product delivery. As a Senior Application Security Engineer, you’ll own and evolve how application security is designed, built, and operated across our products—ensuring banking-grade security without slowing teams down. You’ll lead the development of a pragmatic Secure SDLC for a high-velocity fintech environment, embedding security into everyday engineering workflows. Working closely with product, platform, and security partners, you’ll help shift AppSec from reactive controls to proactive, developer-first security that scales with the business.

Responsibilities:

• Design, implement, and continuously improve a Secure SDLC integrated from design through production
• Embed security into planning and delivery via threat modelling, security requirements, and automated controls
• Lead application security reviews for new systems, major features, and high-risk changes across web, API, mobile, and backend services
• Define and maintain secure architecture patterns for authentication, authorisation, APIs, data protection, and multi-tenant isolation
• Own the application security tooling stack (SAST, DAST, SCA), integrating it into CI/CD with high-signal, low-noise outputs
• Partner with engineers to triage and remediate vulnerabilities based on exploitability, impact, and regulatory risk
• Work with Security Operations to improve application-level logging, telemetry, and incident response readiness
• Act as a trusted advisor to engineering teams, raising the bar through practical guidance, documentation, and targeted training

Requirements:

• 6+ years’ experience in application security, security engineering, or software engineering with a strong AppSec focus
• Demonstrated experience designing or operating Secure SDLC practices in fast-moving product teams
• Hands-on expertise in web and API security, including authentication, authorisation, data flows, and common vulnerability classes
• Proven experience integrating SAST, DAST, and SCA into CI/CD pipelines
• Strong threat modelling and secure design skills for complex, cloud-native systems
• Experience with modern backend and frontend or mobile stacks (e.g. JVM, Node.js, Go, TypeScript)
• Familiarity with AWS and cloud-native architectures (IAM, KMS, containers, microservices)
• Clear, pragmatic communication skills and the ability to influence through partnership rather than mandate

Nice to have:

• Experience in fintech, payments, or other regulated environments
• Familiarity with OWASP ASVS, OWASP Top 10, PCI DSS, DORA, or ISO 27001
• Exposure to mobile security, API gateways, WAFs, or infrastructure-as-code
• Security or cloud certifications (e.g. OSWE, OSCP, CSSLP, CISSP, AWS Security)

Ways of working:

• Extreme ownership: You take end-to-end responsibility for outcomes, not just findings or tooling output
• Pragmatic and delivery-aware: You balance risk reduction with product velocity, focusing on changes that materially reduce risk
• Low-ego and collaborative: You build trust with engineers, product, and operations teams, influencing through credibility and partnership
• Impact-driven: You measure success through outcomes—risk reduction, adoption, and time-to-remediate—not activity
• Data-informed: You use metrics and trends to guide priorities and demonstrate impact
• High bar for craft: You produce clear documentation, reusable patterns, and automation that scale across teams
• AI-first mindset: You actively look for opportunities to use automation and AI to improve security outcomes

Teya is proud to be an equal opportunity employer. We are committed to creating an inclusive environment where everyone regardless of race, ethnicity, gender identity or expression, sexual orientation, age, disability, religion, or background can thrive and do their best work. We believe that a diverse team leads to better ideas, stronger outcomes, and a more supportive workplace for all. If you require any reasonable adjustments at any stage of the recruitment process whether for interviews, assessments, or other parts of the application—we encourage you to let us know. We are committed to ensuring that every candidate has a fair and accessible experience with us.