At a Glance
- Tasks: Enhance application security and collaborate with engineers to streamline secure practices.
- Company: Join a forward-thinking tech company focused on cloud-native solutions.
- Benefits: Competitive salary, flexible working options, and opportunities for professional growth.
- Other info: Dynamic team environment with a focus on innovation and career development.
- Why this job: Make a real difference in security while working with cutting-edge technology.
- Qualifications: Experience in application security and strong communication skills are essential.
The predicted salary is between 50000 - 65000 £ per year.
Requirements:
- You do not need to be a deep AWS or cloud security specialist, but some exposure to AWS, cloud security or infrastructure-as-code security would be useful.
- We’re looking for someone with practical AppSec experience who wants to grow their impact - someone who enjoys working with engineers, improving tooling and helping security become part of normal delivery rather than a last-minute checkpoint.
- Application security experience: practical experience identifying, explaining and helping remediate application security risks in modern engineering environments.
- Developer-friendly security mindset: you enjoy working with engineers, explaining risks clearly and helping teams adopt secure practices without unnecessary friction.
- Vulnerability management experience: experience triaging and tracking application vulnerabilities from sources such as SAST, dependency scanning, secret scanning, penetration tests, bug bounty reports or third-party advisories.
- CI/CD and code security awareness: familiarity with security tooling in development workflows, such as SAST, software composition analysis, secret scanning or repository security controls.
- Threat modelling awareness: experience participating in, supporting or facilitating lightweight threat-modelling sessions for applications, services or new features.
- Automation mindset: ability to write scripts or small tools, ideally in Python, to reduce manual effort, improve visibility or make security workflows easier.
- Cloud security awareness: Some exposure to AWS, cloud security or infrastructure-as-code security would be useful, but is not essential.
- Growth mindset: willingness to keep developing across application security, cloud security, secure development and modern engineering practices.
- Practical experience in application security.
- Experience working with software engineers to explain and remediate security issues.
- Familiarity with common web application security risks and secure coding practices.
- Experience with vulnerability triage, prioritisation and remediation tracking.
- Experience using or interpreting findings from tools such as SAST, software composition analysis, secret scanning or similar.
- Experience participating in or supporting threat-modelling activities.
- Ability to write scripts or small tools, ideally in Python, to automate tasks or improve visibility.
- Strong communication and collaboration skills.
- Familiarity with Agile or Scrum ways of working.
- (Desirable) Exposure to AWS security, cloud security or infrastructure-as-code security.
- (Desirable) Experience with Terraform or CloudFormation.
- (Desirable) Experience with container or Kubernetes security.
- (Desirable) Experience with bug bounty, penetration testing or security testing programmes.
- (Desirable) Experience with Splunk or similar logging/SIEM platforms.
- (Desirable) Exposure to AI security, such as LLM-enabled applications, AI-assisted development workflows or prompt/data leakage risks.
- (Desirable) Experience building dashboards, metrics or reports to support vulnerability management.
- (Desirable) Relevant security certifications or training, such as AWS security training, secure coding training, GIAC, ISC2, CREST or equivalent practical experience.
What the job involves:
We’re looking for a Cyber Security Engineer to help improve application security across the FT’s cloud-native technology estate. This is a hands-on role focused on making secure engineering easier for product, platform and software engineering teams.
Application security experience is essential for this role. You’ll help improve developer-friendly security guardrails across GitHub-based CI/CD pipelines, application repositories and engineering workflows. This includes working with SAST, software composition analysis, secret scanning, vulnerability management and secure coding guidance so that security findings are clear, actionable and owned by the right teams.
You’ll work closely with engineers to support practical threat modelling, triage application vulnerabilities, improve security playbooks and help teams remediate issues in a pragmatic way.
Developer-First Cyber Security Engineer for Secure Apps in London employer: The Financial Times
Join a forward-thinking team where your expertise as a Developer-First Cyber Security Engineer will be valued and nurtured. Our collaborative work culture encourages continuous learning and growth, allowing you to enhance your skills in application security while working closely with engineers to integrate security seamlessly into development processes. Located in a vibrant tech hub, we offer competitive benefits and a supportive environment that prioritises employee well-being and professional development.
StudySmarter Expert Advice🤫
We think this is how you could land Developer-First Cyber Security Engineer for Secure Apps in London
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the industry. Attend meetups, webinars, or even local tech events. You never know who might be looking for someone just like you!
✨Tip Number 2
Show off your skills! Create a portfolio that highlights your application security projects. Whether it's scripts you've written or vulnerabilities you've tackled, let your work speak for itself.
✨Tip Number 3
Practice makes perfect! Prepare for interviews by simulating real-world scenarios. Think about how you'd explain security risks to engineers or how you'd approach vulnerability management.
✨Tip Number 4
Apply through our website! We’re always on the lookout for passionate individuals. Don’t hesitate to submit your application directly; it’s the best way to get noticed by our team.
We think you need these skills to ace Developer-First Cyber Security Engineer for Secure Apps in London
Some tips for your application 🫡
Show Your Practical Experience:When you're writing your application, make sure to highlight your hands-on experience in application security. We want to see how you've identified and remediated security risks in real-world scenarios, so don’t hold back on the details!
Communicate Clearly:Since this role involves working closely with engineers, it’s crucial to demonstrate your ability to explain security risks in a straightforward way. Use clear language in your application to show us you can bridge the gap between security and development.
Emphasise Your Growth Mindset:We love candidates who are eager to learn and grow! In your application, mention any recent training or certifications you've pursued, especially in areas like cloud security or secure coding practices. Show us that you're committed to staying ahead in the field.
Apply Through Our Website:Don’t forget to submit your application through our website! It’s the best way for us to keep track of your application and ensure it gets the attention it deserves. Plus, it makes the whole process smoother for everyone involved.
How to prepare for a job interview at The Financial Times
✨Know Your AppSec Basics
Make sure you brush up on your application security fundamentals. Be ready to discuss common web application security risks and secure coding practices. This will show that you have the practical experience they’re looking for and can communicate effectively with engineering teams.
✨Familiarise Yourself with CI/CD Tools
Since this role involves working with GitHub-based CI/CD pipelines, it’s crucial to understand how security tooling integrates into these workflows. Get comfortable with tools like SAST and software composition analysis, and be prepared to explain how you’ve used them in past projects.
✨Show Off Your Automation Skills
They’re looking for someone with an automation mindset, so if you’ve written scripts or small tools in Python, make sure to highlight that experience. Think of specific examples where your automation efforts improved security workflows or reduced manual effort.
✨Communicate Clearly and Collaboratively
Strong communication skills are key in this role. Practice explaining complex security concepts in simple terms, as you’ll need to work closely with engineers. Be ready to share examples of how you’ve successfully collaborated with teams to remediate security issues in a pragmatic way.
