Application Security Engineer in London

Fin is the AI Customer Agent company on a mission to help businesses provide perfect customer experiences. Our AI Agent Fin is the highest-performing AI Customer Agent on the market today, enabling businesses to deliver impeccable, always-on customer support across the customer journey – from service, to sales, to ecommerce. Powered by our own AI models, Fin resolves complex customer issues end-to-end across every channel, with minimal set-up and integration.

Founded in 2011, Fin became one of the fastest growing companies and remains one of the largest private software companies in the world with nearly 30,000 global businesses using our products to transform their customer support. Driven by our core values, we push boundaries, build with speed and intensity, and relentlessly deliver incredible value to our customers.

What’s the opportunity?

Fin is transforming customer service through AI, helping businesses deliver fast, accurate, and reliable support at scale. Trust is foundational to that mission. Fin’s Security Engineering team is unlike most security teams. We own and operate critical security services, build customer-facing security features, and partner with engineering teams to make secure development the default. We’re engineers first; designing, building, and operating systems that protect Fin and its customers. The team owns and operates tier-zero services including authentication, SAML/SSO, teammate activity logs, malicious URL scanning, and other critical trust and security capabilities.

The mission of the team is to help Fin build and operate trusted AI-powered customer service experiences by making security a natural part of how products are designed, developed, and delivered. As Fin continues to expand its capabilities and adoption, you’ll help shape how security evolves alongside some of the most ambitious AI-powered products in customer service. We’re taking an AI-first approach to security, exploring areas such as AI-powered detection, red-team automation, continuous monitoring, and emerging defensive capabilities to help meet an evolving threat landscape.

What will I be doing?

• Own and engineer tier-zero security capabilities that help customers securely deploy and manage Fin.
• Design, build, and evolve customer-facing security features, including authentication, SAML/SSO, permissions systems, audit and activity logging, malicious URL scanning, and other enterprise security controls.
• Partner with engineering teams throughout the software development lifecycle to build secure products and services.
• Perform architecture reviews, threat modelling exercises, and security assessments for new features and systems.
• Build security tooling, automation, and developer-facing building blocks that make secure development easier and more scalable.
• Contribute to secure development standards, guidance, and best practices across Fin.
• Lead application security initiatives across the software development lifecycle, helping teams identify and address security risks early.
• Participate in a shared on-call rotation and lead security incident response, investigation, and remediation efforts.
• Drive security initiatives from problem definition through design, implementation, and measurable outcomes.
• Partner with teams building AI-powered products to assess and mitigate emerging security risks.
• Help shape Fin’s AI-first approach to security, including AI-powered detection, red-team automation, continuous monitoring, and emerging defensive capabilities.
• Support the secure adoption of AI-assisted software development tools and engineering workflows.

What skills do I need?

• Proven application security, product security, or security engineering experience within a SaaS environment.
• Strong software engineering skills with experience designing, building, and operating production systems.
• Deep understanding of modern application security threats, secure software development practices, and threat modelling.
• Experience designing, building, or securing authentication, authorization, identity, or enterprise security capabilities.
• Experience conducting architecture reviews and security assessments for complex systems.
• Hands-on security incident response experience, including leading investigations and remediation efforts.
• Strong programming skills and experience building tools, automation, or developer-focused solutions.
• Comfortable using modern AI-assisted development tools to improve productivity and engineering effectiveness.
• Ability to communicate security concepts clearly and collaborate effectively with engineering teams.
• A pragmatic approach to balancing security, customer impact, and engineering velocity.

Bonus skills & attributes

• Experience building or owning authentication, SAML/SSO, identity, or access management capabilities.
• Experience securing AI-powered products or familiarity with security considerations for large language models, agentic systems, retrieval-based architectures, or AI tool integrations.
• Experience building security automation or security-focused platform capabilities at scale.
• Familiarity with cloud security, infrastructure security, or distributed systems.
• Experience working across both large-scale SaaS environments and high-growth companies.

Benefits

• Competitive salary and equity in a fast-growing start-up.
• We serve lunch every weekday, plus a variety of snack foods and a fully stocked kitchen.
• Regular compensation reviews - we reward great work!
• Unlimited access to Claude Code and best-in-class AI tools; experimentation & building is encouraged & celebrated.
• Pension scheme & match up to 4%.
• Peace of mind with life assurance, as well as comprehensive health and dental insurance for you and your dependents.
• Flexible paid time off policy.
• Paid maternity leave, as well as 6 weeks paternity leave for fathers, to let you spend valuable time with your loved ones.
• If you’re cycling, we’ve got you covered on the Cycle-to-Work Scheme. With secure bike storage too.
• MacBooks are our standard, but we also offer Windows for certain roles when needed.

Policies

Fin has a hybrid working policy. We believe that working in person helps us stay connected, collaborate easier and create a great culture while still providing flexibility to work from home. We expect employees to be in the office at least three days per week.

We have a radically open and accepting culture at Fin. We avoid spending time on divisive subjects to foster a safe and cohesive work environment for everyone. As an organization, our policy is to not advocate on behalf of the company or our employees on any social or political topics out of our internal or external communications. We respect personal opinion and expression on these topics on personal social platforms on personal time, and do not challenge or confront anyone for their views on non-work related topics. Our goal is to focus on doing incredible work to achieve our goals and unite the company.