Application Security Lead in London

At Wayve, we're committed to creating a diverse, fair and respectful culture that is inclusive of everyone based on their unique skills and perspectives. Founded in 2017, Wayve is the leading developer of Embodied AI technology. Our advanced AI software and foundation models enable vehicles to perceive, understand, and navigate any complex environment, enhancing the usability and safety of automated driving systems.

Our vision is to create autonomy that propels the world forward. Our intelligent, mapless, and hardware-agnostic AI products are designed for automakers, accelerating the transition from assisted to automated driving. In our fast-paced environment, big problems ignite us—we embrace uncertainty, leaning into complex challenges to unlock groundbreaking solutions. We aim high and stay humble in our pursuit of excellence, constantly learning and evolving as we pave the way for a smarter, safer future.

As Application Security Lead at Wayve, you'll define, build, and lead our application security (AppSec) programme. You will be accountable for assessing and improving the security of our internal and external applications, partnering with engineering teams, and shaping the controls, testing processes, and guidance that protect the software used by our scientists, OEM partners, and internal developers.

This is an individual contributor role initially, with scope to build and lead a dedicated application security team as Wayve's needs evolve. You'll define processes, own the fitness-for-purpose and effective use of Wayve's AppSec tooling, and be accountable for the lifecycle of application security across the company. This includes driving secure development guidance with engineering teams, managing and scoping a schedule of application security testing, and ensuring Wayve can proactively surface, prioritise, and remediate application security risks.

The role is advisory in nature, focused on enabling engineering teams to build secure software through guidance, challenge, and partnership rather than direct feature delivery.

• Application Security Assessment & Review: Define, lead, and mature application-focused security reviews, respond to security concerns raised by staff or partners, and identify risks across internal and external applications used by our scientists, developers, and customers.
• Application Security Incident Response: Lead response activities for application-centric security incidents; coordinate containment, investigation, and recovery; and ensure lessons learned are captured and shared with relevant engineering teams.
• Vulnerability Oversight & Testing Management: Maintain visibility of application vulnerabilities, track remediation progress, and support application and infrastructure owners with resolution. Own the scheduling, scoping, and coordination of application security testing, ensuring tests are well designed, executed, and effectively communicated.
• Secure Development Guidance & Threat Modelling: Partner with engineering teams to embed secure design principles, threat modelling, and best practice into the development lifecycle. Provide practical, actionable guidance to improve the security of new and existing applications.
• Application Security Intelligence & Proactive Analysis: Maintain an up-to-date view of application-layer threats relevant to Wayve's technology. Integrate threat intelligence into assessments and proactively surface patterns, misconfigurations, or weaknesses that could lead to compromise.
• Strategy & Capability Development: Define and deliver the roadmap for scaling and continuously improving Wayve's application security capability across people, processes, and tools, proactively identifying gaps and inefficiencies in the existing application security toolchain and driving improvement or replacement plans aligned to Wayve's risk profile and engineering practices. Evaluate and select AppSec tooling, leading its adoption and partnering with DevOps and engineering teams on implementation and operation, and collaborating with vendors to ensure comprehensive visibility and coverage across our application portfolio.

• Essential: Previous experience as a software engineer or security engineer working directly with application code, sufficient to review code, understand design trade-offs, and provide credible, practical security guidance to developers. Proven experience in application security, secure development practices, and vulnerability management across cloud-based and internal application environments. Led or played a key role in addressing a significant application security incident or critical vulnerability. Strong working knowledge of application security frameworks and methodologies (e.g. OWASP ASVS, OWASP Top 10, threat modelling approaches) and secure SDLC workflows. Hands-on experience with application security tooling (e.g. SAST/DAST/IAST, dependency scanning, SCA, secrets detection) as well as manual review techniques. Experience scoping, managing, and interpreting third-party application security testing or penetration testing engagements. Ability to make sound, risk-based decisions independently in time-sensitive situations. Strong communicator across both technical and non-technical audiences, able to translate findings into clear guidance. Bachelor's degree (or equivalent) in a relevant discipline, demonstrating strong analytical, problem-solving, and communication skills.
• Desirable: Experience building or scaling an application security programme or secure development capability. Familiarity with safety-critical, automotive, or operational software environments. Relevant application security certifications (e.g. OSWE, GWAPT, GCSA, CSSLP, OSCP, CISSP, CISM, etc.).

This is a full-time role based in our offices in London or Sunnyvale. At Wayve, we want the best of all worlds so we operate a hybrid working policy that combines time together in our offices and workshops to fuel innovation, culture, relationships and learning, and time spent working from home. We operate core working hours so you can determine the schedule that works best for you and your team.

Wayve is committed to creating an inclusive interview experience. If you require any accommodations or adjustments to participate fully in our interview process, please let us know. We understand that everyone has a unique set of skills and experiences and that not everyone will meet all of the requirements listed above. If you're passionate about self-driving cars and think you have what it takes to make a positive impact on the world, we encourage you to apply.