Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Shape the future of security at Zego by collaborating with teams to enhance product safety.
- Company: Zego is revolutionizing motor insurance for good drivers, backed by significant funding and a customer-first approach.
- Benefits: Enjoy a competitive salary, private medical insurance, share options, generous holidays, and wellness perks.
- Why this job: Join a diverse team focused on innovation and making a real impact in the insurance industry.
- Qualifications: Strong coding knowledge, experience with vulnerabilities, and proficiency in programming languages like Python or Scala required.
- Other info: Flexible hybrid work model; choose your office days and enjoy company-sponsored events.
The predicted salary is between 48000 - 84000 £ per year.
About Zego
At Zego, we understand that traditional motor insurance holds good drivers back. It’s too complicated, too expensive, and it doesn’t reflect how well you actually drive. Since 2016, we have been on a mission to change that by offering the lowest priced insurance for good drivers.
From van drivers and gig workers to everyday car drivers, our customers are the driving force behind everything we do. We’ve sold tens of millions of policies and raised over $200 million in funding. And we’re only just getting started.
Overview of our Engineering Team
Zego puts technology first in its mission to define the future of the insurance industry. By focusing on our customers’ needs we’re building the flexible and sustainable insurance products and services that they deserve. And we do that by empowering a diverse, resourceful, and creative team of engineers that thrive on challenge and innovation.
Overview of the role
- You will play a key role in shaping the future of Security at Zego.
- You will be part of the team ultimately responsible for the security of the Zego services.
- You will collaborate closely with Product Engineering, Technical Operations, DPO, Information Security and Compliance to help build secure products and services.
- You will champion agile methodologies, metrics and tooling to support the teams in incrementally improving our security posture.
Key Responsibilities
- Collaborate closely with product and technical operations teams to identify and mitigate vulnerabilities across our technology stack.
- Partner with product engineers to explore innovative ways to safeguard customer data.
- Influence the development of security tools, processes, and culture to enhance our overall security posture.
- Streamline developer workflows by optimising security remediation processes, driving efficiency, and improving resolution times.
- Champion secure coding practices through code reviews, mentoring, and active collaboration with development teams.
- Develop and maintain security-related documentation, including policies, procedures, and guidelines for both application and infrastructure security.
- Respond to security incidents, working with the engineering team to ensure timely and effective resolution.
- Cultivate a security-first mindset through knowledge sharing, internal guilds, and external engagement at meet-ups and conferences.
- Support external security audits, assessments, certifications, and penetration testing initiatives.
What you will need to be successful in the Role
We are looking for engineers who embrace the DevOps culture to deliver continuous improvements to our security posture. Engaging and empowering the teams to drive change leveraging metrics and championing automation and observability.
What you’ll bring to the Team
- Strong knowledge of secure coding practices, secure software design principles, and secure software supply chain best practices in production environments.
- Proven experience collaborating with software development teams, with an understanding of their workflows and challenges.
- Proficiency in at least two programming languages such as Python, Scala, Node, Swift, or Kotlin.
- Deep understanding of web application vulnerabilities, with practical experience applying OWASP guidelines and best practices.
- Hands-on experience in managing application vulnerabilities, including identification, triaging, qualification, reporting, performing code reviews, and conducting remediation validation tests.
- Expertise in performing root cause analysis for discovered vulnerabilities.
- Experience integrating SAST/DAST/IAST/SCA toolchains into development workflows, along with maintaining these tools.
- Skilled in using security testing tools such as Burp Suite or ZAP.
- Experience coordinating and facilitating external web application penetration testing.
- Ability to clearly communicate complex technical concepts to non-technical audiences.
If possible, we’d also love you to have
- Experience with mobile security.
- Familiarity with AWS cloud environments.
- Knowledge of containers and Kubernetes.
- Experience with Terraform.
- Proficiency in Git and GitOps practices.
How we work
We believe that teams work better when they have time to collaborate and space to get things done. We call it Zego Hybrid.
Our hybrid way of working is unique. We don’t mandate fixed office days. Instead, we foster a flexible approach that empowers every Zegon to perform at their best. We ask you to spend at least one day a week in our central London office. You have the flexibility to choose the day that works best for you and your team. We cover the costs for all company-wide events (3 per year), and also provide a separate hybrid contribution to help pay towards other travel costs. We think it’s a good mix of collaborative face time and flexible home-working, setting us up to achieve the right balance between work and life.
Benefits
We reward our people well. Join us and you’ll get a market-competitive salary, private medical insurance, company share options, generous holiday allowance, and a whole lot of wellbeing benefits. And that’s just for starters.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, national origin, gender, sexual orientation, age, marital status, or disability status.
#J-18808-Ljbffr
Senior Application Security (AppSec) Engineer employer: Zego
Contact Detail:
Zego Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Application Security (AppSec) Engineer
✨Tip Number 1
Familiarize yourself with Zego's mission and values. Understanding how they aim to revolutionize the insurance industry will help you align your answers during interviews and demonstrate your passion for their goals.
✨Tip Number 2
Highlight your experience with secure coding practices and tools like Burp Suite or ZAP. Be prepared to discuss specific examples of how you've implemented these in past projects, as this will show your hands-on expertise.
✨Tip Number 3
Showcase your collaborative skills by discussing past experiences where you worked closely with product and technical teams. Zego values teamwork, so demonstrating your ability to communicate complex concepts effectively will set you apart.
✨Tip Number 4
Stay updated on the latest trends in application security and be ready to share insights during your interview. This will not only reflect your commitment to continuous learning but also your proactive approach to enhancing security practices.
We think you need these skills to ace Senior Application Security (AppSec) Engineer
Some tips for your application 🫡
Understand the Role: Before applying, make sure you fully understand the responsibilities and requirements of the Senior Application Security Engineer position at Zego. Tailor your application to highlight your relevant experience in secure coding practices and collaboration with development teams.
Highlight Relevant Experience: In your CV and cover letter, emphasize your hands-on experience with application vulnerabilities, secure software design principles, and any tools you've used like Burp Suite or ZAP. Be specific about your contributions to security improvements in previous roles.
Showcase Your Technical Skills: Clearly list your proficiency in programming languages such as Python, Scala, or Kotlin. Mention any experience with SAST/DAST tools and your ability to communicate complex technical concepts effectively to non-technical audiences.
Craft a Compelling Cover Letter: Use your cover letter to express your passion for security and how you align with Zego's mission to innovate in the insurance industry. Discuss your approach to fostering a security-first mindset and your enthusiasm for collaborating with diverse teams.
How to prepare for a job interview at Zego
✨Understand Zego's Mission
Before the interview, make sure you understand Zego's mission to change traditional motor insurance. Familiarize yourself with their customer-centric approach and how they aim to provide flexible and sustainable insurance products.
✨Showcase Your Technical Skills
Be prepared to discuss your proficiency in secure coding practices and your experience with programming languages like Python, Scala, or Node. Highlight specific projects where you've applied these skills to enhance security.
✨Discuss Collaboration Experience
Zego values collaboration between teams. Share examples of how you've worked with product engineers or technical operations to identify and mitigate vulnerabilities, emphasizing your ability to communicate complex concepts clearly.
✨Emphasize a Security-First Mindset
Demonstrate your commitment to a security-first culture by discussing your experience with security tools and practices. Mention any initiatives you've led or participated in that fostered knowledge sharing and improved security posture.
