Application Security Engineer (Mid or Senior)
Posted 9 hours 23 minutes ago by Develop Group Ltd
£55,000 - £110,000 Annual
Permanent
Not Specified
Other
London, United Kingdom
Job Description
Application Security Engineer (Mid or Senior) - Hybrid London - Up to £110,000
A leading global payments organisation is seeking a highly skilled and motivated Application Security Engineer with strong software engineering and threat modelling skills to join its evolving cybersecurity team.
This role plays a crucial part in securing the organisation's products and services by working closely with development teams to ensure secure design, implementation, and maintenance of software systems.
Responsibilities:
- Conduct software security architecture design reviews and threat modelling sessions to identify security risks and recommend mitigation strategies.
- Assess and design security controls and technologies within CI/CD pipelines to enhance product security.
- Analyse detected vulnerabilities in software, providing remediation recommendations to development teams.
- Develop and maintain a catalogue of secure design patterns for engineers to implement best security practices.
- Implement automation and self-service security tools to provide actionable visibility for engineers.
- Ensure alignment of security solutions with industry regulations, including PCI, SOC, GDPR, CCPA, and cloud security best practices.
Experience/Background
- Proven experience in threat modelling, security design reviews, and security architecture.
- Background in software engineering, with proficiency in at least one programming language.
- Expertise in authentication and authorisation protocols, as well as API security.
- Experience working with CI/CD teams to integrate security technologies, including SAST, DAST, and SCA tools.
- Strong ability to collaborate with cross-functional teams to drive security initiatives.
Preferred Qualifications:
- Experience with Java and/or .NET programming languages.
- Knowledge of the payment industry and PCI DSS compliance.
- Understanding of both offensive and defensive security tactics.
- Contributions to the open-source security community.