Application Security Engineer (Mid or Senior)

Posted 9 hours 23 minutes ago by Develop Group Ltd

£55,000 - £110,000 Annual
Permanent
Not Specified
Other
London, United Kingdom
Job Description

Application Security Engineer (Mid or Senior) - Hybrid London - Up to £110,000

A leading global payments organisation is seeking a highly skilled and motivated Application Security Engineer with strong software engineering and threat modelling skills to join its evolving cybersecurity team.

This role plays a crucial part in securing the organisation's products and services by working closely with development teams to ensure secure design, implementation, and maintenance of software systems.

Responsibilities:

  • Conduct software security architecture design reviews and threat modelling sessions to identify security risks and recommend mitigation strategies.
  • Assess and design security controls and technologies within CI/CD pipelines to enhance product security.
  • Analyse detected vulnerabilities in software, providing remediation recommendations to development teams.
  • Develop and maintain a catalogue of secure design patterns for engineers to implement best security practices.
  • Implement automation and self-service security tools to provide actionable visibility for engineers.
  • Ensure alignment of security solutions with industry regulations, including PCI, SOC, GDPR, CCPA, and cloud security best practices.

Experience/Background

  • Proven experience in threat modelling, security design reviews, and security architecture.
  • Background in software engineering, with proficiency in at least one programming language.
  • Expertise in authentication and authorisation protocols, as well as API security.
  • Experience working with CI/CD teams to integrate security technologies, including SAST, DAST, and SCA tools.
  • Strong ability to collaborate with cross-functional teams to drive security initiatives.

Preferred Qualifications:

  • Experience with Java and/or .NET programming languages.
  • Knowledge of the payment industry and PCI DSS compliance.
  • Understanding of both offensive and defensive security tactics.
  • Contributions to the open-source security community.