Application Security Engineer (Mid or Senior)

Application Security Engineer (Mid or Senior) - Hybrid London - Up to £110,000

A leading global payments organisation is seeking a highly skilled and motivated Application Security Engineer with strong software engineering and threat modelling skills to join its evolving cybersecurity team.

This role plays a crucial part in securing the organisation's products and services by working closely with development teams to ensure secure design, implementation, and maintenance of software systems.

Responsibilities:

• Conduct software security architecture design reviews and threat modelling sessions to identify security risks and recommend mitigation strategies.
• Assess and design security controls and technologies within CI/CD pipelines to enhance product security.
• Analyse detected vulnerabilities in software, providing remediation recommendations to development teams.
• Develop and maintain a catalogue of secure design patterns for engineers to implement best security practices.
• Implement automation and self-service security tools to provide actionable visibility for engineers.
• Ensure alignment of security solutions with industry regulations, including PCI, SOC, GDPR, CCPA, and cloud security best practices.

Experience/Background

• Proven experience in threat modelling, security design reviews, and security architecture.
• Background in software engineering, with proficiency in at least one programming language.
• Expertise in authentication and authorisation protocols, as well as API security.
• Experience working with CI/CD teams to integrate security technologies, including SAST, DAST, and SCA tools.
• Strong ability to collaborate with cross-functional teams to drive security initiatives.

Preferred Qualifications:

• Experience with Java and/or .NET programming languages.
• Knowledge of the payment industry and PCI DSS compliance.
• Understanding of both offensive and defensive security tactics.
• Contributions to the open-source security community.