1,169 Application Security jobs in the United Kingdom

Application Security Engineer

£50000 - £65000 annum Fyxer AI

Posted 10 days ago

Job Viewed

Tap Again To Close

Job Description

Permanent
Who we are

At Fyxer, we’re building something bold: an AI Executive Assistant that genuinely takes work off your plate.

Imagine opening your laptop and finding your emails written, your meetings scheduled, your follow-ups sent, and your inbox under control all without you lifting a finger. That’s what we do.

We’re not a SaaS product with a bolt-on chatbot. We're a pure-play AI company using cutting-edge techniques (think fine-tuned open source models, retrieval augmented generation, intelligent tool use) to actually automate real work, not just create more of it.

And it works:


This advertiser has chosen not to accept applicants from your region.

Application Security Architect (Software)

Bentley Systems

Posted 13 days ago

Job Viewed

Tap Again To Close

Job Description

**Application Security Architect (Software)**
**Location: Europe-Based** (Office/ Hybrid/Home)
**Position Summary:**
We are seeking a visionary **Application Security Architect** to elevate our software security strategy across a global portfolio of cutting-edge products. As a key member of our Product Security team, you'll define and drive secure architecture practices, influence engineering decisions, and help shape the future of secure software development.
This is a high-impact role where your expertise will directly contribute to protecting mission-critical infrastructure software used worldwide. You'll collaborate with talented engineers across Europe and beyond, working with modern technologies like Azure, Kubernetes, Electron, and a wide range of programming languages.
If you're passionate about building secure systems, influencing technical direction, and mentoring others, this is your opportunity to make a lasting impact.
**Responsibilities** :
+ **Lead the adoption and evolution of Secure Software Development Lifecycle (SSDLC)** practices and standards across teams and projects.
+ Conduct **security architecture and design reviews** to ensure robust protection of applications and systems.
+ Drive and mature **threat modeling** practices across the organization, identifying and mitigating risks early in the development process.
+ Collaborate with empowered, cross-functional teams to embed security into the **design, development, implementation, and verification** of software.
+ Provide clear, actionable **remediation guidance** to developers and system administrators.
+ Support stakeholders in making **informed, risk-based decisions** that balance technical and business priorities.
+ Deliver **training sessions and educational content** to upskill developers and promote a security-first mindset.
+ Build and maintain **tools and automation** that enhance security workflows and reduce manual effort.
**Qualifications** :
+ Approximately **7+ years of experience in software** , with **4+ years focused on Application Security Architecture** .
+ Strong proficiency in **securing cloud environments** , ideally with hands-on experience in Azure.
+ Proven expertise in **threat modeling** complex software systems.
+ Solid foundation in **software development** , with the ability to read, write, and audit code across multiple languages.
+ Deep understanding of **OWASP Top 10** , **SANS Top 25** , and common security vulnerabilities.
+ Experience with **containerization and orchestration tools** such as **Kubernetes, Docker, and Istio** .
+ Ability to **deconstruct complex systems** to identify potential threats and weaknesses.
+ Exceptional communication skills-able to clearly articulate technical risks to developers, engineers, administrators, and leadership.
+ Demonstrated ability to **learn quickly** , research new topics, and adapt to evolving technologies.
+ Strong problem-solving skills and a proactive approach to tackling security challenges.
+ Ability to make **balanced, unbiased decisions** that consider both technical risks and business impact.
**Bonus Skills That Set You Apart:**
+ Knowledge of **OAuth 2.0 / OpenID Connect** and modern authentication protocols.
+ Familiarity with **web technologies** including **JavaScript, HTML5, HTTP, REST** , and related protocols.
+ Proficiency in one or more programming languages/platforms such as **.NET Core, Node.js, C#, Java, TypeScript, C/C++** .
+ Certifications such as **CISSP** or **CCSP** are a strong plus.
**What We Offer:**
+ A great Team and culture - please see our colleague video .
+ An exciting career as an integral part of a world-leading software company providing solutions for architecture, engineering, and construction - watch this short documentary about how we got our start.
+ An attractive salary and benefits package.
+ A commitment to inclusion, belonging, and colleague wellbeing through global initiatives and resource groups.
+ A company committed to making a real difference by advancing the world's infrastructure for a better quality of life, where your contributions help build a more sustainable, connected, and resilient world. Discover our latest user success stories for an insight into our global impact.
+ _Please note that this information applies only to Lithuania_ . If you are employed full-time, the salary for this position ranges from 4000 EUR gross (before taxes, applicable only in Lithuania), depending on your knowledge and experience.

**About Bentley Systems**
Around the world, infrastructure professionals rely on software from Bentley Systems to help them design, build, and operate better and more resilient infrastructure for transportation, water, energy, cities, and more. Founded in 1984 by engineers for engineers, Bentley is the partner of choice for engineering firms and owner-operators worldwide, with software that spans engineering disciplines, industry sectors, and all phases of the infrastructure lifecycle. Through our digital twin solutions, we help infrastructure professionals unlock the value of their data to transform project delivery and asset performance. Opportunity Employer:**
Bentley is proud to be an equal opportunity employer and considers for employment all qualified applicants without regard to race, color, gender/gender identity, sexual orientation, disability, marital status, religion/belief, national origin, caste, age, or any other characteristic protected by local law or unrelated to job qualifications.
**#LI-VP**
**#LI-Remote**
**#LI-Hybrid**
Equal Opportunity Employer/Minorities/Females/Veterans/Disabled
This advertiser has chosen not to accept applicants from your region.

Application Security Engineer, Privacy

London, London Meta

Posted 12 days ago

Job Viewed

Tap Again To Close

Job Description

**Summary:**
Meta's Privacy Engineering team is seeking a Privacy Engineer with experience in applying an adversarial mindset to identify, scope, contain, and eradicate real-world privacy threats to products and infrastructure. Your primary responsibility will be to deal with privacy vulnerabilities by designing and guiding Software Engineers through remediations, learning from security/privacy incidents, and identifying vulnerabilities across our codebase at scale. Your skills will be the foundation of security initiatives that protect the security and privacy of billions of people. You will advance Meta's mission of making the world more open and connected by identifying and neutralizing threats that aim to collect sensitive information or disrupt our systems.
**Required Skills:**
Application Security Engineer, Privacy Responsibilities:
1. Incident triage & fact identification: Get the right people involved to understand what has happened and assess impact
2. Follow the facts uncovered in triage to mitigate and remediate the vulnerability
3. Review and understand what happened and ensure that the root cause and contributing factors are identified, documented, and remediated
4. Apply technical understanding to ensure Meta learns from each incident to ensure it doesn't resurface
5. Employ adversarial mindset to proactively identify vulnerabilities across Meta's products
**Minimum Qualifications:**
Minimum Qualifications:
6. 5+ years work experience in technical privacy, security, or security software engineering domains, including incident response, application privacy/security, and/or offensive security
7. Experience identifying, analyzing, and remediating real-world privacy/security threats
8. Software engineering proficiency equivalent to 1+ years work experience coding in Python, PHP, Java, C/C++ (or equivalent language) including code maintenance and review
**Preferred Qualifications:**
Preferred Qualifications:
9. Experience within a corporate environment communicating technical issues and their implications to other areas of the business.
10. Experience managing large-scale incidents with broad, public visibility.
11. Technical contributions to the privacy or security community (e.g., public research, blogging, presentations).
12. B.S. or M.S. in Computer Science or a related field, or equivalent work experience.
13. Technical experience across other Privacy or Security disciplines, e.g., Application Security/Privacy.
**Industry:** Internet
This advertiser has chosen not to accept applicants from your region.

Senior Application Security Engineer

RG1 1BB Reading, South East £70000 Annually WhatJobs

Posted 2 days ago

Job Viewed

Tap Again To Close

Job Description

full-time
Our client is seeking a highly skilled Senior Application Security Engineer to join their expanding Information Security department in Reading, Berkshire, UK . This pivotal role focuses on embedding security into the software development lifecycle (SDLC), ensuring that applications are designed, developed, and deployed securely. You will be instrumental in identifying and mitigating security vulnerabilities within custom-built applications, third-party software, and cloud-based services. The ideal candidate will have a deep understanding of secure coding practices, threat modelling, and security testing methodologies.

The Senior Application Security Engineer will work closely with software development teams, providing expert guidance on secure coding principles, architecture reviews, and threat modeling. You will be responsible for conducting security assessments, including code reviews, dynamic analysis (DAST), and static analysis (SAST) of applications. You will also investigate and respond to security incidents related to applications, and develop remediation plans. This role involves defining and implementing security controls for applications deployed in cloud environments (AWS, Azure). Collaboration with product managers, architects, and DevOps engineers to integrate security seamlessly into the CI/CD pipeline is essential. You will also contribute to the development of security policies, standards, and best practices for application development. The ability to clearly communicate technical risks and solutions to both technical and non-technical stakeholders is crucial.

Responsibilities:
  • Integrating security best practices into the entire software development lifecycle (SDLC).
  • Conducting threat modelling and risk assessments for new and existing applications.
  • Performing security code reviews and static/dynamic application security testing (SAST/DAST).
  • Identifying, triaging, and tracking application security vulnerabilities.
  • Collaborating with development teams to remediate identified security flaws.
  • Developing and implementing security controls for applications in cloud environments.
  • Automating security testing and integrating it into CI/CD pipelines.
  • Providing security guidance and training to development teams.
  • Investigating and responding to application security incidents.
  • Staying current with emerging application security threats and technologies.
Qualifications:
  • Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
  • Proven experience in application security engineering or secure software development.
  • Strong understanding of secure coding principles and common vulnerabilities (e.g., OWASP Top 10).
  • Experience with SAST, DAST, IAST, and vulnerability management tools.
  • Familiarity with threat modelling methodologies (e.g., STRIDE).
  • Knowledge of cloud security principles and services (AWS, Azure).
  • Experience with scripting languages (e.g., Python, PowerShell) for automation.
  • Excellent analytical and problem-solving skills.
  • Strong communication and collaboration skills.
  • Relevant security certifications such as CSSLP, CISSP, or GIAC certifications are a plus.
This is a fantastic opportunity to shape the security of software applications in a leading technology-focused company.
This advertiser has chosen not to accept applicants from your region.

Senior Application Security Engineer

DE1 2GN Derby, East Midlands £65000 Annually WhatJobs

Posted 16 days ago

Job Viewed

Tap Again To Close

Job Description

full-time
Our client is seeking a highly skilled Senior Application Security Engineer to enhance the security of their software development lifecycle. This crucial role involves integrating security best practices and controls into all phases of application development, from design and coding to testing and deployment. You will be responsible for conducting security reviews of code, performing vulnerability assessments and penetration testing on applications, and providing guidance to development teams on secure coding techniques. The ideal candidate will possess a strong understanding of common web application vulnerabilities (e.g., OWASP Top 10), secure coding principles, and threat modeling. Experience with security testing tools, SAST, DAST, and IAST is essential. You will collaborate closely with software engineers, QA testers, and product managers to identify and remediate security risks proactively. This role requires excellent analytical and problem-solving skills, as well as strong communication abilities to effectively articulate security findings and recommendations to technical and non-technical stakeholders. Proven experience in application security, preferably within a fast-paced development environment, is highly desirable. You will play a key role in fostering a security-aware culture within the engineering teams and contribute to the continuous improvement of security processes and policies. We are looking for a candidate who is passionate about cybersecurity, dedicated to building secure software, and committed to staying abreast of the latest security threats and technologies. This hybrid position allows for flexibility in managing remote work while requiring on-site presence for collaborative security initiatives and team engagement in the Derby, Derbyshire, UK area. The successful applicant will be instrumental in safeguarding our client's applications and data against potential threats, ensuring the integrity and confidentiality of their digital assets.
This advertiser has chosen not to accept applicants from your region.

Application Security (AppSec) Engineer

Birmingham, West Midlands AND Digital

Posted 1 day ago

Job Viewed

Tap Again To Close

Job Description

Permanent

Who We Are
AND Digital is a tech company dedicated to accelerating digital delivery and closing the digital skills gap. Since 2014, we have supported organisations in building better digital products and stronger digital teams.
We believe our work should always create a remarkable impact for our clients. Through our regional offices, known as ‘Clubs,’ we build strong relationships with our partners, ensuring they are prioritised by teams located nearby.
This unique model has driven success for both our clients and ourselves, reflected in our remarkable organic growth since 2014. Today, we are over 1,300 people strong, with Clubs across the UK, Europe, and the USA—and plans for global expansion in the coming years.
Join us and help fulfil our mission to close the world’s digital skills gap.

The Role: Application (AppSec) Security Engineer

We are seeking an experienced and proactive Application Security Engineer to join our SecOps team. The team is responsible for maintaining the AND wide Security Champion program, responding to security threats and incidents, improving AND security posture, fulfilling compliance requirements and supporting improving AND’s business platforms security posture. The ideal candidate will be a technical specialist with a passion for securing applications across the full development lifecycle. This role is a key part of our commitment to enhancing security posture and will focus on managing and improving the security of a diverse set of applications, from commercial off-the-shelf products to our own internally developed services. You'll be a self-starter who is eager to drive change and continuously develop your skills in a dynamic environment.

Key Responsibilities : 

  • Application Management: Take ownership of the security of core technical applications, including Gitlab, Atlassian products (Jira, Confluence), and other niche, internally built services.
  • Compliance & Audits: Aid in the preparation for, and contribute to, internal and external audits, particularly in relation to the ISO:27001 standard.
  • Security Champion Programme: Develop and maintain content and training materials for the security champion programme, providing guidance and support to development teams to foster a culture of security.
  • Policy & Process Contribution: Actively contribute to the creation, distribution, and continuous improvement of internal security policies and processes.
  • Vulnerability Management: Identify, triage, and manage vulnerabilities within the application landscape, working closely with engineering teams to ensure timely remediation.
Required Experience & Skills
  • A minimum of three years of hands-on experience in an Application Security or similar technical security-focused role (SAST, SCA, DAST, IaC etc). We are open to diverse backgrounds.
  • Strong understanding of application security concepts, secure development lifecycles (SDLC), and common vulnerabilities and attack vectors (e.g., OWASP Top 10).
  • Experience with a range of security tools and technologies.
  • Familiarity with compliance frameworks, particularly ISO:27001, is highly desirable.
  • Excellent communication skills, with the ability to articulate technical security concepts to both technical and non-technical audiences.
Desired Attributes
  • Eagerness to Learn: A demonstrable passion for continuous self-development and staying current with the latest security threats and technologies.
  • Coaching and Mentoring: Demonstrates true willingness to upskill and mentor others. 
  • Proactive Mindset: A self-starter who can identify opportunities for improvement and take initiative to implement solutions.
  • Collaborative Spirit: The ability to work effectively with cross-functional teams and build strong working relationships.
  • Problem-Solving: Strong analytical and problem-solving skills, with a methodical approach to security challenges.

Equal Opportunities Statement

We are an equal opportunity employer and welcome applications from all qualified candidates. We actively encourage applications from women, ethnic minorities, and individuals with disabilities. We consider all flexible working arrangements, subject to the requirements of the role. Where reasonable adjustments are needed, we will strive to make changes to accommodate them.

This advertiser has chosen not to accept applicants from your region.

Application Security (AppSec) Engineer

Glasgow, Scotland AND Digital

Posted 1 day ago

Job Viewed

Tap Again To Close

Job Description

Permanent

Who We Are
AND Digital is a tech company dedicated to accelerating digital delivery and closing the digital skills gap. Since 2014, we have supported organisations in building better digital products and stronger digital teams.
We believe our work should always create a remarkable impact for our clients. Through our regional offices, known as ‘Clubs,’ we build strong relationships with our partners, ensuring they are prioritised by teams located nearby.
This unique model has driven success for both our clients and ourselves, reflected in our remarkable organic growth since 2014. Today, we are over 1,300 people strong, with Clubs across the UK, Europe, and the USA—and plans for global expansion in the coming years.
Join us and help fulfil our mission to close the world’s digital skills gap.

The Role: Application (AppSec) Security Engineer

We are seeking an experienced and proactive Application Security Engineer to join our SecOps team. The team is responsible for maintaining the AND wide Security Champion program, responding to security threats and incidents, improving AND security posture, fulfilling compliance requirements and supporting improving AND’s business platforms security posture. The ideal candidate will be a technical specialist with a passion for securing applications across the full development lifecycle. This role is a key part of our commitment to enhancing security posture and will focus on managing and improving the security of a diverse set of applications, from commercial off-the-shelf products to our own internally developed services. You'll be a self-starter who is eager to drive change and continuously develop your skills in a dynamic environment.

Key Responsibilities : 

  • Application Management: Take ownership of the security of core technical applications, including Gitlab, Atlassian products (Jira, Confluence), and other niche, internally built services.
  • Compliance & Audits: Aid in the preparation for, and contribute to, internal and external audits, particularly in relation to the ISO:27001 standard.
  • Security Champion Programme: Develop and maintain content and training materials for the security champion programme, providing guidance and support to development teams to foster a culture of security.
  • Policy & Process Contribution: Actively contribute to the creation, distribution, and continuous improvement of internal security policies and processes.
  • Vulnerability Management: Identify, triage, and manage vulnerabilities within the application landscape, working closely with engineering teams to ensure timely remediation.
Required Experience & Skills
  • A minimum of three years of hands-on experience in an Application Security or similar technical security-focused role (SAST, SCA, DAST, IaC etc). We are open to diverse backgrounds.
  • Strong understanding of application security concepts, secure development lifecycles (SDLC), and common vulnerabilities and attack vectors (e.g., OWASP Top 10).
  • Experience with a range of security tools and technologies.
  • Familiarity with compliance frameworks, particularly ISO:27001, is highly desirable.
  • Excellent communication skills, with the ability to articulate technical security concepts to both technical and non-technical audiences.
Desired Attributes
  • Eagerness to Learn: A demonstrable passion for continuous self-development and staying current with the latest security threats and technologies.
  • Coaching and Mentoring: Demonstrates true willingness to upskill and mentor others. 
  • Proactive Mindset: A self-starter who can identify opportunities for improvement and take initiative to implement solutions.
  • Collaborative Spirit: The ability to work effectively with cross-functional teams and build strong working relationships.
  • Problem-Solving: Strong analytical and problem-solving skills, with a methodical approach to security challenges.

Equal Opportunities Statement

We are an equal opportunity employer and welcome applications from all qualified candidates. We actively encourage applications from women, ethnic minorities, and individuals with disabilities. We consider all flexible working arrangements, subject to the requirements of the role. Where reasonable adjustments are needed, we will strive to make changes to accommodate them.

This advertiser has chosen not to accept applicants from your region.
Be The First To Know

About the latest Application security Jobs in United Kingdom !

Application Security (AppSec) Engineer

Leeds, Yorkshire and the Humber AND Digital

Posted 1 day ago

Job Viewed

Tap Again To Close

Job Description

Permanent

Who We Are
AND Digital is a tech company dedicated to accelerating digital delivery and closing the digital skills gap. Since 2014, we have supported organisations in building better digital products and stronger digital teams.
We believe our work should always create a remarkable impact for our clients. Through our regional offices, known as ‘Clubs,’ we build strong relationships with our partners, ensuring they are prioritised by teams located nearby.
This unique model has driven success for both our clients and ourselves, reflected in our remarkable organic growth since 2014. Today, we are over 1,300 people strong, with Clubs across the UK, Europe, and the USA—and plans for global expansion in the coming years.
Join us and help fulfil our mission to close the world’s digital skills gap.

The Role: Application (AppSec) Security Engineer

We are seeking an experienced and proactive Application Security Engineer to join our SecOps team. The team is responsible for maintaining the AND wide Security Champion program, responding to security threats and incidents, improving AND security posture, fulfilling compliance requirements and supporting improving AND’s business platforms security posture. The ideal candidate will be a technical specialist with a passion for securing applications across the full development lifecycle. This role is a key part of our commitment to enhancing security posture and will focus on managing and improving the security of a diverse set of applications, from commercial off-the-shelf products to our own internally developed services. You'll be a self-starter who is eager to drive change and continuously develop your skills in a dynamic environment.

Key Responsibilities : 

  • Application Management: Take ownership of the security of core technical applications, including Gitlab, Atlassian products (Jira, Confluence), and other niche, internally built services.
  • Compliance & Audits: Aid in the preparation for, and contribute to, internal and external audits, particularly in relation to the ISO:27001 standard.
  • Security Champion Programme: Develop and maintain content and training materials for the security champion programme, providing guidance and support to development teams to foster a culture of security.
  • Policy & Process Contribution: Actively contribute to the creation, distribution, and continuous improvement of internal security policies and processes.
  • Vulnerability Management: Identify, triage, and manage vulnerabilities within the application landscape, working closely with engineering teams to ensure timely remediation.
Required Experience & Skills
  • A minimum of three years of hands-on experience in an Application Security or similar technical security-focused role (SAST, SCA, DAST, IaC etc). We are open to diverse backgrounds.
  • Strong understanding of application security concepts, secure development lifecycles (SDLC), and common vulnerabilities and attack vectors (e.g., OWASP Top 10).
  • Experience with a range of security tools and technologies.
  • Familiarity with compliance frameworks, particularly ISO:27001, is highly desirable.
  • Excellent communication skills, with the ability to articulate technical security concepts to both technical and non-technical audiences.
Desired Attributes
  • Eagerness to Learn: A demonstrable passion for continuous self-development and staying current with the latest security threats and technologies.
  • Coaching and Mentoring: Demonstrates true willingness to upskill and mentor others. 
  • Proactive Mindset: A self-starter who can identify opportunities for improvement and take initiative to implement solutions.
  • Collaborative Spirit: The ability to work effectively with cross-functional teams and build strong working relationships.
  • Problem-Solving: Strong analytical and problem-solving skills, with a methodical approach to security challenges.

Equal Opportunities Statement

We are an equal opportunity employer and welcome applications from all qualified candidates. We actively encourage applications from women, ethnic minorities, and individuals with disabilities. We consider all flexible working arrangements, subject to the requirements of the role. Where reasonable adjustments are needed, we will strive to make changes to accommodate them.

This advertiser has chosen not to accept applicants from your region.

Application Security (AppSec) Engineer

Manchester, North West AND Digital

Posted 1 day ago

Job Viewed

Tap Again To Close

Job Description

Permanent

Who We Are
AND Digital is a tech company dedicated to accelerating digital delivery and closing the digital skills gap. Since 2014, we have supported organisations in building better digital products and stronger digital teams.
We believe our work should always create a remarkable impact for our clients. Through our regional offices, known as ‘Clubs,’ we build strong relationships with our partners, ensuring they are prioritised by teams located nearby.
This unique model has driven success for both our clients and ourselves, reflected in our remarkable organic growth since 2014. Today, we are over 1,300 people strong, with Clubs across the UK, Europe, and the USA—and plans for global expansion in the coming years.
Join us and help fulfil our mission to close the world’s digital skills gap.

The Role: Application (AppSec) Security Engineer

We are seeking an experienced and proactive Application Security Engineer to join our SecOps team. The team is responsible for maintaining the AND wide Security Champion program, responding to security threats and incidents, improving AND security posture, fulfilling compliance requirements and supporting improving AND’s business platforms security posture. The ideal candidate will be a technical specialist with a passion for securing applications across the full development lifecycle. This role is a key part of our commitment to enhancing security posture and will focus on managing and improving the security of a diverse set of applications, from commercial off-the-shelf products to our own internally developed services. You'll be a self-starter who is eager to drive change and continuously develop your skills in a dynamic environment.

Key Responsibilities : 

  • Application Management: Take ownership of the security of core technical applications, including Gitlab, Atlassian products (Jira, Confluence), and other niche, internally built services.
  • Compliance & Audits: Aid in the preparation for, and contribute to, internal and external audits, particularly in relation to the ISO:27001 standard.
  • Security Champion Programme: Develop and maintain content and training materials for the security champion programme, providing guidance and support to development teams to foster a culture of security.
  • Policy & Process Contribution: Actively contribute to the creation, distribution, and continuous improvement of internal security policies and processes.
  • Vulnerability Management: Identify, triage, and manage vulnerabilities within the application landscape, working closely with engineering teams to ensure timely remediation.
Required Experience & Skills
  • A minimum of three years of hands-on experience in an Application Security or similar technical security-focused role (SAST, SCA, DAST, IaC etc). We are open to diverse backgrounds.
  • Strong understanding of application security concepts, secure development lifecycles (SDLC), and common vulnerabilities and attack vectors (e.g., OWASP Top 10).
  • Experience with a range of security tools and technologies.
  • Familiarity with compliance frameworks, particularly ISO:27001, is highly desirable.
  • Excellent communication skills, with the ability to articulate technical security concepts to both technical and non-technical audiences.
Desired Attributes
  • Eagerness to Learn: A demonstrable passion for continuous self-development and staying current with the latest security threats and technologies.
  • Coaching and Mentoring: Demonstrates true willingness to upskill and mentor others. 
  • Proactive Mindset: A self-starter who can identify opportunities for improvement and take initiative to implement solutions.
  • Collaborative Spirit: The ability to work effectively with cross-functional teams and build strong working relationships.
  • Problem-Solving: Strong analytical and problem-solving skills, with a methodical approach to security challenges.

Equal Opportunities Statement

We are an equal opportunity employer and welcome applications from all qualified candidates. We actively encourage applications from women, ethnic minorities, and individuals with disabilities. We consider all flexible working arrangements, subject to the requirements of the role. Where reasonable adjustments are needed, we will strive to make changes to accommodate them.

This advertiser has chosen not to accept applicants from your region.

Application Security (AppSec) Engineer

London, London AND Digital

Posted 1 day ago

Job Viewed

Tap Again To Close

Job Description

Permanent

Who We Are
AND Digital is a tech company dedicated to accelerating digital delivery and closing the digital skills gap. Since 2014, we have supported organisations in building better digital products and stronger digital teams.
We believe our work should always create a remarkable impact for our clients. Through our regional offices, known as ‘Clubs,’ we build strong relationships with our partners, ensuring they are prioritised by teams located nearby.
This unique model has driven success for both our clients and ourselves, reflected in our remarkable organic growth since 2014. Today, we are over 1,300 people strong, with Clubs across the UK, Europe, and the USA—and plans for global expansion in the coming years.
Join us and help fulfil our mission to close the world’s digital skills gap.

The Role: Application (AppSec) Security Engineer

We are seeking an experienced and proactive Application Security Engineer to join our SecOps team. The team is responsible for maintaining the AND wide Security Champion program, responding to security threats and incidents, improving AND security posture, fulfilling compliance requirements and supporting improving AND’s business platforms security posture. The ideal candidate will be a technical specialist with a passion for securing applications across the full development lifecycle. This role is a key part of our commitment to enhancing security posture and will focus on managing and improving the security of a diverse set of applications, from commercial off-the-shelf products to our own internally developed services. You'll be a self-starter who is eager to drive change and continuously develop your skills in a dynamic environment.

Key Responsibilities : 

  • Application Management: Take ownership of the security of core technical applications, including Gitlab, Atlassian products (Jira, Confluence), and other niche, internally built services.
  • Compliance & Audits: Aid in the preparation for, and contribute to, internal and external audits, particularly in relation to the ISO:27001 standard.
  • Security Champion Programme: Develop and maintain content and training materials for the security champion programme, providing guidance and support to development teams to foster a culture of security.
  • Policy & Process Contribution: Actively contribute to the creation, distribution, and continuous improvement of internal security policies and processes.
  • Vulnerability Management: Identify, triage, and manage vulnerabilities within the application landscape, working closely with engineering teams to ensure timely remediation.
Required Experience & Skills
  • A minimum of three years of hands-on experience in an Application Security or similar technical security-focused role (SAST, SCA, DAST, IaC etc). We are open to diverse backgrounds.
  • Strong understanding of application security concepts, secure development lifecycles (SDLC), and common vulnerabilities and attack vectors (e.g., OWASP Top 10).
  • Experience with a range of security tools and technologies.
  • Familiarity with compliance frameworks, particularly ISO:27001, is highly desirable.
  • Excellent communication skills, with the ability to articulate technical security concepts to both technical and non-technical audiences.
Desired Attributes
  • Eagerness to Learn: A demonstrable passion for continuous self-development and staying current with the latest security threats and technologies.
  • Coaching and Mentoring: Demonstrates true willingness to upskill and mentor others. 
  • Proactive Mindset: A self-starter who can identify opportunities for improvement and take initiative to implement solutions.
  • Collaborative Spirit: The ability to work effectively with cross-functional teams and build strong working relationships.
  • Problem-Solving: Strong analytical and problem-solving skills, with a methodical approach to security challenges.

Equal Opportunities Statement

We are an equal opportunity employer and welcome applications from all qualified candidates. We actively encourage applications from women, ethnic minorities, and individuals with disabilities. We consider all flexible working arrangements, subject to the requirements of the role. Where reasonable adjustments are needed, we will strive to make changes to accommodate them.

This advertiser has chosen not to accept applicants from your region.
 

Nearby Locations

Other Jobs Near Me

Industry

  1. request_quote Accounting
  2. work Administrative
  3. eco Agriculture Forestry
  4. smart_toy AI & Emerging Technologies
  5. school Apprenticeships & Trainee
  6. apartment Architecture
  7. palette Arts & Entertainment
  8. directions_car Automotive
  9. flight_takeoff Aviation
  10. account_balance Banking & Finance
  11. local_florist Beauty & Wellness
  12. restaurant Catering
  13. volunteer_activism Charity & Voluntary
  14. science Chemical Engineering
  15. child_friendly Childcare
  16. foundation Civil Engineering
  17. clean_hands Cleaning & Sanitation
  18. diversity_3 Community & Social Care
  19. construction Construction
  20. brush Creative & Digital
  21. currency_bitcoin Crypto & Blockchain
  22. support_agent Customer Service & Helpdesk
  23. medical_services Dental
  24. medical_services Driving & Transport
  25. medical_services E Commerce & Social Media
  26. school Education & Teaching
  27. electrical_services Electrical Engineering
  28. bolt Energy
  29. local_mall Fmcg
  30. gavel Government & Non Profit
  31. emoji_events Graduate
  32. health_and_safety Healthcare
  33. beach_access Hospitality & Tourism
  34. groups Human Resources
  35. precision_manufacturing Industrial Engineering
  36. security Information Security
  37. handyman Installation & Maintenance
  38. policy Insurance
  39. code IT & Software
  40. gavel Legal
  41. sports_soccer Leisure & Sports
  42. inventory_2 Logistics & Warehousing
  43. supervisor_account Management
  44. supervisor_account Management Consultancy
  45. supervisor_account Manufacturing & Production
  46. campaign Marketing
  47. build Mechanical Engineering
  48. perm_media Media & PR
  49. local_hospital Medical
  50. local_hospital Military & Public Safety
  51. local_hospital Mining
  52. medical_services Nursing
  53. local_gas_station Oil & Gas
  54. biotech Pharmaceutical
  55. checklist_rtl Project Management
  56. shopping_bag Purchasing
  57. home_work Real Estate
  58. person_search Recruitment Consultancy
  59. store Retail
  60. point_of_sale Sales
  61. science Scientific Research & Development
  62. wifi Telecoms
  63. psychology Therapy
  64. pets Veterinary
View All Application Security Jobs