780 Application Security jobs in the United Kingdom
Staff Application Security Engineer
Posted today
Job Viewed
Job Description
Who We Are
In today's work environment, employees use a myriad of devices to access IT applications and data over multiple networks to stay productive, wherever and however they work. Ivanti elevates and secures Everywhere Work so that people and organizations can thrive.
While our headquarters is in the U.S., half of our employees and customers are outside the country. We have 36 offices in 23 nations, with significant offices in London, Frankfurt, Paris, Sydney, Shanghai, Singapore, and other major cities around the world.
Ivanti's mission is to be a global technology leader enabling organizations to elevate Everywhere Work, automating tasks that discover, manage, secure, and service all their IT assets. Through diverse and inclusive hiring, decision-making, and commitment to our employees and partners, we will continue to build and deliver world-class solutions for our customers.
Our Culture - Everywhere Work Centered Around You
At Ivanti, our success begins with our people. This is why we embrace Everywhere Work across the globe, where Ivantians and our customers are thriving. We believe in a healthy work-life blend and act on it by fostering a culture where all perspectives are heard, respected, and valued. Through Ivanti's Centered Around You approach, our employees benefit from programs focused on their professional development and career growth.
We align through our core values by locking arms in collaboration, being champions for our customers, focusing on the outcomes that matter most and fighting the good fight against cyber-attacks. Are you ready to join us on the journey to elevate Everywhere Work?
About The Team
Ivanti is a global leader in IT systems and security management, service management, asset management, and mobility management solutions, and is experiencing significant growth worldwide. The company has received numerous awards for being a Top Place to Work. With open positions around the globe, it's an exciting time to join Ivanti Competitive salary and benefits and flexible hours. Ivanti is a great place to work.If you're passionate about what you do and are interested in developing solutions that make a difference and in having fun while doing it, Ivanti is the place for you
What You Will Be Doing
- Develop both broad and deep technical understanding of Ivanti products, services and architectures
- Conduct security assessments such as threat modelling, secure architecture, code reviews and penetration tests on web and mobile applications and services
- Interpret security vulnerability reports to stakeholders, providing advice on vulnerability prioritization, remediation and mitigation
- Closely coordinate with all stakeholders to bake in security into all phases of SDLC
- Create and maintain documentation for security processes
- Deliver accurate metrics to stakeholders and business leaders in a clear and concise manner
- Maintain high proficiency in relevant security topics (latest vulnerabilities, TTPs, exploits, etc.)
- Create and deliver security education across the organization
- Develop innovative and scalable tools, solutions and processes to enhance product security operations
- Support accurate security tooling implementation to maximize their effectiveness and interpret their results to relevant stakeholders
To Be Successful in The Role, You Will Have
- 5+ years of experience in web application security roles
- Deep technical understanding of both common and uncommon security vulnerabilities
- Passion and self drive for researching vulnerabilities and latest exploitation techniques
- Ability to discover and exploit security vulnerabilities as well as to give practical and applicable remediation advice
- Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc.)
- Ability to explain vulnerabilities in a precise, concise and easy to understand manner to stakeholders of varying security and technical backgrounds
- Ability to work in a self-directed environment that is highly collaborative and cross functional
- Experience in performing Threat Modelling and providing actionable advice from its results
- High level of experience in scoring security vulnerability severities through CVSS
- Good understanding of SSDLC as well as development and integration tools and technologies uses as part of CI/CD pipelines
- Experience implementing, running and maintaining tools and processes to reliably identify security issues across large code bases (SAST, SCA, DAST, container scanning, penetration tests, etc.)
- Experience providing secure coding education to developers
- Experience with at least one programming language (preferrable Python)
- Ability to performing internal penetration tests as well as coordinating penetration tests executed by third party vendors
- Ability to triage and reproduce security vulnerabilities from varying internal and external reporting sources
- Experience in programs such as Responsible Disclosure, Bug Bounty or Vulnerability Disclosure Program
You are an ideal candidate if you
- Want to make a difference
- Have high experience in web application, database and infrastructure security topics
- Have high technical knowledge on security vulnerabilities, Défense techniques and security best practices
- Can easily explain complex topics
- Have excellent verbal and written communication skills
- Enjoy working cross teams and being a valuable resource to other engineers
- Have experience in authentication and authorization standards and protocols (SAML, Oauth, LDAP, AD, etc.)
- Know how to go beyond generic security vulnerability remediation advice
- Can read and write code with ease
- Love to learn about latest security topics even in your free time
- Have good understanding of one or more major cloud providers (Azure, AWS, GCP)
- Know how to educate others on security topics
- Have previous experience in securing SaaS applications and cloud environments at scale
- Understand in depth CI/CD pipelines, containerization (Kubernetes, Docker, etc.) and Microservices
- Know how to coordinate external vulnerability reporting
- Have B.S. Computer Science or similar combination of education and experience
Our Employer Commitment
This job posting will remain active until a qualified candidate is identified.
At Ivanti, we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by applicable law. Ivanti believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool.
If you require special assistance for the best interview experience, please contact us
Application Security Engineer, Privacy
Posted 2 days ago
Job Viewed
Job Description
Meta's Privacy Engineering team is seeking a Privacy Engineer with experience in applying an adversarial mindset to identify, scope, contain, and eradicate real-world privacy threats to products and infrastructure. Your primary responsibility will be to deal with privacy vulnerabilities by designing and guiding Software Engineers through remediations, learning from security/privacy incidents, and identifying vulnerabilities across our codebase at scale. Your skills will be the foundation of security initiatives that protect the security and privacy of billions of people. You will advance Meta's mission of making the world more open and connected by identifying and neutralizing threats that aim to collect sensitive information or disrupt our systems.
**Required Skills:**
Application Security Engineer, Privacy Responsibilities:
1. Incident triage & fact identification: Get the right people involved to understand what has happened and assess impact
2. Follow the facts uncovered in triage to mitigate and remediate the vulnerability
3. Review and understand what happened and ensure that the root cause and contributing factors are identified, documented, and remediated
4. Apply technical understanding to ensure Meta learns from each incident to ensure it doesn't resurface
5. Employ adversarial mindset to proactively identify vulnerabilities across Meta's products
**Minimum Qualifications:**
Minimum Qualifications:
6. 5+ years work experience in technical privacy, security, or security software engineering domains, including incident response, application privacy/security, and/or offensive security
7. Experience identifying, analyzing, and remediating real-world privacy/security threats
8. Software engineering proficiency equivalent to 1+ years work experience coding in Python, PHP, Java, C/C++ (or equivalent language) including code maintenance and review
**Preferred Qualifications:**
Preferred Qualifications:
9. Experience within a corporate environment communicating technical issues and their implications to other areas of the business.
10. Experience managing large-scale incidents with broad, public visibility.
11. Technical contributions to the privacy or security community (e.g., public research, blogging, presentations).
12. B.S. or M.S. in Computer Science or a related field, or equivalent work experience.
13. Technical experience across other Privacy or Security disciplines, e.g., Application Security/Privacy.
**Industry:** Internet
Senior Application Security Engineer
Posted 3 days ago
Job Viewed
Job Description
Key Responsibilities:
- Conduct security reviews and threat modeling for new and existing applications.
- Perform static application security testing (SAST) and dynamic application security testing (DAST).
- Work closely with development teams to remediate identified vulnerabilities and provide secure coding guidance.
- Develop and maintain security testing tools and automation frameworks.
- Design and implement security controls for web applications, APIs, and microservices.
- Stay informed about the latest application security threats, vulnerabilities, and best practices.
- Contribute to the development and enforcement of secure coding standards and policies.
- Provide security training and awareness to development teams.
- Investigate and respond to application-specific security incidents.
- Evaluate and integrate third-party security tools and solutions.
- Mentor junior security engineers and contribute to team knowledge sharing.
Lead Application Security Engineer
Posted 8 days ago
Job Viewed
Job Description
Responsibilities:
- Lead the development and implementation of application security initiatives and best practices.
- Perform security architecture reviews and threat modeling for new applications and features.
- Conduct secure code reviews and dynamic application security testing (DAST).
- Integrate security tools and processes into CI/CD pipelines.
- Develop and deliver application security training to development teams.
- Mentor and guide junior application security engineers.
- Collaborate with development and operations teams to remediate vulnerabilities.
- Stay current with emerging application security threats and vulnerabilities.
- Develop and maintain security standards and guidelines for application development.
- Respond to and investigate security incidents related to applications.
- Proven experience as an Application Security Engineer or in a similar role, with demonstrated leadership experience.
- Deep understanding of secure software development principles and methodologies.
- Expertise in identifying and mitigating common web and mobile application vulnerabilities (e.g., OWASP Top 10).
- Proficiency in security code analysis tools and penetration testing techniques.
- Experience with CI/CD pipelines and security automation.
- Strong knowledge of security architecture, threat modeling, and risk assessment.
- Excellent communication, interpersonal, and stakeholder management skills.
- Experience working effectively in a fully remote, collaborative environment.
- Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent work experience.
- Relevant security certifications (e.g., OSCP, CSSLP) are a strong asset.
Lead Application Security Engineer
Posted 14 days ago
Job Viewed
Job Description
Your responsibilities will include architecting and implementing robust security controls for web applications, APIs, and microservices. You will conduct in-depth security assessments, penetration testing, and vulnerability analysis of applications, identifying and prioritizing risks. Developing and maintaining security documentation, including threat models and security requirements, will be a key part of your role. You will collaborate closely with development teams to provide guidance on secure coding practices, security tooling, and remediation strategies. Additionally, you will contribute to the development and maintenance of the CI/CD pipeline, ensuring security is embedded within automated workflows.
The ideal candidate will have a strong background in application security, secure software development, and threat modeling. Proficiency in multiple programming languages and experience with various security testing tools (SAST, DAST, IAST) is essential. You should possess excellent knowledge of common web vulnerabilities (e.g., OWASP Top 10) and experience with cloud security principles (AWS, Azure, GCP). Strong leadership and communication skills are necessary to effectively mentor team members and collaborate with cross-functional teams. Experience with container security and orchestration platforms like Docker and Kubernetes is also highly valued. This role offers a unique opportunity to shape the security posture of our client's products and services from a remote location, ensuring the highest level of protection for their users and data.
Senior Application Security Engineer
Posted 15 days ago
Job Viewed
Job Description
The ideal candidate will have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, coupled with a minimum of 5 years of hands-on experience in application security. Proven expertise in secure coding practices, common web vulnerabilities (OWASP Top 10), and relevant mitigation techniques is essential. You should be proficient in using security testing tools such as Burp Suite, OWASP ZAP, Nessus, and SAST/DAST tools. Experience with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is highly desirable. The ability to effectively communicate security risks and recommendations to both technical and non-technical stakeholders is critical. You will be responsible for developing and implementing security standards, guidelines, and best practices, and may be involved in incident response activities. This is a remote-first position, allowing you to contribute your expertise from anywhere, but with strong collaborative links to our team and operations.
As a Senior Application Security Engineer, you will be a trusted advisor, working closely with development teams to embed security into the development process. You will contribute to the security architecture reviews, provide guidance on secure design principles, and help automate security testing within CI/CD pipelines. Your work will directly contribute to protecting sensitive data and maintaining the integrity and availability of our client's critical systems. This is an excellent opportunity to advance your career in a challenging and rewarding field, working with a forward-thinking company.
Key Responsibilities:
- Perform security assessments, penetration testing, and vulnerability analysis of applications.
- Conduct threat modeling and risk assessments.
- Review application source code for security flaws.
- Develop and implement security controls and best practices.
- Integrate security testing into CI/CD pipelines.
- Provide security guidance and training to development teams.
- Contribute to incident response and remediation efforts.
- Stay current with emerging security threats and technologies.
Lead Application Security Engineer
Posted 20 days ago
Job Viewed
Job Description
Key Responsibilities:
- Lead the strategy, design, and implementation of application security programs and initiatives across the organization.
- Develop and enforce secure coding standards, guidelines, and best practices for development teams.
- Conduct comprehensive security reviews of application designs, architecture, and code.
- Perform and oversee regular security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST).
- Lead and mentor a team of application security engineers, fostering their professional growth and ensuring high performance.
- Collaborate closely with software development teams, product managers, and DevOps engineers to integrate security seamlessly into CI/CD pipelines.
- Develop and maintain security awareness training programs for developers.
- Investigate and respond to security vulnerabilities and incidents related to applications.
- Evaluate, select, and implement application security tools and technologies.
- Stay abreast of the latest application security threats, vulnerabilities, and industry trends.
- Define and track key security metrics to measure the effectiveness of the application security program.
- Engage with external security researchers and manage bug bounty programs.
- Contribute to the overall information security strategy and roadmap.
Qualifications and Experience:
- Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related technical field.
- Minimum of 7 years of experience in application security, with at least 2 years in a lead or management role.
- Deep understanding of common web and mobile application vulnerabilities (e.g., OWASP Top 10) and mitigation techniques.
- Proven experience with SAST, DAST, IAST, SCA, and penetration testing methodologies.
- Strong knowledge of secure SDLC principles and DevSecOps practices.
- Experience with cloud security concepts (AWS, Azure, GCP) and securing cloud-native applications.
- Proficiency in at least one programming language (e.g., Python, Java, C#) for security tooling and automation.
- Excellent leadership, communication, and interpersonal skills.
- Ability to effectively influence and collaborate with cross-functional teams.
- Relevant certifications such as CISSP, CSSLP, CEH, or GWAPT are highly desirable.
- Demonstrated ability to build and scale security programs in a remote-first environment.
Be The First To Know
About the latest Application security Jobs in United Kingdom !
Senior Application Security Engineer
Posted 20 days ago
Job Viewed
Job Description
The Senior Application Security Engineer will work closely with software development teams, providing expert guidance on secure coding principles, architecture reviews, and threat modeling. You will be responsible for conducting security assessments, including code reviews, dynamic analysis (DAST), and static analysis (SAST) of applications. You will also investigate and respond to security incidents related to applications, and develop remediation plans. This role involves defining and implementing security controls for applications deployed in cloud environments (AWS, Azure). Collaboration with product managers, architects, and DevOps engineers to integrate security seamlessly into the CI/CD pipeline is essential. You will also contribute to the development of security policies, standards, and best practices for application development. The ability to clearly communicate technical risks and solutions to both technical and non-technical stakeholders is crucial.
Responsibilities:
- Integrating security best practices into the entire software development lifecycle (SDLC).
- Conducting threat modelling and risk assessments for new and existing applications.
- Performing security code reviews and static/dynamic application security testing (SAST/DAST).
- Identifying, triaging, and tracking application security vulnerabilities.
- Collaborating with development teams to remediate identified security flaws.
- Developing and implementing security controls for applications in cloud environments.
- Automating security testing and integrating it into CI/CD pipelines.
- Providing security guidance and training to development teams.
- Investigating and responding to application security incidents.
- Staying current with emerging application security threats and technologies.
- Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
- Proven experience in application security engineering or secure software development.
- Strong understanding of secure coding principles and common vulnerabilities (e.g., OWASP Top 10).
- Experience with SAST, DAST, IAST, and vulnerability management tools.
- Familiarity with threat modelling methodologies (e.g., STRIDE).
- Knowledge of cloud security principles and services (AWS, Azure).
- Experience with scripting languages (e.g., Python, PowerShell) for automation.
- Excellent analytical and problem-solving skills.
- Strong communication and collaboration skills.
- Relevant security certifications such as CSSLP, CISSP, or GIAC certifications are a plus.
Application Security (AppSec) Engineer
Posted 23 days ago
Job Viewed
Job Description
Who We Are
AND Digital is a tech company dedicated to accelerating digital delivery and closing the digital skills gap. Since 2014, we have supported organisations in building better digital products and stronger digital teams.
We believe our work should always create a remarkable impact for our clients. Through our regional offices, known as ‘Clubs,’ we build strong relationships with our partners, ensuring they are prioritised by teams located nearby.
This unique model has driven success for both our clients and ourselves, reflected in our remarkable organic growth since 2014. Today, we are over 1,300 people strong, with Clubs across the UK, Europe, and the USA—and plans for global expansion in the coming years.
Join us and help fulfil our mission to close the world’s digital skills gap.
The Role: Application (AppSec) Security Engineer
We are seeking an experienced and proactive Application Security Engineer to join our SecOps team. The team is responsible for maintaining the AND wide Security Champion program, responding to security threats and incidents, improving AND security posture, fulfilling compliance requirements and supporting improving AND’s business platforms security posture. The ideal candidate will be a technical specialist with a passion for securing applications across the full development lifecycle. This role is a key part of our commitment to enhancing security posture and will focus on managing and improving the security of a diverse set of applications, from commercial off-the-shelf products to our own internally developed services. You'll be a self-starter who is eager to drive change and continuously develop your skills in a dynamic environment.
Key Responsibilities :
- Application Management: Take ownership of the security of core technical applications, including Gitlab, Atlassian products (Jira, Confluence), and other niche, internally built services.
- Compliance & Audits: Aid in the preparation for, and contribute to, internal and external audits, particularly in relation to the ISO:27001 standard.
- Security Champion Programme: Develop and maintain content and training materials for the security champion programme, providing guidance and support to development teams to foster a culture of security.
- Policy & Process Contribution: Actively contribute to the creation, distribution, and continuous improvement of internal security policies and processes.
- Vulnerability Management: Identify, triage, and manage vulnerabilities within the application landscape, working closely with engineering teams to ensure timely remediation.
- A minimum of three years of hands-on experience in an Application Security or similar technical security-focused role (SAST, SCA, DAST, IaC etc). We are open to diverse backgrounds.
- Strong understanding of application security concepts, secure development lifecycles (SDLC), and common vulnerabilities and attack vectors (e.g., OWASP Top 10).
- Experience with a range of security tools and technologies.
- Familiarity with compliance frameworks, particularly ISO:27001, is highly desirable.
- Excellent communication skills, with the ability to articulate technical security concepts to both technical and non-technical audiences.
- Eagerness to Learn: A demonstrable passion for continuous self-development and staying current with the latest security threats and technologies.
- Coaching and Mentoring: Demonstrates true willingness to upskill and mentor others.
- Proactive Mindset: A self-starter who can identify opportunities for improvement and take initiative to implement solutions.
- Collaborative Spirit: The ability to work effectively with cross-functional teams and build strong working relationships.
- Problem-Solving: Strong analytical and problem-solving skills, with a methodical approach to security challenges.
Equal Opportunities Statement
We are an equal opportunity employer and welcome applications from all qualified candidates. We actively encourage applications from women, ethnic minorities, and individuals with disabilities. We consider all flexible working arrangements, subject to the requirements of the role. Where reasonable adjustments are needed, we will strive to make changes to accommodate them.
Application Security (AppSec) Engineer
Posted 23 days ago
Job Viewed
Job Description
Who We Are
AND Digital is a tech company dedicated to accelerating digital delivery and closing the digital skills gap. Since 2014, we have supported organisations in building better digital products and stronger digital teams.
We believe our work should always create a remarkable impact for our clients. Through our regional offices, known as ‘Clubs,’ we build strong relationships with our partners, ensuring they are prioritised by teams located nearby.
This unique model has driven success for both our clients and ourselves, reflected in our remarkable organic growth since 2014. Today, we are over 1,300 people strong, with Clubs across the UK, Europe, and the USA—and plans for global expansion in the coming years.
Join us and help fulfil our mission to close the world’s digital skills gap.
The Role: Application (AppSec) Security Engineer
We are seeking an experienced and proactive Application Security Engineer to join our SecOps team. The team is responsible for maintaining the AND wide Security Champion program, responding to security threats and incidents, improving AND security posture, fulfilling compliance requirements and supporting improving AND’s business platforms security posture. The ideal candidate will be a technical specialist with a passion for securing applications across the full development lifecycle. This role is a key part of our commitment to enhancing security posture and will focus on managing and improving the security of a diverse set of applications, from commercial off-the-shelf products to our own internally developed services. You'll be a self-starter who is eager to drive change and continuously develop your skills in a dynamic environment.
Key Responsibilities :
- Application Management: Take ownership of the security of core technical applications, including Gitlab, Atlassian products (Jira, Confluence), and other niche, internally built services.
- Compliance & Audits: Aid in the preparation for, and contribute to, internal and external audits, particularly in relation to the ISO:27001 standard.
- Security Champion Programme: Develop and maintain content and training materials for the security champion programme, providing guidance and support to development teams to foster a culture of security.
- Policy & Process Contribution: Actively contribute to the creation, distribution, and continuous improvement of internal security policies and processes.
- Vulnerability Management: Identify, triage, and manage vulnerabilities within the application landscape, working closely with engineering teams to ensure timely remediation.
- A minimum of three years of hands-on experience in an Application Security or similar technical security-focused role (SAST, SCA, DAST, IaC etc). We are open to diverse backgrounds.
- Strong understanding of application security concepts, secure development lifecycles (SDLC), and common vulnerabilities and attack vectors (e.g., OWASP Top 10).
- Experience with a range of security tools and technologies.
- Familiarity with compliance frameworks, particularly ISO:27001, is highly desirable.
- Excellent communication skills, with the ability to articulate technical security concepts to both technical and non-technical audiences.
- Eagerness to Learn: A demonstrable passion for continuous self-development and staying current with the latest security threats and technologies.
- Coaching and Mentoring: Demonstrates true willingness to upskill and mentor others.
- Proactive Mindset: A self-starter who can identify opportunities for improvement and take initiative to implement solutions.
- Collaborative Spirit: The ability to work effectively with cross-functional teams and build strong working relationships.
- Problem-Solving: Strong analytical and problem-solving skills, with a methodical approach to security challenges.
Equal Opportunities Statement
We are an equal opportunity employer and welcome applications from all qualified candidates. We actively encourage applications from women, ethnic minorities, and individuals with disabilities. We consider all flexible working arrangements, subject to the requirements of the role. Where reasonable adjustments are needed, we will strive to make changes to accommodate them.