780 Application Security jobs in the United Kingdom

Staff Application Security Engineer

Scotland, Scotland Ivanti

Posted today

Job Viewed

Tap Again To Close

Job Description

Who We Are

In today's work environment, employees use a myriad of devices to access IT applications and data over multiple networks to stay productive, wherever and however they work. Ivanti elevates and secures Everywhere Work so that people and organizations can thrive.

While our headquarters is in the U.S., half of our employees and customers are outside the country. We have 36 offices in 23 nations, with significant offices in London, Frankfurt, Paris, Sydney, Shanghai, Singapore, and other major cities around the world.

Ivanti's mission is to be a global technology leader enabling organizations to elevate Everywhere Work, automating tasks that discover, manage, secure, and service all their IT assets. Through diverse and inclusive hiring, decision-making, and commitment to our employees and partners, we will continue to build and deliver world-class solutions for our customers.

Our Culture - Everywhere Work Centered Around You

At Ivanti, our success begins with our people. This is why we embrace Everywhere Work across the globe, where Ivantians and our customers are thriving. We believe in a healthy work-life blend and act on it by fostering a culture where all perspectives are heard, respected, and valued. Through Ivanti's Centered Around You approach, our employees benefit from programs focused on their professional development and career growth.

We align through our core values by locking arms in collaboration, being champions for our customers, focusing on the outcomes that matter most and fighting the good fight against cyber-attacks. Are you ready to join us on the journey to elevate Everywhere Work?

About The Team

Ivanti is a global leader in IT systems and security management, service management, asset management, and mobility management solutions, and is experiencing significant growth worldwide. The company has received numerous awards for being a Top Place to Work. With open positions around the globe, it's an exciting time to join Ivanti Competitive salary and benefits and flexible hours. Ivanti is a great place to work.If you're passionate about what you do and are interested in developing solutions that make a difference and in having fun while doing it, Ivanti is the place for you

What You Will Be Doing

  • Develop both broad and deep technical understanding of Ivanti products, services and architectures
  • Conduct security assessments such as threat modelling, secure architecture, code reviews and penetration tests on web and mobile applications and services
  • Interpret security vulnerability reports to stakeholders, providing advice on vulnerability prioritization, remediation and mitigation
  • Closely coordinate with all stakeholders to bake in security into all phases of SDLC
  • Create and maintain documentation for security processes
  • Deliver accurate metrics to stakeholders and business leaders in a clear and concise manner
  • Maintain high proficiency in relevant security topics (latest vulnerabilities, TTPs, exploits, etc.)
  • Create and deliver security education across the organization
  • Develop innovative and scalable tools, solutions and processes to enhance product security operations
  • Support accurate security tooling implementation to maximize their effectiveness and interpret their results to relevant stakeholders

To Be Successful in The Role, You Will Have

  • 5+ years of experience in web application security roles
  • Deep technical understanding of both common and uncommon security vulnerabilities
  • Passion and self drive for researching vulnerabilities and latest exploitation techniques
  • Ability to discover and exploit security vulnerabilities as well as to give practical and applicable remediation advice
  • Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc.)
  • Ability to explain vulnerabilities in a precise, concise and easy to understand manner to stakeholders of varying security and technical backgrounds
  • Ability to work in a self-directed environment that is highly collaborative and cross functional
  • Experience in performing Threat Modelling and providing actionable advice from its results
  • High level of experience in scoring security vulnerability severities through CVSS
  • Good understanding of SSDLC as well as development and integration tools and technologies uses as part of CI/CD pipelines
  • Experience implementing, running and maintaining tools and processes to reliably identify security issues across large code bases (SAST, SCA, DAST, container scanning, penetration tests, etc.)
  • Experience providing secure coding education to developers
  • Experience with at least one programming language (preferrable Python)
  • Ability to performing internal penetration tests as well as coordinating penetration tests executed by third party vendors
  • Ability to triage and reproduce security vulnerabilities from varying internal and external reporting sources
  • Experience in programs such as Responsible Disclosure, Bug Bounty or Vulnerability Disclosure Program

You are an ideal candidate if you

  • Want to make a difference
  • Have high experience in web application, database and infrastructure security topics
  • Have high technical knowledge on security vulnerabilities, Défense techniques and security best practices
  • Can easily explain complex topics
  • Have excellent verbal and written communication skills
  • Enjoy working cross teams and being a valuable resource to other engineers
  • Have experience in authentication and authorization standards and protocols (SAML, Oauth, LDAP, AD, etc.)
  • Know how to go beyond generic security vulnerability remediation advice
  • Can read and write code with ease
  • Love to learn about latest security topics even in your free time
  • Have good understanding of one or more major cloud providers (Azure, AWS, GCP)
  • Know how to educate others on security topics
  • Have previous experience in securing SaaS applications and cloud environments at scale
  • Understand in depth CI/CD pipelines, containerization (Kubernetes, Docker, etc.) and Microservices
  • Know how to coordinate external vulnerability reporting
  • Have B.S. Computer Science or similar combination of education and experience

Our Employer Commitment

This job posting will remain active until a qualified candidate is identified.

At Ivanti, we are committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and teammates without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, and any other characteristic protected by applicable law. Ivanti believes that diversity and inclusion among our teammates is critical to our success as a global company, and we seek to recruit, develop and retain the most talented people from a diverse candidate pool.

If you require special assistance for the best interview experience, please contact us

This advertiser has chosen not to accept applicants from your region.

Application Security Engineer, Privacy

London, London Meta

Posted 2 days ago

Job Viewed

Tap Again To Close

Job Description

**Summary:**
Meta's Privacy Engineering team is seeking a Privacy Engineer with experience in applying an adversarial mindset to identify, scope, contain, and eradicate real-world privacy threats to products and infrastructure. Your primary responsibility will be to deal with privacy vulnerabilities by designing and guiding Software Engineers through remediations, learning from security/privacy incidents, and identifying vulnerabilities across our codebase at scale. Your skills will be the foundation of security initiatives that protect the security and privacy of billions of people. You will advance Meta's mission of making the world more open and connected by identifying and neutralizing threats that aim to collect sensitive information or disrupt our systems.
**Required Skills:**
Application Security Engineer, Privacy Responsibilities:
1. Incident triage & fact identification: Get the right people involved to understand what has happened and assess impact
2. Follow the facts uncovered in triage to mitigate and remediate the vulnerability
3. Review and understand what happened and ensure that the root cause and contributing factors are identified, documented, and remediated
4. Apply technical understanding to ensure Meta learns from each incident to ensure it doesn't resurface
5. Employ adversarial mindset to proactively identify vulnerabilities across Meta's products
**Minimum Qualifications:**
Minimum Qualifications:
6. 5+ years work experience in technical privacy, security, or security software engineering domains, including incident response, application privacy/security, and/or offensive security
7. Experience identifying, analyzing, and remediating real-world privacy/security threats
8. Software engineering proficiency equivalent to 1+ years work experience coding in Python, PHP, Java, C/C++ (or equivalent language) including code maintenance and review
**Preferred Qualifications:**
Preferred Qualifications:
9. Experience within a corporate environment communicating technical issues and their implications to other areas of the business.
10. Experience managing large-scale incidents with broad, public visibility.
11. Technical contributions to the privacy or security community (e.g., public research, blogging, presentations).
12. B.S. or M.S. in Computer Science or a related field, or equivalent work experience.
13. Technical experience across other Privacy or Security disciplines, e.g., Application Security/Privacy.
**Industry:** Internet
This advertiser has chosen not to accept applicants from your region.

Senior Application Security Engineer

SR1 1UE Sunderland, North East £70000 Annually WhatJobs

Posted 3 days ago

Job Viewed

Tap Again To Close

Job Description

full-time
Our client is seeking a proactive and experienced Senior Application Security Engineer to join their growing security team in Sunderland, Tyne and Wear, UK . This role is crucial in ensuring the security of our software applications throughout their lifecycle. You will be responsible for identifying and mitigating security vulnerabilities in code, implementing secure coding practices, and collaborating with development teams to build security into our products from the ground up.

Key Responsibilities:
  • Conduct security reviews and threat modeling for new and existing applications.
  • Perform static application security testing (SAST) and dynamic application security testing (DAST).
  • Work closely with development teams to remediate identified vulnerabilities and provide secure coding guidance.
  • Develop and maintain security testing tools and automation frameworks.
  • Design and implement security controls for web applications, APIs, and microservices.
  • Stay informed about the latest application security threats, vulnerabilities, and best practices.
  • Contribute to the development and enforcement of secure coding standards and policies.
  • Provide security training and awareness to development teams.
  • Investigate and respond to application-specific security incidents.
  • Evaluate and integrate third-party security tools and solutions.
  • Mentor junior security engineers and contribute to team knowledge sharing.
The ideal candidate will possess a Bachelor's degree in Computer Science, Information Technology, or a related field. Relevant certifications such as CSSLP or GIAC certifications are a plus. A minimum of 5-7 years of experience in application security, software development, or a related security role is required. Strong understanding of web application vulnerabilities (e.g., OWASP Top 10), secure coding principles, and common security frameworks is essential. Proficiency in at least one programming language (e.g., Java, Python, C#) is highly desirable. Excellent communication and collaboration skills are needed to work effectively with cross-functional teams. This role is based at our Sunderland facility and requires a dedicated on-site presence.
This advertiser has chosen not to accept applicants from your region.

Lead Application Security Engineer

LE1 1AA Leicester, East Midlands £75000 Annually WhatJobs

Posted 8 days ago

Job Viewed

Tap Again To Close

Job Description

full-time
Our client is seeking an experienced and forward-thinking Lead Application Security Engineer to join their high-performing, fully remote engineering team. This is a crucial role focused on ensuring the security of all applications developed and deployed by the organization. You will be responsible for defining and implementing robust application security strategies, standards, and best practices across the software development lifecycle (SDLC). This includes conducting security architecture reviews, threat modeling, and static/dynamic code analysis to identify and remediate vulnerabilities before they can be exploited. As a Lead, you will guide and mentor a team of application security engineers, fostering a culture of security awareness and ownership within development teams. You will develop and deliver application security training programs, empowering developers to write secure code. Integrating security controls into CI/CD pipelines and automating security testing will be key responsibilities. You will work closely with development, QA, and operations teams to embed security throughout the development process, ensuring that security is not an afterthought but a core component of every application. The ideal candidate will have a deep understanding of common web and mobile application vulnerabilities (e.g., OWASP Top 10), secure coding practices, and penetration testing methodologies. Excellent leadership, communication, and collaboration skills are essential for this role, enabling you to effectively influence stakeholders and drive security initiatives in a remote setting. You should be proactive, innovative, and passionate about building secure software. This is an exceptional opportunity to shape the application security program of a growing company and make a significant impact on its overall security posture, all while enjoying the flexibility of a fully remote position.

Responsibilities:
  • Lead the development and implementation of application security initiatives and best practices.
  • Perform security architecture reviews and threat modeling for new applications and features.
  • Conduct secure code reviews and dynamic application security testing (DAST).
  • Integrate security tools and processes into CI/CD pipelines.
  • Develop and deliver application security training to development teams.
  • Mentor and guide junior application security engineers.
  • Collaborate with development and operations teams to remediate vulnerabilities.
  • Stay current with emerging application security threats and vulnerabilities.
  • Develop and maintain security standards and guidelines for application development.
  • Respond to and investigate security incidents related to applications.
Qualifications:
  • Proven experience as an Application Security Engineer or in a similar role, with demonstrated leadership experience.
  • Deep understanding of secure software development principles and methodologies.
  • Expertise in identifying and mitigating common web and mobile application vulnerabilities (e.g., OWASP Top 10).
  • Proficiency in security code analysis tools and penetration testing techniques.
  • Experience with CI/CD pipelines and security automation.
  • Strong knowledge of security architecture, threat modeling, and risk assessment.
  • Excellent communication, interpersonal, and stakeholder management skills.
  • Experience working effectively in a fully remote, collaborative environment.
  • Bachelor's degree in Computer Science, Cybersecurity, or a related field, or equivalent work experience.
  • Relevant security certifications (e.g., OSCP, CSSLP) are a strong asset.
This fully remote role offers the chance to lead security efforts for our client's critical applications. We foster a collaborative and innovative remote work culture.Location: This is a fully remote role, supporting our client's operations with their primary office in **Leicester, Leicestershire, UK**, but you can work from anywhere within the UK.
This advertiser has chosen not to accept applicants from your region.

Lead Application Security Engineer

PO1 1AA Portsmouth, South East £75000 Annually WhatJobs

Posted 14 days ago

Job Viewed

Tap Again To Close

Job Description

full-time
Our client is seeking a highly experienced Lead Application Security Engineer to spearhead their secure software development initiatives. This is a critical, fully remote role focused on integrating security best practices throughout the entire application lifecycle, from design and development to deployment and maintenance. You will lead a team of security engineers, driving the adoption of secure coding standards, performing security reviews, and developing automated security testing solutions.

Your responsibilities will include architecting and implementing robust security controls for web applications, APIs, and microservices. You will conduct in-depth security assessments, penetration testing, and vulnerability analysis of applications, identifying and prioritizing risks. Developing and maintaining security documentation, including threat models and security requirements, will be a key part of your role. You will collaborate closely with development teams to provide guidance on secure coding practices, security tooling, and remediation strategies. Additionally, you will contribute to the development and maintenance of the CI/CD pipeline, ensuring security is embedded within automated workflows.

The ideal candidate will have a strong background in application security, secure software development, and threat modeling. Proficiency in multiple programming languages and experience with various security testing tools (SAST, DAST, IAST) is essential. You should possess excellent knowledge of common web vulnerabilities (e.g., OWASP Top 10) and experience with cloud security principles (AWS, Azure, GCP). Strong leadership and communication skills are necessary to effectively mentor team members and collaborate with cross-functional teams. Experience with container security and orchestration platforms like Docker and Kubernetes is also highly valued. This role offers a unique opportunity to shape the security posture of our client's products and services from a remote location, ensuring the highest level of protection for their users and data.
This advertiser has chosen not to accept applicants from your region.

Senior Application Security Engineer

BN1 1AA East Sussex, South East £70000 Annually WhatJobs

Posted 15 days ago

Job Viewed

Tap Again To Close

Job Description

full-time
Our client is seeking a highly skilled and experienced Senior Application Security Engineer to join their growing cybersecurity team. This role is crucial in ensuring the security of our client's software applications throughout their entire lifecycle, from design and development to deployment and maintenance. You will play a key role in identifying and mitigating security vulnerabilities, implementing robust security controls, and fostering a security-first culture within the engineering organization. Responsibilities include conducting security assessments, penetration testing, code reviews, and threat modeling for web and mobile applications.

The ideal candidate will have a Bachelor's or Master's degree in Computer Science, Information Security, or a related field, coupled with a minimum of 5 years of hands-on experience in application security. Proven expertise in secure coding practices, common web vulnerabilities (OWASP Top 10), and relevant mitigation techniques is essential. You should be proficient in using security testing tools such as Burp Suite, OWASP ZAP, Nessus, and SAST/DAST tools. Experience with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes) is highly desirable. The ability to effectively communicate security risks and recommendations to both technical and non-technical stakeholders is critical. You will be responsible for developing and implementing security standards, guidelines, and best practices, and may be involved in incident response activities. This is a remote-first position, allowing you to contribute your expertise from anywhere, but with strong collaborative links to our team and operations.

As a Senior Application Security Engineer, you will be a trusted advisor, working closely with development teams to embed security into the development process. You will contribute to the security architecture reviews, provide guidance on secure design principles, and help automate security testing within CI/CD pipelines. Your work will directly contribute to protecting sensitive data and maintaining the integrity and availability of our client's critical systems. This is an excellent opportunity to advance your career in a challenging and rewarding field, working with a forward-thinking company.

Key Responsibilities:
  • Perform security assessments, penetration testing, and vulnerability analysis of applications.
  • Conduct threat modeling and risk assessments.
  • Review application source code for security flaws.
  • Develop and implement security controls and best practices.
  • Integrate security testing into CI/CD pipelines.
  • Provide security guidance and training to development teams.
  • Contribute to incident response and remediation efforts.
  • Stay current with emerging security threats and technologies.
This advertiser has chosen not to accept applicants from your region.

Lead Application Security Engineer

BN1 1AA East Sussex, South East £80000 Annually WhatJobs

Posted 20 days ago

Job Viewed

Tap Again To Close

Job Description

full-time
Our client is looking for a highly experienced and visionary Lead Application Security Engineer to join their fully remote, globally distributed team. This is a critical leadership position focused on embedding security into the entire software development lifecycle (SDLC) for all of our client's applications. You will be responsible for establishing and maturing application security practices, guiding development teams, and ensuring that security is a fundamental aspect of every product built. If you are passionate about secure coding, proactive threat mitigation, and driving security culture, this role is for you.

Key Responsibilities:
  • Lead the strategy, design, and implementation of application security programs and initiatives across the organization.
  • Develop and enforce secure coding standards, guidelines, and best practices for development teams.
  • Conduct comprehensive security reviews of application designs, architecture, and code.
  • Perform and oversee regular security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Interactive Application Security Testing (IAST).
  • Lead and mentor a team of application security engineers, fostering their professional growth and ensuring high performance.
  • Collaborate closely with software development teams, product managers, and DevOps engineers to integrate security seamlessly into CI/CD pipelines.
  • Develop and maintain security awareness training programs for developers.
  • Investigate and respond to security vulnerabilities and incidents related to applications.
  • Evaluate, select, and implement application security tools and technologies.
  • Stay abreast of the latest application security threats, vulnerabilities, and industry trends.
  • Define and track key security metrics to measure the effectiveness of the application security program.
  • Engage with external security researchers and manage bug bounty programs.
  • Contribute to the overall information security strategy and roadmap.

Qualifications and Experience:
  • Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related technical field.
  • Minimum of 7 years of experience in application security, with at least 2 years in a lead or management role.
  • Deep understanding of common web and mobile application vulnerabilities (e.g., OWASP Top 10) and mitigation techniques.
  • Proven experience with SAST, DAST, IAST, SCA, and penetration testing methodologies.
  • Strong knowledge of secure SDLC principles and DevSecOps practices.
  • Experience with cloud security concepts (AWS, Azure, GCP) and securing cloud-native applications.
  • Proficiency in at least one programming language (e.g., Python, Java, C#) for security tooling and automation.
  • Excellent leadership, communication, and interpersonal skills.
  • Ability to effectively influence and collaborate with cross-functional teams.
  • Relevant certifications such as CISSP, CSSLP, CEH, or GWAPT are highly desirable.
  • Demonstrated ability to build and scale security programs in a remote-first environment.
This is a fully remote position offering a highly competitive salary, comprehensive benefits, and the chance to shape the security posture of a leading organisation. If you are a passionate advocate for secure software development, apply today.
This advertiser has chosen not to accept applicants from your region.
Be The First To Know

About the latest Application security Jobs in United Kingdom !

Senior Application Security Engineer

RG1 1BB Reading, South East £70000 Annually WhatJobs

Posted 20 days ago

Job Viewed

Tap Again To Close

Job Description

full-time
Our client is seeking a highly skilled Senior Application Security Engineer to join their expanding Information Security department in Reading, Berkshire, UK . This pivotal role focuses on embedding security into the software development lifecycle (SDLC), ensuring that applications are designed, developed, and deployed securely. You will be instrumental in identifying and mitigating security vulnerabilities within custom-built applications, third-party software, and cloud-based services. The ideal candidate will have a deep understanding of secure coding practices, threat modelling, and security testing methodologies.

The Senior Application Security Engineer will work closely with software development teams, providing expert guidance on secure coding principles, architecture reviews, and threat modeling. You will be responsible for conducting security assessments, including code reviews, dynamic analysis (DAST), and static analysis (SAST) of applications. You will also investigate and respond to security incidents related to applications, and develop remediation plans. This role involves defining and implementing security controls for applications deployed in cloud environments (AWS, Azure). Collaboration with product managers, architects, and DevOps engineers to integrate security seamlessly into the CI/CD pipeline is essential. You will also contribute to the development of security policies, standards, and best practices for application development. The ability to clearly communicate technical risks and solutions to both technical and non-technical stakeholders is crucial.

Responsibilities:
  • Integrating security best practices into the entire software development lifecycle (SDLC).
  • Conducting threat modelling and risk assessments for new and existing applications.
  • Performing security code reviews and static/dynamic application security testing (SAST/DAST).
  • Identifying, triaging, and tracking application security vulnerabilities.
  • Collaborating with development teams to remediate identified security flaws.
  • Developing and implementing security controls for applications in cloud environments.
  • Automating security testing and integrating it into CI/CD pipelines.
  • Providing security guidance and training to development teams.
  • Investigating and responding to application security incidents.
  • Staying current with emerging application security threats and technologies.
Qualifications:
  • Bachelor's or Master's degree in Computer Science, Cybersecurity, or a related field.
  • Proven experience in application security engineering or secure software development.
  • Strong understanding of secure coding principles and common vulnerabilities (e.g., OWASP Top 10).
  • Experience with SAST, DAST, IAST, and vulnerability management tools.
  • Familiarity with threat modelling methodologies (e.g., STRIDE).
  • Knowledge of cloud security principles and services (AWS, Azure).
  • Experience with scripting languages (e.g., Python, PowerShell) for automation.
  • Excellent analytical and problem-solving skills.
  • Strong communication and collaboration skills.
  • Relevant security certifications such as CSSLP, CISSP, or GIAC certifications are a plus.
This is a fantastic opportunity to shape the security of software applications in a leading technology-focused company.
This advertiser has chosen not to accept applicants from your region.

Application Security (AppSec) Engineer

Birmingham, West Midlands AND Digital

Posted 23 days ago

Job Viewed

Tap Again To Close

Job Description

Permanent

Who We Are
AND Digital is a tech company dedicated to accelerating digital delivery and closing the digital skills gap. Since 2014, we have supported organisations in building better digital products and stronger digital teams.
We believe our work should always create a remarkable impact for our clients. Through our regional offices, known as ‘Clubs,’ we build strong relationships with our partners, ensuring they are prioritised by teams located nearby.
This unique model has driven success for both our clients and ourselves, reflected in our remarkable organic growth since 2014. Today, we are over 1,300 people strong, with Clubs across the UK, Europe, and the USA—and plans for global expansion in the coming years.
Join us and help fulfil our mission to close the world’s digital skills gap.

The Role: Application (AppSec) Security Engineer

We are seeking an experienced and proactive Application Security Engineer to join our SecOps team. The team is responsible for maintaining the AND wide Security Champion program, responding to security threats and incidents, improving AND security posture, fulfilling compliance requirements and supporting improving AND’s business platforms security posture. The ideal candidate will be a technical specialist with a passion for securing applications across the full development lifecycle. This role is a key part of our commitment to enhancing security posture and will focus on managing and improving the security of a diverse set of applications, from commercial off-the-shelf products to our own internally developed services. You'll be a self-starter who is eager to drive change and continuously develop your skills in a dynamic environment.

Key Responsibilities : 

  • Application Management: Take ownership of the security of core technical applications, including Gitlab, Atlassian products (Jira, Confluence), and other niche, internally built services.
  • Compliance & Audits: Aid in the preparation for, and contribute to, internal and external audits, particularly in relation to the ISO:27001 standard.
  • Security Champion Programme: Develop and maintain content and training materials for the security champion programme, providing guidance and support to development teams to foster a culture of security.
  • Policy & Process Contribution: Actively contribute to the creation, distribution, and continuous improvement of internal security policies and processes.
  • Vulnerability Management: Identify, triage, and manage vulnerabilities within the application landscape, working closely with engineering teams to ensure timely remediation.
Required Experience & Skills
  • A minimum of three years of hands-on experience in an Application Security or similar technical security-focused role (SAST, SCA, DAST, IaC etc). We are open to diverse backgrounds.
  • Strong understanding of application security concepts, secure development lifecycles (SDLC), and common vulnerabilities and attack vectors (e.g., OWASP Top 10).
  • Experience with a range of security tools and technologies.
  • Familiarity with compliance frameworks, particularly ISO:27001, is highly desirable.
  • Excellent communication skills, with the ability to articulate technical security concepts to both technical and non-technical audiences.
Desired Attributes
  • Eagerness to Learn: A demonstrable passion for continuous self-development and staying current with the latest security threats and technologies.
  • Coaching and Mentoring: Demonstrates true willingness to upskill and mentor others. 
  • Proactive Mindset: A self-starter who can identify opportunities for improvement and take initiative to implement solutions.
  • Collaborative Spirit: The ability to work effectively with cross-functional teams and build strong working relationships.
  • Problem-Solving: Strong analytical and problem-solving skills, with a methodical approach to security challenges.

Equal Opportunities Statement

We are an equal opportunity employer and welcome applications from all qualified candidates. We actively encourage applications from women, ethnic minorities, and individuals with disabilities. We consider all flexible working arrangements, subject to the requirements of the role. Where reasonable adjustments are needed, we will strive to make changes to accommodate them.

This advertiser has chosen not to accept applicants from your region.

Application Security (AppSec) Engineer

Glasgow, Scotland AND Digital

Posted 23 days ago

Job Viewed

Tap Again To Close

Job Description

Permanent

Who We Are
AND Digital is a tech company dedicated to accelerating digital delivery and closing the digital skills gap. Since 2014, we have supported organisations in building better digital products and stronger digital teams.
We believe our work should always create a remarkable impact for our clients. Through our regional offices, known as ‘Clubs,’ we build strong relationships with our partners, ensuring they are prioritised by teams located nearby.
This unique model has driven success for both our clients and ourselves, reflected in our remarkable organic growth since 2014. Today, we are over 1,300 people strong, with Clubs across the UK, Europe, and the USA—and plans for global expansion in the coming years.
Join us and help fulfil our mission to close the world’s digital skills gap.

The Role: Application (AppSec) Security Engineer

We are seeking an experienced and proactive Application Security Engineer to join our SecOps team. The team is responsible for maintaining the AND wide Security Champion program, responding to security threats and incidents, improving AND security posture, fulfilling compliance requirements and supporting improving AND’s business platforms security posture. The ideal candidate will be a technical specialist with a passion for securing applications across the full development lifecycle. This role is a key part of our commitment to enhancing security posture and will focus on managing and improving the security of a diverse set of applications, from commercial off-the-shelf products to our own internally developed services. You'll be a self-starter who is eager to drive change and continuously develop your skills in a dynamic environment.

Key Responsibilities : 

  • Application Management: Take ownership of the security of core technical applications, including Gitlab, Atlassian products (Jira, Confluence), and other niche, internally built services.
  • Compliance & Audits: Aid in the preparation for, and contribute to, internal and external audits, particularly in relation to the ISO:27001 standard.
  • Security Champion Programme: Develop and maintain content and training materials for the security champion programme, providing guidance and support to development teams to foster a culture of security.
  • Policy & Process Contribution: Actively contribute to the creation, distribution, and continuous improvement of internal security policies and processes.
  • Vulnerability Management: Identify, triage, and manage vulnerabilities within the application landscape, working closely with engineering teams to ensure timely remediation.
Required Experience & Skills
  • A minimum of three years of hands-on experience in an Application Security or similar technical security-focused role (SAST, SCA, DAST, IaC etc). We are open to diverse backgrounds.
  • Strong understanding of application security concepts, secure development lifecycles (SDLC), and common vulnerabilities and attack vectors (e.g., OWASP Top 10).
  • Experience with a range of security tools and technologies.
  • Familiarity with compliance frameworks, particularly ISO:27001, is highly desirable.
  • Excellent communication skills, with the ability to articulate technical security concepts to both technical and non-technical audiences.
Desired Attributes
  • Eagerness to Learn: A demonstrable passion for continuous self-development and staying current with the latest security threats and technologies.
  • Coaching and Mentoring: Demonstrates true willingness to upskill and mentor others. 
  • Proactive Mindset: A self-starter who can identify opportunities for improvement and take initiative to implement solutions.
  • Collaborative Spirit: The ability to work effectively with cross-functional teams and build strong working relationships.
  • Problem-Solving: Strong analytical and problem-solving skills, with a methodical approach to security challenges.

Equal Opportunities Statement

We are an equal opportunity employer and welcome applications from all qualified candidates. We actively encourage applications from women, ethnic minorities, and individuals with disabilities. We consider all flexible working arrangements, subject to the requirements of the role. Where reasonable adjustments are needed, we will strive to make changes to accommodate them.

This advertiser has chosen not to accept applicants from your region.
 

Nearby Locations

Other Jobs Near Me

Industry

  1. request_quote Accounting
  2. work Administrative
  3. eco Agriculture Forestry
  4. smart_toy AI & Emerging Technologies
  5. school Apprenticeships & Trainee
  6. apartment Architecture
  7. palette Arts & Entertainment
  8. directions_car Automotive
  9. flight_takeoff Aviation
  10. account_balance Banking & Finance
  11. local_florist Beauty & Wellness
  12. restaurant Catering
  13. volunteer_activism Charity & Voluntary
  14. science Chemical Engineering
  15. child_friendly Childcare
  16. foundation Civil Engineering
  17. clean_hands Cleaning & Sanitation
  18. diversity_3 Community & Social Care
  19. construction Construction
  20. brush Creative & Digital
  21. currency_bitcoin Crypto & Blockchain
  22. support_agent Customer Service & Helpdesk
  23. medical_services Dental
  24. medical_services Driving & Transport
  25. medical_services E Commerce & Social Media
  26. school Education & Teaching
  27. electrical_services Electrical Engineering
  28. bolt Energy
  29. local_mall Fmcg
  30. gavel Government & Non Profit
  31. emoji_events Graduate
  32. health_and_safety Healthcare
  33. beach_access Hospitality & Tourism
  34. groups Human Resources
  35. precision_manufacturing Industrial Engineering
  36. security Information Security
  37. handyman Installation & Maintenance
  38. policy Insurance
  39. code IT & Software
  40. gavel Legal
  41. sports_soccer Leisure & Sports
  42. inventory_2 Logistics & Warehousing
  43. supervisor_account Management
  44. supervisor_account Management Consultancy
  45. supervisor_account Manufacturing & Production
  46. campaign Marketing
  47. build Mechanical Engineering
  48. perm_media Media & PR
  49. local_hospital Medical
  50. local_hospital Military & Public Safety
  51. local_hospital Mining
  52. medical_services Nursing
  53. local_gas_station Oil & Gas
  54. biotech Pharmaceutical
  55. checklist_rtl Project Management
  56. shopping_bag Purchasing
  57. home_work Real Estate
  58. person_search Recruitment Consultancy
  59. store Retail
  60. point_of_sale Sales
  61. science Scientific Research & Development
  62. wifi Telecoms
  63. psychology Therapy
  64. pets Veterinary
View All Application Security Jobs