A leading fintech company is seeking a Lead AppSec Engineer to join their established team. Youll be instrumental in embedding security into every stage of the software development lifecycleguiding engineers, shaping best practices, and driving secure, scalable solutions across our platform. Key Responsibilities:
Security Advisory : Serve as the go-to expert for application security across engineering teamsproviding hands-on guidance, resolving concerns, and fostering a security-first mindset.
DevSecOps Enablement : Promote and implement secure development practices across CI/CD pipelines, secrets and key management, dependency management, and secure design.
Vulnerability Management : Lead vulnerability remediation effortstriaging findings, prioritizing risks, and partnering with teams to deliver effective, pragmatic fixes.
Tooling & Automation : Integrate security tools (e.g., SAST, DAST, SCA, secrets scanning) into developer workflows, ensuring automation is both scalable and developer-friendly.
Cloud Security Collaboration : Work alongside infrastructure teams to ensure secure configuration of AWS and Azure environments, with a focus on IAM, network security, encryption, and observability.
Architecture & Design Reviews : Provide input and recommendations to ensure new services and features are secure by design.
Continuous Improvement : Stay ahead of the curve on security trends, tools, and threatsproactively recommending enhancements to our security posture.
Skills needed:
3+ years of experience in application security, or a strong software engineering background with a security focus.
Hands-on experience with secure CI/CD practices, DevSecOps methodologies, GitHub workflows, and Terraform.
Deep understanding of cloud security principles in AWS and Azure, particularly around IAM, secrets management, and networking.
Proficient in secure coding practices, threat modeling, and vulnerability remediation.
Familiar with a range of security tooling including static and dynamic analysis, software composition analysis, and container security.
Excellent communication and collaboration skillsable to translate complex security concepts into practical guidance for engineers.
Proven ability to influence development teams and drive adoption of security best practices.
Strong analytical and prioritization skills with a pragmatic, risk-based approach to decision-making.
Leadership experience
Nice to have:
If you have come from a development / penetration testing background this would be advantageous for my client.
Pen testing experience
Certifications (CEH) / OSCP
This role is on a hybrid basis with 2 - 3 days on-site in central London and offers a 2 - 3 stage interview process.
Interview slots available - apply now to be considered!
TPBN1_UKTJ