Overview
A leading fintech company is seeking a Lead AppSec Engineer to join their established team. You’ll be instrumental in embedding security into every stage of the software development lifecycle—guiding engineers, shaping best practices, and driving secure, scalable solutions across our platform.
Base pay range
This range is provided by Halian | Managed Services, Recruitment Agency & Contract Staffing. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Key Responsibilities
* Security Advisory: Serve as the go-to expert for application security across engineering teams—providing hands-on guidance, resolving concerns, and fostering a security-first mindset.
* DevSecOps Enablement: Promote and implement secure development practices across CI/CD pipelines, secrets and key management, dependency management, and secure design.
* Vulnerability Management: Lead vulnerability remediation efforts—triaging findings, prioritizing risks, and partnering with teams to deliver effective, pragmatic fixes.
* Tooling & Automation: Integrate security tools (e.g., SAST, DAST, SCA, secrets scanning) into developer workflows, ensuring automation is both scalable and developer-friendly.
* Cloud Security Collaboration: Work alongside infrastructure teams to ensure secure configuration of AWS and Azure environments, with a focus on IAM, network security, encryption, and observability.
* Architecture & Design Reviews: Provide input and recommendations to ensure new services and features are secure by design.
* Continuous Improvement: Stay ahead of the curve on security trends, tools, and threats—proactively recommending enhancements to our security posture.
Skills needed
* 3+ years of experience in application security, or a strong software engineering background with a security focus.
* Hands-on experience with secure CI/CD practices, DevSecOps methodologies, GitHub workflows, and Terraform.
* Deep understanding of cloud security principles in AWS and Azure, particularly around IAM, secrets management, and networking.
* Proficient in secure coding practices, threat modeling, and vulnerability remediation.
* Familiar with a range of security tooling including static and dynamic analysis, software composition analysis, and container security.
* Excellent communication and collaboration skills—able to translate complex security concepts into practical guidance for engineers.
* Proven ability to influence development teams and drive adoption of security best practices.
* Strong analytical and prioritization skills with a pragmatic, risk-based approach to decision-making.
Nice to have
* If you have come from a development / penetration testing background this would be advantageous for my client.
* Pen testing experience
* Certifications (CEH) / OSCP
Work arrangement
This role is on a hybrid basis with 3 days on-site in central London and offers a 2 - 3 stage interview process.
Interview slots available - apply now to be considered!
#J-18808-Ljbffr