A leading Fintech / Payments company is looking for a proactive and technically skilled Application Security Engineer / DevSecOps to champion secure development practices across our software delivery lifecycle.
In this role, youll play a key part in identifying and reducing application-layer risks, integrating security into the development pipeline, and ensuring that security considerations are embedded throughout the SDLC.
Working closely with engineering and platform teams, youll help automate security processes, lead threat modelling exercises, and continually improve the organisations application security posture.
Key Responsibilities
Secure Development Lifecycle (SDLC)
Experience working with static and dynamic code analysis tools (SAST, DAST) is essentialwhile you dont need to have set them up, you should have collaborated with developers to ensure code is scanned and critical vulnerabilities are blocked in the pipeline.
Integrate security controls into CI/CD pipelines and development workflows.
Manage and monitor SAST, DAST, and SCA tools to detect vulnerabilities early in the lifecycle.
Conduct secure code reviews and support remediation efforts.
Threat Modelling & Architecture Review
Requirements (Primarily Essential)
2+ years of experience in application security or secure software development.
Strong knowledge of OWASP Top 10, secure coding principles, and threat modelling.
Hands-on experience with SAST, DAST, SCA, and vulnerability management tools.
Familiarity with cloud platforms (Azure or AWS), CI/CD pipelines, and DevOps processes.
Strong communication skills and the ability to collaborate effectively across teams.
Understanding of regulatory and security standards (ISO 27001, FCA, NIST). (Nice to have)
Youll need to demonstrate experiencethough not necessarily deep expertisein secure architecture and threat modelling, and be comfortable leading initiatives in this area.
Facilitate and lead threat modelling sessions to uncover design vulnerabilities.
Review and advise on application architectures to ensure alignment with security best practices.
Maintain and evolve reference architecture frameworks based on security insights.
Desirable Skills
Experience working in fintech or regulated environments.
Certifications such as OSCP, CSSLP, or CISSP.
Familiarity with compliance automation platforms like Drata.
Exposure to legacy application security and modernisation strategies.
This role is based in central London working on a hybrid basis with 3 days on-site.
Interview slots available asap.
Apply now to be considered.
TPBN1_UKTJ