Security Engineer - Application Security
Join to apply for the Security Engineer - Application Security role at IFX Payments
About IFX Payments
We’re an award‑winning global provider of foreign exchange and payment solutions. At IFX, our mission is to become the number one service‑led alternative banking partner in EMEA for corporates and financial institutions that add value beyond the transaction. We have one guiding principle: to win. Properly.
Overview of the Role
IFX Payments is seeking a technically skilled and proactive Application Security Engineer to embed secure development practices across its software delivery lifecycle. This role is critical in reducing application‑layer risks, implementing secure coding standards, and ensuring threat modeling and architecture reviews are consistently applied across all development efforts.
You will work closely with engineering and platform teams to integrate security into CI/CD pipelines, automate vulnerability detection, and drive continuous improvement in application security posture.
Responsibilities
* Embed security controls into CI/CD pipelines and development workflows.
* Implement and manage SAST, DAST, and SCA tools to detect vulnerabilities early in the lifecycle.
* Conduct secure code reviews and support developers in remediating findings.
* Lead threat modeling sessions using standard methodologies to identify design flaws.
* Review application architectures to ensure alignment with security objectives and mitigate common threats.
* Maintain and update reference architectures based on threat modeling insights.
* Deploy and manage application security tools and integrate them with existing platforms.
* Automate security tasks using scripting (e.g., Python, PowerShell) or SOAR platforms.
* Ensure alignment with ISO 27001, FCA, and NIST standards.
* Contribute to audit readiness and support compliance automation platforms such as Drata.
* Work with engineering teams to promote secure coding practices.
* Support the rollout of role‑based security training and awareness initiatives.
* Act as a security champion within development squads and mentor junior engineers.
Requirements
* Broad experience in application security or secure software development.
* Strong understanding of OWASP Top 10, secure coding techniques, and threat modeling.
* Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners.
* Familiarity with cloud platforms (Azure or AWS), CI/CD pipelines, and DevOps practices.
* Knowledge of regulatory frameworks (ISO 27001, FCA, NIST).
* Excellent communication skills and ability to work cross‑functionally.
* Experience in fintech or regulated environments.
* Certifications such as OSCP, CSSLP, or CISSP.
* Familiarity with compliance automation platforms (e.g., Drata).
* Exposure to legacy system security challenges and modernization strategies.
* A true team player with a winning mentality and strong work ethic committed to continuous improvement and high performance.
* Adaptable, tenacious, and flexible who can perform under pressure.
Benefits
* 25 days’ annual leave, plus bank holidays and an extra day off for your birthday.
* Life insurance.
* Holiday loyalty scheme.
* Work abroad scheme.
* Enrolment into our pension scheme via a salary exchange scheme.
* Access to a financial education, planning and coaching platform.
* Membership with healthcare platform, providing cash‑back on healthcare, dental, optical & physio, plus access to stress helplines, a virtual GP and more.
* Salary exchange nursery fees.
* Enhanced parental leave.
* Cycle to work.
* Career development and progression tools.
* Company events – sporting events, pub nights, seasonal parties, socials.
Diversity & Inclusion
We believe that diversity and inclusion are essential to our success. We are committed to fostering a culture where everyone feels valued and respected, regardless of their background, identity or experiences. By embracing diverse perspectives and promoting equity, we aim to create an environment where all employees can perform and reach their full potential.
Additional Information
* We work on a hybrid basis from our office in Central London.
* You must be eligible to work in the UK to be considered for this position.
* Full background check will be carried out.
Seniority Level
Mid‑Senior level
Employment Type
Temporary
Job Function
Information Technology
#J-18808-Ljbffr