Job Description
Partnered with a VC backed Fintech organisation I'm looking for a Senior Application Security Engineer to embed application security into there product development lifecycle and CI/CD pipelines. This is an individual contributor role working closely with engineering, SRE and product teams to assess, improve, and scale AppSec across a high‑volume transactional platform.
* Review current application and API landscape, tooling and processes
* Identify gaps and risks, then design pragmatic mitigation plans
* Integrate security into CI/CD, SDLC and change management processes
* Coach and enable software engineers to build secure products by default
Discovery & Assessment
* Conduct a structured review of existing web applications and APIs
* Map current AppSec controls, tooling and processes across the SDLC
* Identify critical vulnerabilities, systemic weaknesses and quick wins
* Triage and prioritise issues based on risk and business impact
Engineering & Implementation
* Embed security controls into CI/CD pipelines (e.g. SAST, DAST, SCA, secrets scanning)
* Partner with SRE and engineering teams on secure architectures and patterns
* Define and implement secure coding standards and best practices
* Drive threat modeling for key products and high‑risk changes
* Support/oversee application pen testing activities as needed
Enablement & Ways of Working
* Work closely with product and engineering leads to “shift left” on security
* Coach and mentor engineers on secure design, coding and review practices
* Create lightweight, usable security guidelines and playbooks for teams
* Influence roadmaps so that security is considered upfront in new product development
Strategy & Roadmap
* Contribute to the AppSec roadmap and longer‑term security strategy
* Recommend and help select security tools and services
* Provide regular visibility on risk, progress and priorities to engineering leadership
Core Experience
* Strong application security background with prior software engineering experience
* Deep understanding of how AppSec fits into modern engineering environments
* CI/CD pipelines, cloud‑native architectures, microservices and APIs
* Secure SDLC and change management practices
* Hands‑on experience with:
* Web application security
* API security
* Threat modeling
* Secure coding and code reviews
* Common AppSec tooling (SAST/DAST/SCA, secrets scanning, etc.)
Please submit your application if your profile matches the criteria.