Title: Lead Application Security Engineer
Location: Fully Remote (UK-based)
Salary: £110,000 – £130,000 base + Bonus
Sector: FinTech / Digital Consumer Finance
We’re recruiting on behalf of a UK-based FinTech that’s simplifying how consumers engage with credit – offering digital credit cards and financial services built on cloud-native architecture and driven by data.
They are looking to hire a highly technical, hands-on Lead Application Security Engineer to take full ownership of the application security landscape – not from a policy or governance standpoint, but through deep, practical expertise in identifying and fixing vulnerabilities across live systems.
This role is perfect for a white hat hacker mindset – someone who thrives in proactively breaking applications, exposing flaws in logic, authentication, payment processing, or APIs, and using creativity (not just tooling) to harden applications from real-world threats.
What Makes This Role Stand Out?
* You’ll be hands-on: This is not a governance or compliance function. It’s about deep technical engagement with the codebase, systems, and application architecture.
* You’re walking into a mature environment: The company already has Secure SDLC and DevSecOps practices in place. This isn’t a ground-up build – it’s about stress-testing and strengthening what’s already built.
* You’ll have impact and visibility: Reporting to the CIO, with close collaboration with the Head of Information Security (compliance), you’ll shape the AppSec strategy while also getting into the code.
* You’ll build your own team: This role includes team growth – you’ll start as a leader and grow your own capability beneath you.
What You’ll Be Doing:
* Actively identifying vulnerabilities in applications, especially around authentication flows, payments, and sensitive data handling
* Thinking creatively and adversarially – “breaking the app” to protect it
* Performing penetration testing, threat modelling, and secure code reviews
* Working directly with developers to integrate security best practices into an already-operational DevSecOps pipeline
* Advising on product and architectural design from a security-first lens
* Contributing to a security culture that prioritises customer trust and system integrity
What We’re Looking For:
* Deep hands-on experience in application security – not just theory, but experience in secure coding, manual testing, and fixing complex vulnerabilities
* A proven background in credit cards, payments, or financial transaction systems
* Understanding of modern application architectures (APIs, microservices, cloud platforms – likely Azure)
* Familiarity with OWASP Top 10, SAST/DAST, and a variety of pen testing techniques
* A desire to build and lead a team, while remaining technical and practical day to day
* Right to work in the UK and ability to work remotely from within the UK
Recruitment Process:
* Initial call with Head of Engineering
* Second stage with CIO
* Final conversation and potentially a take-home exercise
If you're ready to be the attacker before the attacker is, and want to lead AppSec in an ambitious and growing FinTech, we’d love to hear from you.