Lead Application Security Engineer / Ethical Hacker / Security Researcher
Location: Fully Remote (UK-based only)
Salary: Up to £130,000 base + Bonus
Sector: FinTech – Digital Payments / Credit Platforms
About the Company
We are partnering with a UK-based FinTech at the forefront of redefining consumer credit. With a secure, cloud-native platform and a mission to simplify the customer finance experience, this business is scaling rapidly while maintaining a deep focus on technology, security, and user trust.
With a mature DevSecOps environment and Secure SDLC already in place, this is an opportunity to join a business where security is embedded, respected, and essential.
The Role
We are seeking a Lead Application Security Engineer with a strong technical background in software and payment security. This is not a governance or compliance role. You will be responsible for identifying and addressing vulnerabilities in the company’s applications – particularly across authentication and payment processing systems – using manual techniques, ethical hacking, and creative security research.
You will operate as a subject matter expert in application security, reporting directly to the CIO and working closely with the Head of Information Security (compliance-focused). The successful candidate will also have the opportunity to shape and grow a team underneath them.
Key Responsibilities
* Proactively identify application-level vulnerabilities across authentication, payment flows, and core transactional systems
* Perform manual penetration testing, code reviews, and threat modelling across a modern FinTech platform
* Collaborate with engineering teams to remediate risks and implement secure development practices
* Take ownership of the company’s application security layer and continuously assess risk exposure
* Act as a technical leader in all matters related to AppSec, working with architecture, development, and infrastructure teams
* Support and improve the existing Secure SDLC and DevSecOps environment
* Provide guidance on security in design, development, and implementation phases
Required Experience
* Demonstrable hands-on experience in application security, penetration testing, or ethical hacking
* Proven background in card payment systems, payment processing, or credit card platforms
* Strong technical understanding of web applications, APIs, authentication, and data security
* Ability to identify and exploit vulnerabilities manually – beyond commercial tools
* Knowledge of OWASP Top 10, secure coding principles, and threat modelling frameworks
* Experience working in or with high-compliance environments (e.g. PCI DSS, ISO27001)
* Comfortable working independently in a remote-first environment
* Right to work in the UK
Nice to Have
* Experience working in a FinTech, payments, or digital banking environment
* Familiarity with modern cloud environments (e.g. Azure, AWS)
* Background in software engineering, particularly in secure coding or architecture
Interview Process
* Initial conversation with Head of Engineering
* Second-stage interview with the CIO
* Final stage including a potential take-home technical exercise
What’s on Offer
* Salary up to £130,000 base + performance bonus
* Fully remote working (UK-based only)
* High-impact, high-autonomy role
* Opportunity to build and lead a growing application security function
* Join a business with a strong engineering culture and security mindset already in place