About The Role
The Application Security Team Lead owns and evolves MO's application security capability, embedding security into engineering practices, platforms, and delivery pipelines while leading a small team of specialists. Reporting to the Cyber Security Technical Manager, the role drives secure‑by‑design principles across the software development lifecycle, including the implementation of tooling, standards, and security controls within CI/CD.
Alongside team leadership, the role acts as the hands‑on security lead for a key development area, taking end‑to‑end ownership of its security posture. Working closely with engineering, product, and platform teams, you provide deep technical expertise across design, implementation, and vulnerability management, ensuring security is pragmatic, scalable, and supports effective delivery at pace.
Key Responsibilities
* Lead and develop the application security team, setting clear priorities, building capability, and ensuring effective delivery of AppSec services.
* Own and operate our application security tooling, including SCA & SAST, ensuring effective coverage across all in‑scope applications.
* Integrate security controls into CI/CD pipelines, working with platform and engineering teams to embed automated security testing and guardrails into development workflows.
* Define, implement, and maintain secure development standards, including secure coding guidelines, threat modelling practices, and minimum‑security requirements for applications and APIs.
* Partner with engineering, platform, and product teams to embed secure‑by‑design principles into new and existing systems, providing practical, risk‑based guidance.
* Working with our Vulnerability Lead, champion the identification, triage, and remediation prioritisation of application vulnerabilities, ensuring delivery aligns with risk appetite and agreed service levels.
* Establish and track application security metrics, including vulnerability remediation timelines, tooling coverage, and overall risk reduction.
* Support secure architecture and design reviews, particularly for cloud‑native and API‑driven systems.
* Stay informed on emerging threats, technologies, and development practices (including software supply chain and AI‑assisted development), applying this knowledge to continuously improve our security posture.
* Act as the primary application security engineer for a key development team, providing hands‑on technical leadership across design, development, and operation.
* Perform deep‑dive security activities for the team, including threat modelling, code‑level reviews, and vulnerability triage/remediation support.
* Oversee and coordinate third‑party application security reviews, ensuring consistent assessment standards and effective risk management across externally developed or supplied applications.
* Plan and organise application security coverage across the team, allocating engineers to priority domains and initiatives to ensure balanced workload, clear ownership, and effective delivery of AppSec services.
About You
You are an experienced application security professional with strong technical depth and a pragmatic, delivery‑focused mindset. You operate as a player‑coach, comfortable working hands‑on while leading and developing a small team. You take end‑to‑end ownership of critical applications or domains, acting as the go‑to expert while enabling your team to deliver effectively at scale.
You have a solid understanding of modern software development practices and know how to embed security into engineering workflows without slowing delivery. You are confident working with developers, architects, product, and platform teams, translating security requirements into practical, implementable solutions.
You take ownership of outcomes, not just delivering advice, driving improvements in tooling, processes, and developer practices to measurably reduce risk. You are comfortable making risk‑based decisions and prioritising work in line with business objectives.
You communicate clearly and effectively, able to explain complex security concepts in a way that resonates with both technical and non‑technical stakeholders. You build strong relationships and are able to influence engineering teams to adopt secure‑by‑design principles.
You are naturally curious and keep pace with evolving technologies and threats, particularly in areas such as cloud‑native development, software supply chain risk, and emerging development practices including AI.
Minimum Criteria
* Considerable experience in software engineering, application security, or a related security role, with experience focused on application security.
* Experience leading, mentoring, or coaching engineers or security professionals, with the ability to build capability within a team.
* Hands‑on experience implementing and operating application security tooling, such as SAST, DAST, SCA, and secrets management.
* Experience integrating security controls into CI/CD pipelines (e.g. GitHub, AWS DevOps), including automated testing and policy enforcement.
* Strong understanding of modern software development practices, including Agile delivery, DevOps, and cloud‑native architectures.
* Practical experience with secure coding practices, threat modelling, and vulnerability management in a production environment.
* Ability to assess and prioritise security risks, balancing security requirements with business and delivery needs.
* Strong problem‑solving skills, with a track record of identifying issues and driving them through to resolution.
Benefits you can expect
* Competitive reward package including an annual discretionary bonus
* 15% non‑contributory pension (9% non‑contributory pension during probation period)
* 28 days annual leave with option to purchase and sell days
* Free fresh fruit and snacks in the office
* 1 day for volunteering
* Funded Private Medical Insurance cover
* Electric/Hybrid Car Salary Sacrifice Scheme and Cycle to Work Scheme
* Life assurance at 4 times your basic salary to give you a peace of mind that your loved ones will receive some financial help
* Funded health screening for over 50s
* Voluntary benefits: charitable giving, critical illness insurance, dental insurance, health and cancer screenings for you and your partner, discounted gym memberships and season ticket loans
* Employee Discount Scheme with an app to save on the go
* Free access to healthcare apps such as Peppy, Unmind, Aviva Digital GP and volunteering app on Hand for all employees
* Generous family leave policies
#J-18808-Ljbffr