Application Security Engineer

• 6+ years’ experience in application security, security engineering, or software engineering with a strong AppSec focus • Demonstrated experience designing or operating Secure SDLC practices in fast-moving product teams • Hands-on expertise in web and API security, including authentication, authorisation, data flows, and common vulnerability classes • Proven experience integrating SAST, DAST, and SCA into CI/CD pipelines • Strong threat modelling and secure design skills for complex, cloud-native systems • Experience with modern backend and frontend or mobile stacks (e.g. JVM, Node.js, Go, TypeScript) • Familiarity with AWS and cloud-native architectures (IAM, KMS, containers, microservices) • Clear, pragmatic communication skills and the ability to influence through partnership rather than mandate • Experience in fintech, payments, or other regulated environments • Familiarity with OWASP ASVS, OWASP Top 10, PCI DSS, DORA, or ISO 27001 • Exposure to mobile security, API gateways, WAFs, or infrastructure-as-code • Security or cloud certifications (e.g. OSWE, OSCP, CSSLP, CISSP, AWS Security) • Ways of working • Extreme ownership: You take end-to-end responsibility for outcomes, not just findings or tooling output • Pragmatic and delivery-aware: You balance risk reduction with product velocity, focusing on changes that materially reduce risk • Low-ego and collaborative: You build trust with engineers, product, and operations teams, influencing through credibility and partnership • Impact-driven: You measure success through outcomes—risk reduction, adoption, and time-to-remediate—not activity • Data-informed: You use metrics and trends to guide priorities and demonstrate impact • High bar for craft: You produce clear documentation, reusable patterns, and automation that scale across teams • AI-first mindset: You actively look for opportunities to use automation and AI to improve security outcomes