Senior Application Security Engineer

REAL Technical Solutions Limited
Charing Cross, United Kingdom
2 days ago

Role details

Contract type
Temporary contract
Employment type
Part-time (≤ 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
£ 135K

Job location

Charing Cross, United Kingdom

Tech stack

Computer Security
Continuous Integration
Systems Development Life Cycle
Software Vulnerability Management
Software Security
Static Application Security Testing
Dynamic Application Security Testing

Job description

A global leading financial payments provider is seeking an experienced Senior Application (Product) Security Engineer to join their ever evolving Cyber team to help them unleash the potential of every business., * The Senior Product Security Engineer is the primary partner for embedding security into every phase of the product life cycle.

  • From design and development to deployment and maintenance.
  • You will work closely with engineering, product management, and compliance teams to ensure products are secure by design and resilient in production.
  • You will define and implement security policies, manage vulnerability backlogs, and lead threat modelling and incident response efforts.

Responsibilities for the Senior Application Security Engineer:

  • Define and implement security policies and tooling across the product life cycle, from design and development to deployment and maintenance.
  • Lead threat modelling for new and existing applications, guiding teams and ensuring outputs are documented and tracked.
  • Manage the product vulnerability backlog, prioritizing remediation of high and critical vulnerabilities, and tracking key metrics such as open vulnerabilities, SLA compliance, and average age of vulnerabilities.
  • Coordinate bug bounty findings and ensure timely remediation.
  • Conduct root cause analysis (RCA) for security incidents and systemic vulnerabilities, using insights to drive developer training and systemic fixes.
  • Drive incident response efforts as Investigation Lead or Incident Commander, including facilitating tabletop exercises to test and improve incident readiness.

Requirements

Experience across various areas of security including AppSec within payment card industry.

Awareness of Secure SDLC practices

Hands on Security Engineer, who has experience handling development of scans, configurations on CICD pipeline and threat modelling - confident enough to handle technical aspects around these areas. A good understanding of the overall security space and associated services., * Deep expertise in vulnerability management, threat modelling, security architecture, and secure SDLC practices.

  • Strong background in incident response, root cause analysis, and bug bounty program management.
  • Excellent communication and stakeholder management skills, with experience driving cross-functional initiatives.
  • Experience with third-party risk management, security assessments, and regulatory compliance.
  • Experience working with CI/CD teams to implement new security technologies in the pipeline. Including SAST, DAST, and SCA tools.
  • Experience partnering with cross-functional teams to deliver impactful security initiative.

Apply for this position