Application Security Specialist

Company: Secure Source
Apply for the Application Security Specialist
Location: London
Job Description:

The Application Security Specialist exists to embed application security expertise across Europe’s products and services, supporting the Secure Development Practice and enabling a consistent ‘shift-left’ approach. The role is accountable for advancing application security capability, leading security reviews on higher-risk systems, and ensuring secure development practices are adopted across engineering teams. The post holder will act as a technical authority on application security, helping reduce vulnerability risk and improve security outcomes across both internal IT systems and customer-facing solutions.

Application security capability development (CoE contribution)

  • Contribute to establishing and operating a pan-European application security capability within the Secure Development CoE.
  • Build and maintain a network of application security practitioners across development teams.
  • Develop an understanding of current application security maturity, tooling and practices across Europe.
  • Define and promote consistent application security methodologies, patterns and practices.
  • Contribute to CoE forums, standards discussions and knowledge sharing across teams.

Application security reviews and assurance

  • Lead application security reviews for high-risk products and services.
  • Coordinate with Product Security Development Specialists to define scope, coverage and prioritisation.
  • Conduct and oversee:
  • static application security testing (SAST)
  • dynamic testing (DAST)
  • fuzz testing where appropriate
  • API and interface security reviews
  • architecture and design-level assessments
  • assessment against OWASP Top 10 and other relevant standards
  • Interpret findings and translate them into actionable remediation plans.

Secure development standards and guidance

  • Support the development and maintenance of secure coding standards across key languages such as C, C++, Java and other relevant stacks.
  • Contribute to application security policies and supporting technical documentation.
  • Provide practical guidance to developers on secure coding and remediation approaches.
  • Align standards with recognised frameworks such as OWASP and relevant secure development frameworks.

Developer enablement and training

  • Deliver and coordinate application security training for development teams.
  • Introduce internal or external specialised training content.
  • Support secure coding awareness, hands‑on workshops and threat-focused learning.
  • Act as a point of contact for development teams needing security guidance.

Security culture and shift-left adoption

  • Promote a security‑first mindset within engineering and product teams.
  • Embed security considerations into design, development and deployment processes.
  • Support early‑stage security engagement in development lifecycles.
  • Champion pragmatic and developer‑friendly security practices.

Threat and vulnerability management (product focus)

  • Support the threat and vulnerability management process across product and service lines.
  • Assist in triaging, prioritising and managing application‑level vulnerabilities.
  • Provide technical input into remediation planning and risk decisions.
  • Identify recurring issues and systemic weaknesses in development practices.

CI/CD security integration and tooling

  • Design and support secure CI/CD pipeline patterns.
  • Identify, evaluate and help implement appropriate security tooling across development pipelines.
  • Integrate SAST, DAST, SCA and other application security tools into build and release processes.
  • Support automation of security controls and checks within development workflows.
  • Contribute to the development of secure practices for AI‑enabled applications.
  • Support emerging controls and patterns related to AI model security, data handling and misuse risks.
  • Assist teams in embedding security into AI and data‑driven development processes.
  • Monitor application security trends, vulnerabilities and emerging threats.
  • Recommend improvements to processes, tooling and developer practices.
  • Contribute to maturity improvement of the Secure Development Practice.

Task level

  • Conducting application security scans and manual reviews
  • Supporting remediation of vulnerabilities
  • Producing technical findings and guidance
  • Delivering training and guidance sessions

Process and policy level

  • Designing and embedding application security processes in SDLC
  • Developing secure coding standards and review frameworks
  • Implementing security controls into CI/CD pipelines

Theoretical and cross‑disciplinary level

  • Applying secure development frameworks such as SSDF
  • Understanding application, infrastructure and data security interactions
  • Translating security theory into practical secure development practices
  • Operating across software engineering, cyber security and risk domains

Technical Skills required

  • Strong knowledge of application security principles and practices
  • Experience with SAST, DAST and software composition analysis tools
  • Knowledge of secure coding practices across languages such as Java, C, C++
  • Experience with CI/CD pipelines and DevSecOps integration
  • Threat modelling techniques and tools
  • Understanding of OWASP Top 10 and common vulnerability classes
  • Experience with API security and web application security
  • Understanding of fuzz testing and advanced testing techniques
  • Familiarity with secure AI development considerations
  • Knowledge of secure development frameworks such as SSDF
  • Understanding of vulnerability management processes

#J-18808-Ljbffr…

Posted: July 6th, 2026