Senior Application Security Engineer

About us

Amach is an industry‑leading technology‑driven company headquartered in Dublin with remote teams in the UK and Europe. Our blended teams of local and nearshore talent are optimized to deliver high‑quality, collaborative solutions. Founded in 2013, Amach was created to solve a specific problem in aviation: too much complexity, too little usable intelligence. We help airlines modernize their operating model using cloud, data and AI‑delivered solutions with deep aviation domain expertise. Our goal is to maximize airlines’ operational efficiency by optimizing resource use, reducing costs and increasing customer experience and satisfaction.

Senior Application Security Engineer

The Senior Application Security Engineer is responsible for leading the application security practice across the organization and taking ownership of key security KPIs, with a focus on strengthening the security of software, systems, and engineering processes. This role will have a strong emphasis on embedding secure software development practices across the engineering lifecycle, including security guidance from design through deployment, integration of automated security controls into delivery pipelines, and improving the effectiveness of application security testing and assurance activities.

Note: the successful candidate will be required to go to our customers’ Central London office 2 days per week.

Key responsibilities & duties include:

• Lead the application security practice and take ownership of key security KPIs, driving measurable improvements in application security maturity
• Work with engineering and product teams to embed secure development practices from design through deployment, providing expert guidance on secure architecture and design decisions
• Facilitate threat modelling sessions and review security‑sensitive decisions around authentication, cryptography, and logging
• Integrate and configure automated security tooling (SAST, DAST, SCA) and oversee testing programs (penetration testing, vulnerability scanning, bug bounty) to ensure effectiveness and efficiency
• Triage vulnerabilities and support engineering teams with practical remediation and mitigation plans
• Deliver training, raise awareness, and champion secure‑by‑default practices across the organization
• Contribute to documentation, internal security standards and engineering processes
• Support internal and external audits and promote a strong security culture across the organization

Required skills

• 8+ years of experience in application security, software engineering, and/or product security, with strong hands‑on experience in secure software development environments
• Proficiency in coding and scripting (Python, Bash), with working knowledge of tools and automation in environments such as GitHub‑based delivery pipelines
• Demonstrable experience leading or shaping application security practices across engineering teams
• Strong understanding of web and API vulnerabilities, including the OWASP Top 10 and common modern application attack patterns
• Familiarity with modern cloud‑native environments (especially AWS), as well as containers and microservices architectures
• Experience working closely with software engineers and product teams to embed security into day‑to‑day development practices
• Proven experience reviewing security‑sensitive technical designs, including areas such as authentication, cryptography and logging
• Hands‑on experience integrating and tuning application security tooling such as SAST, DAST and SCA within CI/CD workflows
• Experience supporting or evaluating security testing programmes such as penetration testing, vulnerability scanning and bug bounty
• Practical experience triaging vulnerabilities and working with engineering teams on realistic remediation and mitigation plans
• Comfortable acting as the go‑to person for technical security discussions and presenting clearly to senior technical and non‑technical stakeholders
• Strong communicator with the ability to provide expert guidance, training, and practical advice that promotes secure‑by‑default engineering behaviours

Desirable skills

• Experience automating security controls and checks in modern software delivery pipelines
• Confidence reviewing application and platform designs from a security perspective
• Ability to explain security risks and recommendations clearly to both technical and non‑technical stakeholders
• Strong collaboration skills and a practical, engineering‑focused approach to improving security outcomes

What’s in it for you

• An opportunity to join a fast‑growing company
• Options for career advancement
• Learning and development opportunities
• Flexible working environment
• Competitive salaries based on experience

Equal Opportunity Employer

Amach is an equal opportunity employer and makes employment decisions on the basis of merit. We celebrate diversity and are committed to creating an inclusive environment for all employees. This job description is intended to convey essential responsibilities and qualifications for this role, but it is not an exhaustive list of tasks that an employee may be required to perform.

Your personal data

Amach will process your personal information in accordance with the EU’s General Data Protection Regulation (GDPR). We will comply with data protection law and principles, which means that your data will be:

• Used lawfully, fairly and in a transparent way
• Collected only for valid purposes and not used in any way that is incompatible with those purposes
• Relevant to the purposes we have told you about and limited only to those purposes
• Accurate and kept up to date
• Kept only as long as necessary for the purposes we have told you about
• Kept securely

If you would like to contact us about your data, please use the following address: info@amach.com

#J-18808-Ljbffr…