We’re looking for a talented and passionate Senior Application Security Engineer to join our security engineering team. You’ll have a background in software engineering and a deep interest in application and API security. You thrive on collaboration, enjoy helping others grow, and see security as an enabler — not a blocker. You’ll be an AppSec advocate who supports our engineers in identifying and addressing security issues across the software development lifecycle.
Responsibilities
- Lead the application security practice within the Loyalty division security team, taking responsibility for key security KPIs in this area.
- Champion secure software development by working closely with engineers and product teams, embedding security practices into our engineering culture.
- Provide training, offer expert advice, and drive awareness of security from the earliest stages of design through to deployment.
- Help integrate automated security tooling and checks into our CI/CD pipelines, facilitate threat modelling sessions, and review security‑sensitive design decisions around authentication, cryptography, and logging.
- Ensure tools such as SAST, DAST, and SCA are effective and efficient, and that testing programmes—including pen testing, vulnerability scanning, and bug bounty—are delivering value.
- Triage vulnerabilities, support engineering teams with practical mitigations, and contribute to documentation that strengthens our internal standards and processes.
- Maintain a strong security culture and support internal and external audits where needed.
Qualifications
- Experience in software engineering, with a strong security mindset.
- Deep understanding of web and API vulnerabilities, including the OWASP Top 10.
- Proficient in coding, scripting (e.g., Python, Bash), and automating security in CI/CD.
- Hands‑on experience with security tools like SAST, DAST, and SCA.
- Familiar with cloud environments (especially AWS), containers, and microservices.
- Comfortable reviewing technical designs, performing threat modelling, and advising on secure architecture.
- Strong communicator who collaborates well with engineers and promotes secure‑by‑default practices.
We might not be right for you if you only want to focus on your to‑do list, lack fast iteration, or want to create but not build. This is an end‑to‑end role where you need to own your space from ideation through delivery and review.
This role will work as part of our Loyalty Division and is based out of our London office. We call our approach to hybrid working “The Blend”‑it’s about giving you the flexibility to choose where you do your best work, while staying connected with your team. You should be prepared to spend at least two days per week in the office, with the rest of the time working from home.
We actively encourage applications from people with different experiences and backgrounds and are committed to ensuring our recruitment process is fair, inclusive, and accessible.
#J-18808-Ljbffr…