Application Security Engineer

Requirements

• 3+ years in application security, DevSecOps, and secure software development
• Hands‑on experience with CI/CD security integration (GitLab CI or similar)
• Familiarity with SAST/DAST tooling and dependency scanning
• Understanding of common vulnerabilities (OWASP Top 10) and remediation
• Previous experience working as a back end or full stack developer
• Knowledge of GDPR and data protection legislation
• Strong communicator; able to translate security requirements for developers
• (Desirable) Development background with security focus
• (Desirable) Familiarity with SIEM platforms (Snowbit, Splunk, Sentinel)
• (Desirable) Experience with CSPM tooling (Wiz, Prisma Cloud, or similar)
• (Desirable) Penetration testing or bug bounty experience
• (Desirable) Experience in regulated environments (healthcare, financial services)
• (Desirable) Familiarity with threat modelling frameworks (STRIDE, PASTA)

What the job involves

• You will own security across the software development lifecycle, embedding automated security testing into CI/CD pipelines and enabling development teams to ship secure code quickly
• This role works closely with UK and France engineering teams
• As an experienced Application Security Engineer, your working day will include but not be limited to: DevSecOps & Pipeline Security:
• Implement and maintain security testing in GitLab CI pipelines
• Configure and tune SAST, DAST, dependency scanning, and secrets detection
• Build automated security gates that balance rigour with delivery velocity
• Enable self‑serve security tooling for development teams
• Contribute code and patches to security tooling and configurations
• Secure Development:
• Define and enforce secure coding standards
• Conduct security‑focused code reviews and threat modelling for new features
• Provide remediation guidance for application vulnerabilities
• Train and support developers on secure coding practices
• Vulnerability Management:
• Triage, patch and track application vulnerabilities through to remediation
• Manage dependency vulnerabilities and upgrade cycles
• Report on application security posture to senior leadership
• Risk & Compliance:
• Embed GDPR and healthcare regulatory requirements into development processes
• Support DCB0129 clinical safety compliance for software changes
• Support customer security due diligence and audits
• Support ISO27001:2022 ISMS controls and audit process

#J-18808-Ljbffr…