Social network you want to login/join with:
Lead Application Security Engineer, cheltenham
col-narrow-left
Client:
WeDo
Location:
Job Category:
Other
-
EU work permit required:
Yes
col-narrow-right
Job Views:
5
Posted:
26.06.2025
Expiry Date:
10.08.2025
col-wide
Job Description:
Title: Lead Application Security Engineer
Location: Fully Remote (UK-based)
Sector: FinTech / Digital Consumer Finance
We’re recruiting on behalf of a
UK-based FinTech
that’s simplifying how consumers engage with credit – offering digital credit cards and financial services built on cloud-native architecture and driven by data.
They are looking to hire a
highly technical, hands-on Lead Application Security
Engineer
to take full ownership of the application security landscape – not from a policy or governance standpoint, but through deep, practical expertise in identifying and fixing vulnerabilities across live systems.
This role is perfect for a
white hat hacker mindset
– someone who thrives in proactively breaking applications, exposing flaws in logic, authentication, payment processing, or APIs, and using creativity (not just tooling) to harden applications from real-world threats.
What Makes This Role Stand Out?
You’ll be hands-on : This is not a governance or compliance function. It’s about deep technical engagement with the codebase, systems, and application architecture.
You’re walking into a mature environment : The company already has Secure SDLC and DevSecOps practices in place. This isn’t a ground-up build – it’s about stress-testing and strengthening what’s already built.
You’ll have impact and visibility : Reporting to the
CIO , with close collaboration with the
Head of Information Security
(compliance), you’ll shape the AppSec strategy while also getting into the code.
You’ll build your own team : This role includes team growth – you’ll start as a leader and grow your own capability beneath you.
What You’ll Be Doing:
Actively identifying vulnerabilities in applications, especially around
authentication flows, payments, and sensitive data handling
Thinking creatively and adversarially – “breaking the app” to protect it
Performing penetration testing, threat modelling, and secure code reviews
Working directly with developers to integrate security best practices into an already-operational DevSecOps pipeline
Advising on product and architectural design from a security-first lens
Contributing to a security culture that prioritises customer trust and system integrity
What We’re Looking For:
Deep hands-on experience
in application security – not just theory, but experience in secure coding, manual testing, and fixing complex vulnerabilities
A proven background in
credit cards, payments, or financial transaction systems
Understanding of modern application architectures (APIs, microservices, cloud platforms – likely Azure)
Familiarity with OWASP Top 10, SAST/DAST, and a variety of pen testing techniques
A desire to build and lead a team, while remaining technical and practical day to day
Right to work in the UK and ability to work remotely from within the UK
Recruitment Process:
Initial call with Head of Engineering
Second stage with CIO
Final conversation and potentially a take-home exercise
If you're ready to be the attacker before the attacker is, and want to lead AppSec in an ambitious and growing FinTech, we’d love to hear from you.
#J-18808-Ljbffr
