Lead Application Security Engineer

Title: Lead Application Security Engineer

Location: Fully Remote (UK-based)

Salary: £110,000 – £130,000 base + Bonus

Sector: FinTech / Digital Consumer Finance

We’re recruiting on behalf of aUK-based FinTechthat’s simplifying how consumers engage with credit – offering digital credit cards and financial services built on cloud-native architecture and driven by data.

They are looking to hire ahighly technical, hands-on Lead Application SecurityEngineerto take full ownership of the application security landscape – not from a policy or governance standpoint, but through deep, practical expertise in identifying and fixing vulnerabilities across live systems.

This role is perfect for awhite hat hacker mindset– someone who thrives in proactively breaking applications, exposing flaws in logic, authentication, payment processing, or APIs, and using creativity (not just tooling) to harden applications from real-world threats.

What Makes This Role Stand Out?

• You’ll be hands-on: This is not a governance or compliance function. It’s about deep technical engagement with the codebase, systems, and application architecture.
• You’re walking into a mature environment: The company already has Secure SDLC and DevSecOps practices in place. This isn’t a ground-up build – it’s about stress-testing and strengthening what’s already built.
• You’ll have impact and visibility: Reporting to theCIO, with close collaboration with theHead of Information Security(compliance), you’ll shape the AppSec strategy while also getting into the code.
• You’ll build your own team: This role includes team growth – you’ll start as a leader and grow your own capability beneath you.

What You’ll Be Doing:

• Actively identifying vulnerabilities in applications, especially aroundauthentication flows, payments, and sensitive data handling
• Thinking creatively and adversarially – “breaking the app” to protect it
• Performing penetration testing, threat modelling, and secure code reviews
• Working directly with developers to integrate security best practices into an already-operational DevSecOps pipeline
• Advising on product and architectural design from a security-first lens
• Contributing to a security culture that prioritises customer trust and system integrity

What We’re Looking For:

• Deep hands-on experiencein application security – not just theory, but experience in secure coding, manual testing, and fixing complex vulnerabilities
• A proven background incredit cards, payments, or financial transaction systems
• Understanding of modern application architectures (APIs, microservices, cloud platforms – likely Azure)
• Familiarity with OWASP Top 10, SAST/DAST, and a variety of pen testing techniques
• A desire to build and lead a team, while remaining technical and practical day to day
• Right to work in the UK and ability to work remotely from within the UK

Recruitment Process:

• Initial call with Head of Engineering
• Second stage with CIO
• Final conversation and potentially a take-home exercise

If you're ready to be the attacker before the attacker is, and want to lead AppSec in an ambitious and growing FinTech, we’d love to hear from you.