Lead Application Security Engineer

JR United Kingdom
Brighton
7 months ago
Applications closed

Related Jobs

View all jobs

Technical Programme Manager

Cybersecurity Specialist

Senior DevSecOps Engineer - Outside IR35

Senior AI Automation Engineer

BIM Manager

Senior Customer Deployment Specialist

Social network you want to login/join with:
Lead Application Security Engineer, brighton col-narrow-left
Client: WeDo
Location: brighton, United Kingdom
Job Category: Other
-
EU work permit required: Yes
col-narrow-right
Job Views: 5
Posted: 26.06.2025
Expiry Date: 10.08.2025
col-wide
Job Description: Title: Lead Application Security Engineer
Location: Fully Remote (UK-based)
Sector: FinTech / Digital Consumer Finance
We’re recruiting on behalf of a UK-based FinTech that’s simplifying how consumers engage with credit – offering digital credit cards and financial services built on cloud-native architecture and driven by data.
They are looking to hire a highly technical, hands-on Lead Application Security Engineer to take full ownership of the application security landscape – not from a policy or governance standpoint, but through deep, practical expertise in identifying and fixing vulnerabilities across live systems.
This role is perfect for a white hat hacker mindset – someone who thrives in proactively breaking applications, exposing flaws in logic, authentication, payment processing, or APIs, and using creativity (not just tooling) to harden applications from real-world threats.
What Makes This Role Stand Out?
You’ll be hands-on : This is not a governance or compliance function. It’s about deep technical engagement with the codebase, systems, and application architecture.
You’re walking into a mature environment : The company already has Secure SDLC and DevSecOps practices in place. This isn’t a ground-up build – it’s about stress-testing and strengthening what’s already built.
You’ll have impact and visibility : Reporting to the CIO , with close collaboration with the Head of Information Security (compliance), you’ll shape the AppSec strategy while also getting into the code.
You’ll build your own team : This role includes team growth – you’ll start as a leader and grow your own capability beneath you.
What You’ll Be Doing:
Actively identifying vulnerabilities in applications, especially around authentication flows, payments, and sensitive data handling
Thinking creatively and adversarially – “breaking the app” to protect it
Performing penetration testing, threat modelling, and secure code reviews
Working directly with developers to integrate security best practices into an already-operational DevSecOps pipeline
Advising on product and architectural design from a security-first lens
Contributing to a security culture that prioritises customer trust and system integrity
What We’re Looking For:
Deep hands-on experience in application security – not just theory, but experience in secure coding, manual testing, and fixing complex vulnerabilities
A proven background in credit cards, payments, or financial transaction systems
Understanding of modern application architectures (APIs, microservices, cloud platforms – likely Azure)
Familiarity with OWASP Top 10, SAST/DAST, and a variety of pen testing techniques
A desire to build and lead a team, while remaining technical and practical day to day
Right to work in the UK and ability to work remotely from within the UK
Recruitment Process:
Initial call with Head of Engineering
Second stage with CIO
Final conversation and potentially a take-home exercise
If you're ready to be the attacker before the attacker is, and want to lead AppSec in an ambitious and growing FinTech, we’d love to hear from you.

#J-18808-Ljbffr

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Careers

How Many Cyber Security Tools Do You Need to Know to Get a Cyber Security Job?

If you are trying to build or move forward in a cyber security career, it can feel like the list of tools you are expected to know never ends. One job advert asks for SIEM platforms, another mentions penetration testing tools, another lists cloud security, threat intelligence platforms, endpoint detection, scripting languages and compliance frameworks. Scroll LinkedIn and it gets worse. Everyone seems to “know” dozens of tools, certifications and platforms. Here is the reality most cyber security hiring managers agree on: they are not hiring you because you know every tool. They are hiring you because you understand risk, can think like an attacker and a defender, follow process, communicate clearly and make good decisions under pressure. Tools matter — but only when they support those outcomes. So how many cyber security tools do you actually need to know to get a job? For most job seekers, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific and how to focus your learning so you look credible, not overwhelmed.

Jobs

What Hiring Managers Look for First in Cyber Security Job Applications (UK Guide)

If you want to stand out in the highly competitive world of cyber security job applications, you need to understand what hiring managers look for before they even finish reading a CV. Cyber security hiring managers scan applications quickly and with specific priorities in mind. They assess not just your technical ability, but your judgement, professionalism, clarity, risk awareness and evidence of impact. This guide explains what hiring managers look for first in cyber security applications across roles like Security Analyst, Security Engineer, Penetration Tester, Incident Responder, Security Architect, Governance Risk and Compliance specialists and Cloud Security positions. Use this as a practical, step-by-step checklist to sharpen your CV, LinkedIn profile, cover letter and portfolio before you apply on www.cybersecurityjobs.tech .

Education

The Skills Gap in Cyber Security Jobs: What Universities Aren’t Teaching

Cyber security has become one of the most critical disciplines in the modern economy. From protecting financial systems and healthcare data to securing national infrastructure, cloud platforms and supply chains, cyber security professionals now sit at the frontline of digital trust. Demand for cyber security talent in the UK has surged. Job vacancies remain high, salaries continue to rise, and organisations across every sector report difficulty hiring skilled professionals. Yet despite this demand, many graduates struggle to break into cyber security roles and employers consistently report that candidates are not job-ready. The problem is not intelligence, ambition or academic effort. It is a persistent and widening skills gap between university education and real-world cyber security work. This article explores that gap in depth: what universities teach well, what they routinely miss, why the gap exists, what employers actually want, and how jobseekers can bridge the divide to build sustainable careers in cyber security.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.