National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Lead Application Security Engineer

WeDo
Sheffield
2 weeks ago
Applications closed

Related Jobs

View all jobs

Lead Application Security Engineer

Senior Application Security Engineer

Senior Application Security Engineer @ IAG Loyalty

Senior Application Security Engineer

Application Security Engineering Lead | Glasgow, UK

Application Security Engineering Lead

Lead Application Security Engineer / Ethical Hacker / Security Researcher


Location:Fully Remote (UK-based only)

Salary:Up to £130,000 base + Bonus

Sector:FinTech – Digital Payments / Credit Platforms


About the Company

We are partnering with a UK-based FinTech at the forefront of redefining consumer credit. With a secure, cloud-native platform and a mission to simplify the customer finance experience, this business is scaling rapidly while maintaining a deep focus on technology, security, and user trust.

With a mature DevSecOps environment and Secure SDLC already in place, this is an opportunity to join a business where security is embedded, respected, and essential.


The Role

We are seeking aLead Application Security Engineerwith a strong technical background in software and payment security. This is not a governance or compliance role. You will be responsible for identifying and addressing vulnerabilities in the company’s applications – particularly across authentication and payment processing systems – using manual techniques, ethical hacking, and creative security research.

You will operate as a subject matter expert in application security, reporting directly to the CIO and working closely with the Head of Information Security (compliance-focused). The successful candidate will also have the opportunity to shape and grow a team underneath them.


Key Responsibilities

  • Proactively identify application-level vulnerabilities across authentication, payment flows, and core transactional systems
  • Perform manual penetration testing, code reviews, and threat modelling across a modern FinTech platform
  • Collaborate with engineering teams to remediate risks and implement secure development practices
  • Take ownership of the company’s application security layer and continuously assess risk exposure
  • Act as a technical leader in all matters related to AppSec, working with architecture, development, and infrastructure teams
  • Support and improve the existing Secure SDLC and DevSecOps environment
  • Provide guidance on security in design, development, and implementation phases


Required Experience

  • Demonstrable hands-on experience inapplication security, penetration testing, or ethical hacking
  • Proven background incard payment systems, payment processing, or credit card platforms
  • Strong technical understanding of web applications, APIs, authentication, and data security
  • Ability to identify and exploit vulnerabilities manually – beyond commercial tools
  • Knowledge of OWASP Top 10, secure coding principles, and threat modelling frameworks
  • Experience working in or with high-compliance environments (e.g. PCI DSS, ISO27001)
  • Comfortable working independently in a remote-first environment
  • Right to work in the UK


Nice to Have

  • Experience working in a FinTech, payments, or digital banking environment
  • Familiarity with modern cloud environments (e.g. Azure, AWS)
  • Background in software engineering, particularly in secure coding or architecture


Interview Process

  • Initial conversation with Head of Engineering
  • Second-stage interview with the CIO
  • Final stage including a potential take-home technical exercise


What’s on Offer

  • Salary up to £130,000 base + performance bonus
  • Fully remote working (UK-based only)
  • High-impact, high-autonomy role
  • Opportunity to build and lead a growing application security function
  • Join a business with a strong engineering culture and security mindset already in place
National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Cyber Security Jobs Skills Radar 2026: Emerging Frameworks, Tools & Certifications to Learn Now

Cyber threats are evolving—and so must the people defending against them. As ransomware, AI-enhanced phishing, and supply chain attacks grow more advanced, UK employers are urgently hiring cyber security professionals with the right mix of strategic and hands-on skills. Welcome to the Cyber Security Jobs Skills Radar 2026, your go-to guide for the most in-demand tools, frameworks, certifications, and technologies shaping the UK's cyber workforce. Whether you're a SOC analyst, penetration tester, or cloud security architect, this annual radar is designed to help you stay ahead of the market.

How to Find Hidden Cyber Security Jobs in the UK Using Professional Bodies like BCS, CIISec & More

The demand for skilled cyber security professionals in the UK has never been higher. With threats increasing in sophistication and frequency, organisations are urgently hiring ethical hackers, threat analysts, GRC specialists, and security architects. But many of the most valuable roles—particularly in government, defence, and critical infrastructure—are never publicly advertised. Instead, these jobs are shared behind the scenes through trusted networks, private communities, and professional bodies. In this article, we explore how to uncover hidden cyber security jobs in the UK using organisations like the BCS (The Chartered Institute for IT), CIISec (The Chartered Institute of Information Security), ISACA, and ISC² UK Chapter. We’ll show you how to use membership directories, special interest groups, CPD events and informal networks to gain early access to roles most people never see.

How to Get a Better Cyber Security Job After a Lay-Off or Redundancy

Redundancy is never easy—especially in a fast-moving field like cyber security, where your skills and experience are constantly evolving. But if you’ve recently been made redundant from a cyber security role, know this: the UK cyber workforce remains in high demand, and your expertise is more valuable than ever. Whether you’re a SOC analyst, penetration tester, incident responder, security architect or GRC specialist, there are still thousands of opportunities across sectors including finance, defence, government, retail, and critical infrastructure. This guide will help you turn redundancy into a career relaunch, with a clear action plan tailored to the UK cyber security job market.