Lead Application Security Engineer / Ethical Hacker / Security Researcher
Location:Fully Remote (UK-based only)
Salary:Up to £130,000 base + Bonus
Sector:FinTech – Digital Payments / Credit Platforms
About the Company
We are partnering with a UK-based FinTech at the forefront of redefining consumer credit. With a secure, cloud-native platform and a mission to simplify the customer finance experience, this business is scaling rapidly while maintaining a deep focus on technology, security, and user trust.
With a mature DevSecOps environment and Secure SDLC already in place, this is an opportunity to join a business where security is embedded, respected, and essential.
The Role
We are seeking aLead Application Security Engineerwith a strong technical background in software and payment security. This is not a governance or compliance role. You will be responsible for identifying and addressing vulnerabilities in the company’s applications – particularly across authentication and payment processing systems – using manual techniques, ethical hacking, and creative security research.
You will operate as a subject matter expert in application security, reporting directly to the CIO and working closely with the Head of Information Security (compliance-focused). The successful candidate will also have the opportunity to shape and grow a team underneath them.
Key Responsibilities
- Proactively identify application-level vulnerabilities across authentication, payment flows, and core transactional systems
- Perform manual penetration testing, code reviews, and threat modelling across a modern FinTech platform
- Collaborate with engineering teams to remediate risks and implement secure development practices
- Take ownership of the company’s application security layer and continuously assess risk exposure
- Act as a technical leader in all matters related to AppSec, working with architecture, development, and infrastructure teams
- Support and improve the existing Secure SDLC and DevSecOps environment
- Provide guidance on security in design, development, and implementation phases
Required Experience
- Demonstrable hands-on experience inapplication security, penetration testing, or ethical hacking
- Proven background incard payment systems, payment processing, or credit card platforms
- Strong technical understanding of web applications, APIs, authentication, and data security
- Ability to identify and exploit vulnerabilities manually – beyond commercial tools
- Knowledge of OWASP Top 10, secure coding principles, and threat modelling frameworks
- Experience working in or with high-compliance environments (e.g. PCI DSS, ISO27001)
- Comfortable working independently in a remote-first environment
- Right to work in the UK
Nice to Have
- Experience working in a FinTech, payments, or digital banking environment
- Familiarity with modern cloud environments (e.g. Azure, AWS)
- Background in software engineering, particularly in secure coding or architecture
Interview Process
- Initial conversation with Head of Engineering
- Second-stage interview with the CIO
- Final stage including a potential take-home technical exercise
What’s on Offer
- Salary up to £130,000 base + performance bonus
- Fully remote working (UK-based only)
- High-impact, high-autonomy role
- Opportunity to build and lead a growing application security function
- Join a business with a strong engineering culture and security mindset already in place
