National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Senior Application Security Engineer

Copper.co
Greater London
1 year ago
Create job alert

Copper is a digital asset technology company dedicated to helping institutional investors safely acquire, trade, and store crypto assets.

Built and led by Dmitry Tokarev, a software and financial engineering specialist, the firm provides a comprehensive suite of custody, trading and settlement solutions that reduce counterparty risk and bring greater capital and operational efficiency to digital asset markets. At the heart of Copper's offering is Multi-Party Computation (MPC) technology – the gold standard in secure custody. Copper’s multi-award winning custody system is unique in that it can be connected to centralised exchanges, DeFi applications and even staking pools without the assets leaving the custody.

Built on top of this state-of-the-art custody, ClearLoop is the first solution in the market that overcomes a growing industry challenge; counterparty risk with exchanges. This solution underpins a full prime services offering, connecting global exchanges and enabling customers to trade and settle directly from the safety of their MPC-secured wallets. By reducing settlement time for transfers to a few milliseconds (without blockchain network dependency) and offering enhanced security measures, ClearLoop is rapidly reshaping the way asset managers trade and manage capital.

In addition to industry-leading security certifications, Copper has one of the strongest insurance coverages in the industry from an A+ rated insurer, positioning the firm as the partner of choice for institutions seeking to safeguard their assets.

Department environment

Copper's Information Security department keep the business' systems and network resources secure and protect the company, employees, and client data.The Senior Application Security Engineer is a key role within Copper's Information Security department, focusing on all technical and process aspects of Copper's SDLC. This role involves triaging vulnerabilities, collaborating with engineering teams and other information security teams to harden systems, deployments, code, and the improvement of processes & implementation within Copper's CI/CD cycle.Senior Application Security Engineers work closely with all engineering teams and under the guidance of the Head of Application Security to ensure security standards are baked into Copper's processes, providing the necessary guard rails for rapid, but secure development in a rapidly evolving industry.

Key Responsibilities of the role

Ownership of vulnerability process, tracking and remediation efforts within the engineering department. Champion for secure coding and infrastructure deployment(s) within Copper’s development community, actively promoting "well architected" best practices and security initiatives within Copper. Provide insight into emerging technologies and relevant domain areas, assessing their impact on Copper’s current security posture. Provide detailed insight into domain specific topics, becoming Copper’s trusted SME on given security (or technical) topics where required. Own the design and implementation of technical, scalable solutions to address current posture weaknesses, whether team or department based. Ownership of multiple security tools and associated vendor relationships. Responsible for ensuring effective integration of tooling into Copper’s SDLC and on-going BAU operation is automated and scalable. Design and implement technical, repeatable, and scalable solutions to address current posture weaknesses across Copper’s estate. Engage with numerous stakeholders to ensure security posture weaknesses (risks) are effectively understood and plans for their mitigation are in place, fostering close relationships with key engineering teams to facilitate remediation(s). Create, improve, and advocate for security controls and policies within the wider business, in-line with industry-defined best practices and ensure these requirements are effectively understood and adhered to. 

Your experience, skills and knowledge

Essential

Cloud Native:Detailed knowledge of AWS services and their configuration/operation. Practical experience with security or technically focused projects a must.Secure by Design:In-depth experience working with cloud ‘secure default’ design patterns and their knowledge of their implementation. Expertise with different threat & vulnerability classes and associated systemic solutions, removing the possibility of vulnerabilities before they can manifest.Domain Knowledge:Strong understanding of the S-SDLC. Intimate knowledge of security-specific tooling domains (e.g. SCA, SAST, DAST, MAST) and their effective integration within the S-SDLC. Awareness of microservice architecture and associated common deployment patterns a must.Security Industry Knowledge:Deep familiarity with security standards & frameworks e.g., OWASP, MITRE Attack etc and their practical application.Technical Ability:Hands-on experience with scripting elegant, scalable solutions to encountered problems, and prior experience implementing and/or reviewing terraform for infrastructure deployments (e.g., EC2, networking or lambda) a must; implementation and enforcement of standards in code.Tooling Proficiency:Hands-on experience with security tooling, REST APIs, Docker, Linux, Git and scripting language(s) of choice.Strategy-Led Thinking: Previous experience owning the implementation of top-level strategy deliverables and developing work-items that adhere to the wider-organisational goals. Prior experience designing and collaborating on team-strategies a plus.Risk-First Decision Making:Strong analytical thinking with prior experience providing materials and insight on complex security topics to risk-focused committees and stakeholders alike. Comfortable contextualising information against wider risk-landscape.Communication: Exceptional ability to articulate security concepts to a diverse audience, including senior stakeholders, both technical and non-technical.

Desirable

Application Development:Experience with software engineering considered a plus.Relevant Certifications:AWS Certified Solutions Architect, AWS Security Speciality, CompTIA CASP+ and other relevant specialist cloud certifications. Advanced training courses (CISMP, CISSP, InfoSec MSc, etc.) a plus.InfoSec Alignment:Involvement or membership with industry bodies. Experience with Incident Response, Penetration testing, or security architecture a plus.CopperIndustry Alignment: Awareness of key trends and happenings in broader cryptocurrency and digital asset industry, and company relevant training (Web3, Blockchain, DeFi, Smart Contracts, etc.)Management: Experience managing direct reports, incl. performance reviews a plus.

The benefits offered

Holidays: 27 days per annum paid holiday, in addition to bank holidays Years of Service Days: Employees are awarded one additional day of paid time off per year of service (up to three years) Vitality Health: Medical Insurance: Copper provides all employees with individual cover. Medical history is disregarded, and a 24/7 virtual GP is available (£100 excess per person per year)Dental Insurance: Comprehensive dental cover for preventative, restorative and emergency treatmentAudiology Cover: Employees can claim back up 80% of costs, up to £300, for any hearing tests or hearing aidsOptical Cover: £500 optical cover (through Vision Express) or 80% reimbursement up to £300 for any other opticianMenopause Support: Unlimited support for those experiencing symptoms of the menopause, such as video consultations with a dedicated menopause practitionerVitality services also include an additional £100 for minor diagnostic tests and private prescriptions, including home diagnosticsHeadspace - Copper's policy provides all employees with a free Headspace subscription. Headspace provides great resources to manage stress, improve sleep, meditate and enhance mindfulnessDiscounts and free benefits - the Vitality programme has been designed for preventative care to encourage members to improve their overall health and will reward those for doing so. Employees can access additional benefits such as 50% off running shoes, discounted health screenings, 50% off at Nuffield Health or Virgin Active gyms and much more Home Working Energy Support Scheme: to combat energy prices increasing globally, Copper will provide you, in addition to your salary, with a monthly top-up of £60 or £75 (subject to your energy supplier) Pension up to 10% matched contribution to our company pension scheme via Smart Pensions Cycle to Work Life Insurance cover: Four times your base salary EAP: access unlimited mental health consultations and contact a 24/7 confidential helpline for emotional support Unmind Sponsored Learning and Development opportunities Regular company events and social activities

In return for everything you can bring to Copper, we can offer you an exciting, challenging role in a fast-growing and dynamic business, with career opportunities and welcoming working environment.

If you think you have everything we're looking for and more, then we'd love you to apply for the opportunity.

Copper is an equal opportunity employer. We embrace diversity and equal opportunities in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be. So, bring us your experience, perspectives, and skills. It is in our differences that we will continue to grow and ensure Copper is transforming how institutional investors engage with digital assets. Copper is a Disability Confident Employer, please let us know if you have a disability. If you require us to provide any assistance during the recruitment process, then we would ask you to highlight this to us and we will be happy to accommodate.

Related Jobs

View all jobs

Senior Application Security Engineer

Senior Application Security Engineer

Senior Application Security Engineer

Senior Application Security Engineer

Senior Application Security Engineer

Lead Application Security Engineer

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

10 Cyber Security Recruitment Agencies in the UK You Should Know (2025 Job‑Seeker Guide)

UK cyber security hiring remains resilient in 2025, driven by nation-state threats, cloud security investments, and NCSC regulatory pressures. Lightcast reports +42 % YoY growth in UK roles mentioning “SOC”, “cyber risk”, “offensive security” or “GRC”. Yet despite 30,000 active cyber professionals, monthly live vacancies remain in the 2,500–2,900 range. The result: strong demand across public and private sector. We reviewed 50 + consultancies and included only those that: Are registered in the UK (Companies House) Operate a dedicated Cyber Security / InfoSec / Risk & Compliance desk Posted at least 5 UK cyber security roles between March and June 2025 This guide includes 2025 salary ranges, key skills, interview prep tips, and a verified recruiter directory.

Cyber Security Jobs Skills Radar 2026: Emerging Frameworks, Tools & Certifications to Learn Now

Cyber threats are evolving—and so must the people defending against them. As ransomware, AI-enhanced phishing, and supply chain attacks grow more advanced, UK employers are urgently hiring cyber security professionals with the right mix of strategic and hands-on skills. Welcome to the Cyber Security Jobs Skills Radar 2026, your go-to guide for the most in-demand tools, frameworks, certifications, and technologies shaping the UK's cyber workforce. Whether you're a SOC analyst, penetration tester, or cloud security architect, this annual radar is designed to help you stay ahead of the market.

How to Find Hidden Cyber Security Jobs in the UK Using Professional Bodies like BCS, CIISec & More

The demand for skilled cyber security professionals in the UK has never been higher. With threats increasing in sophistication and frequency, organisations are urgently hiring ethical hackers, threat analysts, GRC specialists, and security architects. But many of the most valuable roles—particularly in government, defence, and critical infrastructure—are never publicly advertised. Instead, these jobs are shared behind the scenes through trusted networks, private communities, and professional bodies. In this article, we explore how to uncover hidden cyber security jobs in the UK using organisations like the BCS (The Chartered Institute for IT), CIISec (The Chartered Institute of Information Security), ISACA, and ISC² UK Chapter. We’ll show you how to use membership directories, special interest groups, CPD events and informal networks to gain early access to roles most people never see.