giffgaff
This role is a 12 Month Fixed Term Contract. As a Senior Application Security Engineer at giffgaff, you'll play a pivotal role in shaping how we build and deliver secure digital experiences for our members. You'll act as the go-to expert for application security, helping engineering teams confidently ship software that is secure by design, while balancing risk with pace and innovation. In this role, you'll embed security into every stage of the development lifecycle, from early threat modelling through to secure code reviews and vulnerability management. Working closely with engineers, you'll simplify complex security challenges, champion best practice and help create a culture where secure software is the default, not an afterthought. Who we are We are a connectivity provider that does things differently. We call out the bad and find a better way. We're laser-focused on flexibility, value and mutual good, and proud to be a certified B Corp. Working at giffgaff gives you the energy and fast pace of our own culture, plus the benefits that come with being part of our parent company, Virgin Media O2. Our bright and modern office is in Uxbridge, West London, but most roles can be hybrid or remote. The must haves Strong experience reading and assessing code and APIs across languages such as Java, TypeScript or Python Hands on experience managing SAST, DAST and SCA tools, including triage and remediation Deep understanding of OWASP Top 10, secure coding practices and common web and API vulnerabilities Experience with cloud security in AWS and infrastructure as code, including Terraform Experience embedding security into CI/CD pipelines and DevSecOps practices The other stuff we are looking for Experience working with container and Kubernetes security Security certifications such as OSCP, CEH, CSSLP or Security+ Exposure to AI enabled security tooling or securing AI driven features Experience contributing to or maintaining open source security tooling Background within telecommunications or connectivity environments What's in it for you We aim to celebrate our people and their lives, creating an inclusive and diverse culture. Working at giffgaff means you get a competitive reward package with benefits designed to support you and your loved ones. We support hybrid working, so you will have a suitable base location for collaboration, as well as the tools to work from home.
This role is a 12 Month Fixed Term Contract. As a Senior Application Security Engineer at giffgaff, you'll play a pivotal role in shaping how we build and deliver secure digital experiences for our members. You'll act as the go-to expert for application security, helping engineering teams confidently ship software that is secure by design, while balancing risk with pace and innovation. In this role, you'll embed security into every stage of the development lifecycle, from early threat modelling through to secure code reviews and vulnerability management. Working closely with engineers, you'll simplify complex security challenges, champion best practice and help create a culture where secure software is the default, not an afterthought. Who we are We are a connectivity provider that does things differently. We call out the bad and find a better way. We're laser-focused on flexibility, value and mutual good, and proud to be a certified B Corp. Working at giffgaff gives you the energy and fast pace of our own culture, plus the benefits that come with being part of our parent company, Virgin Media O2. Our bright and modern office is in Uxbridge, West London, but most roles can be hybrid or remote. The must haves Strong experience reading and assessing code and APIs across languages such as Java, TypeScript or Python Hands on experience managing SAST, DAST and SCA tools, including triage and remediation Deep understanding of OWASP Top 10, secure coding practices and common web and API vulnerabilities Experience with cloud security in AWS and infrastructure as code, including Terraform Experience embedding security into CI/CD pipelines and DevSecOps practices The other stuff we are looking for Experience working with container and Kubernetes security Security certifications such as OSCP, CEH, CSSLP or Security+ Exposure to AI enabled security tooling or securing AI driven features Experience contributing to or maintaining open source security tooling Background within telecommunications or connectivity environments What's in it for you We aim to celebrate our people and their lives, creating an inclusive and diverse culture. Working at giffgaff means you get a competitive reward package with benefits designed to support you and your loved ones. We support hybrid working, so you will have a suitable base location for collaboration, as well as the tools to work from home.