About the role
The Application Security Engineer is responsible for ensuring the security of software applications through rigorous testing and validation. This role is dedicated to embedding security testing throughout the software development lifecycle (SDLC), identifying vulnerabilities, and supporting development teams in remediating security issues. The focus is on proactive, continuous security assessment of applications, both pre- and post-deployment, to maintain the highest standards of software security.
What you'll be doing
- Collaborate with development teams to create and maintain application threat models (e.g., STRIDE, DREAD).
- Identify and document application specific risks; propose effective countermeasures.
- Integrate and operate application vulnerability scanning tools (e.g., Sonar Cloud, Snyk, OWASP ZAP, Burp Suite, Tenable WAS) within CI/CD pipelines.
- Interpret vulnerability reports, prioritise remediation based on risk, and track resolution with development teams.
- Promote awareness of common application vulnerabilities (e.g., SQL injection, XSS, CSRF) and mitigation strategies (OWASP Top 10, ASVS, MASVS).
- Support development teams in adopting secure coding standards, including static analysis tools, code reviews, and automated linting.
- Plan, execute, and manage Static, Dynamic, Mobile, and Interactive Application Security Testing (SAST, DAST, MAST, IAST).
- Embed security testing into CI/CD pipelines for continuous, automated validation.
- Simulate real world attack scenarios to identify weaknesses in application logic and implementation.
- Develop and maintain scripts, tools, and processes to automate application security testing.
- Produce clear, actionable security testing reports for technical and non technical stakeholders.
- Maintain comprehensive documentation of testing methodologies, findings, and remediation guidance.
- Work closely with software engineers, QA, and product teams to embed security best practices.
- Deliver training and awareness sessions on application security testing techniques and secure development.
What experience we're looking for
Must have:
- 3 5+ years of hands on experience in application security testing
- Strong knowledge of SAST, DAST, MAST, and IAST tools and methodologies
- Familiarity with secure SDLC and Application DevSecOps practices
- Experience integrating application security testing into CI/CD pipelines
- Good understanding of common application vulnerabilities and mitigation strategies (OWASP Top 10, ASVS, MASVS)
- Proficiency in at least one programming or scripting language (e.g., Python, JavaScript, C#)
- Strong analytical, problem solving, and troubleshooting skills
- Excellent communication and teamwork abilities
- Experience in producing clear, concise technical documentation and security reports
- Commitment to continuous learning and keeping up with evolving application security threats and technologies
Nice to have
- CREST Certified Web Application Tester
- Bachelor's degree in Software Engineering
Key Measures of Success
- Proactive identification and remediation of application vulnerabilities
- Effective integration of application security testing into development workflows
- Demonstrated improvement in application security posture over time
- Positive feedback from development teams regarding security testing support
- Ability to communicate complex security concepts to technical and non technical stakeholders
Benefits
- Company Bonus Scheme
- Matched pension contributions up to 8.5%
- 26 days annual leave + 2 Life Days (and bank holidays)
- Single Private Health Cover
- Complimentary Private Medical
- Income Protection
- Flexible Benefits - EV Scheme, Money Coach, Will Writing, Mortgage Advice, Dental and Eye Care Schemes
- Enhanced Family Leave (Maternity, Paternity, Adoption)
- Wellness Allowance £500
- Employee Assistance Programme
- Discounted Health Assessments
- Volunteering Days
- Matched Funding
We are a Disability Confident Leader which means we've taken proactive steps to ensure our workplace is accessible and inclusive for disabled and neurodivergent colleagues and candidates. As part of this we offer an interview to disabled applicants who meet the essential requirements of the job.
If you need any assistance or adjustments to this job description or in the application process, please contact a member of the talent team at and we'll be happy to help.