Senior Application Security Engineer

Senior Application Security Engineer - London

£520 per day (Inside IR35) - 2 days per week in the City of London (Bank/Cannon St tubes) - 6 months rolling

A global leading financial payments provider is seeking an experienced Senior Application (Product) Security Engineer to join their ever evolving Cyber team to help them unleash the potential of every business.

Good to have:

Experience across various areas of security including AppSec within payment card industry.

Awareness of Secure SDLC practices

Hands on Security Engineer, who has experience handling development of scans, configurations on CICD pipeline and threat modelling - confident enough to handle technical aspects around these areas.
A good understanding of the overall security space and associated services.

About the Senior Application Security Engineer:

The product security team is seeking a dynamic and motivated individual to join their new and growing team. The product team will be instrumental at defining the vision to help secure the company going forward. You will work closely with development teams to secure applications by identifying, mitigating, and preventing security risks throughout the software development life cycle.

Role Overview for the Senior Application Security Engineer:

• The Senior Product Security Engineer is the primary partner for embedding security into every phase of the product life cycle.
• From design and development to deployment and maintenance.
• You will work closely with engineering, product management, and compliance teams to ensure products are secure by design and resilient in production.
• You will define and implement security policies, manage vulnerability backlogs, and lead threat modelling and incident response efforts.

Responsibilities for the Senior Application Security Engineer:

• Define and implement security policies and tooling across the product life cycle, from design and development to deployment and maintenance.
• Lead threat modelling for new and existing applications, guiding teams and ensuring outputs are documented and tracked.
• Manage the product vulnerability backlog, prioritizing remediation of high and critical vulnerabilities, and tracking key metrics such as open vulnerabilities, SLA compliance, and average age of vulnerabilities.
• Coordinate bug bounty findings and ensure timely remediation.
• Conduct root cause analysis (RCA) for security incidents and systemic vulnerabilities, using insights to drive developer training and systemic fixes.
• Drive incident response efforts as Investigation Lead or Incident Commander, including facilitating tabletop exercises to test and improve incident readiness.

What you bring as the Senior Application Security Engineer:

• Deep expertise in vulnerability management, threat modelling, security architecture, and secure SDLC practices.
• Strong background in incident response, root cause analysis, and bug bounty program management.
• Excellent communication and stakeholder management skills, with experience driving cross-functional initiatives.
• Experience with third-party risk management, security assessments, and regulatory compliance.
• Experience working with CI/CD teams to implement new security technologies in the pipeline. Including SAST, DAST, and SCA tools.
• Experience partnering with cross-functional teams to deliver impactful security initiative.

Senior Application Security Engineer - London

£520 per day (Inside IR35) - 2 days per week in the City of London (Bank/Cannon St tubes) - 6 months rolling