Application Security Engineer in Cambridge

Hybrid – Cambridge, UK (1 day a week in office)

• Guiding teams on security best practices, compliance, and secure coding.
• Collaborating with architects and developers to review designs and code for vulnerabilities.
• Embedding/improving threat modelling and secure development practices into the SDLC.
• Designing and integrating security testing plans.
• Performing and overseeing application security testing and driving remediation.
• Managing end-to-end vulnerability workflows, including bug bounty findings.
• Supporting incident response activities when needed.
• Monitoring and reporting on application security metrics, KPIs, and emerging threats.
• Automating processes for vulnerability detection and integrating tools into the pipeline.

Note: this position includes participation in an on‑call rotation.

• 3+ years in software engineering plus 2+ years in application security.
• Strong knowledge of OWASP, application vulnerabilities, and security testing techniques.
• Experience with secure web application development and Agile/DevOps methodologies.
• Familiarity with pen testing, bug bounty, or hacker community collaboration.
• Strong communication skills – able to influence stakeholders up to senior management.
• Self‑starter with the ability to prioritise, work independently, and drive initiatives.
• Knowledge of wider IT and information security practices.

• Private healthcare (including dental).
• Pension contributions.
• Employee Assistance Programme & wellbeing support.
• Life insurance.
• Annual performance bonus.
• Enhanced family leave from day one.
• Flexible working hours.25 days holiday + bank holidays (with buy/sell options)