AppSec Lead / DevSecOps Lead

IFX Payments is seeking a technically skilled and proactive Application Security Engineer to embed secure development practices across its software delivery lifecycle. This role is critical in reducing application-layer risks, implementing secure coding standards, and ensuring that threat modelling and architecture reviews are consistently applied across all development efforts.

You will work closely with engineering, and platform teams to integrate security into CI / CD pipelines, automate vulnerability detection, and drive continuous improvement in application security posture.

• Embed security controls into CI / CD pipelines and development workflows.
• Implement and manage SAST, DAST, and SCA tools to detect vulnerabilities early in the lifecycle.
• Conduct secure code reviews and support developers in remediating findings.

• Lead threat modelling sessions using standard methodologies to identify design flaws.
• Review application architectures to ensure alignment with security objectives and mitigation of common threats.
• Maintain and update reference architectures based on threat modelling insights.

• Deploy and manage application security tools and integrate them with existing platforms.
• Automate security tasks using scripting (e.g., Python, PowerShell) or SOAR platforms.

• Ensure alignment with ISO 27001, FCA, and NIST standards.
• Contribute to audit readiness and support compliance automation platforms such as Drata.

• Work with engineering teams to promote secure coding practices.
• Support the rollout of role‑based security training and awareness initiatives.
• Act as a security champion within development squads and mentor junior engineers.

• Broad experience in application security or secure software development.
• Strong understanding of OWASP Top 10, secure coding techniques, and threat modelling.
• Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners.
• Familiarity with cloud platforms (Azure or AWS), CI / CD pipelines, and DevOps practices.
• Knowledge of regulatory frameworks (ISO 27001, FCA, NIST).
• Excellent communication skills and ability to work cross‑functionally.
• Experience in fintech or regulated environments.
• Certifications such as OSCP, CSSLP, or CISSP.
• Familiarity with compliance automation platforms (e.g., Drata).
• Exposure to legacy system security challenges and modernisation strategies.
• A true team player with a winning mentality and strong work ethic committed to continuous improvement and high performance.
• Adaptable, tenacious and flexible who is able to perform under pressure.

• 25 days’ annual leave, plus bank holidays and an extra day off for your birthday!
• Life Insurance.
• Holiday loyalty scheme.
• Work abroad scheme.
• Enrolment into our pension scheme, which we offer via a salary exchange scheme.
• Access to a financial education, planning and coaching platform.
• Membership with Healthcare platform, which offers cash back on healthcare focused on dental, optical & physio, plus access to stress helplines, a virtual GP and more.
• Salary exchange nursery fees.
• Enhanced parental leave.
• Cycle to work.
• Career development and progression tools.
• Company events – Sporting events, pub nights, seasonal parties, socials.

We're an award-winning global provider of foreign exchange and payment solutions. On a mission to become the number one service‑led alternative banking partner in EMEA for corporates and Financial Institutions that add value beyond the transaction.

FX Payments was built to challenge the status quo of cross‑border money movement. From our early days to today, our goal has remained the same: to provide seamless, secure, and scalable solutions for businesses operating globally. With a growing presence and a reputation for service excellence, we’ve become a trusted partner for clients who demand more from their payment provider. We’re here to make international money movement feel local—driven by service, powered by innovation, and committed to delivering value beyond the transaction.