Information Security Analyst, App Sec

We're Checkout.com - you might not know our name, but companies like eBay, ASOS, Klarna, Uber Eats, and Sony do. That moment when you check out online? We make it happen.

Checkout.com is where the world checks out. Our global network powers billions of transactions every year, making money move without making a fuss. We spent years perfecting a service most people will never notice. Because when digital payments just work, businesses grow, customers stay, and no one stops to think about why.

With 19 offices spanning six continents, we feel at home everywhere - but London is our HQ. Wherever our people work their magic, they're fast-moving, performance-obsessed, and driven by being better every day.

As a Junior Application Security Analyst in the Information Security team, you will help secure Checkout.com's software applications throughout the Secure Software Development Lifecycle (SSDLC). You will work closely with developers and product teams to integrate security early in the development process, identify and oversee the remediation of vulnerabilities, and ensure adherence to secure coding practices and application security standards. This role focuses on practical, hands-on security support while also growing your expertise in application security.

• Assist in integrating security controls into the SSDLC.
• Support the creation and maintenance of secure coding guidelines (e.g., OWASP Top 10, CERT Secure Coding Standards).

• Assist in integrating security controls into the SSDLC.
• Support the creation and maintenance of secure coding guidelines (e.g., OWASP Top 10, CERT Secure Coding Standards).

• Run a Static Application Security Testing (SAST) and Software Composition Analysis (SCA) scans.
• Conduct API security testing.
• Support CI/CD pipelines to keep secure and effective integration.

• Participate in threat modelling sessions.
• Document identified threats, assess risks and provide mitigation recommendations.
• Assist in code and system reviews to analyse security in company's products.

• Triage and prioritise vulnerabilities from automated scans.
• Track, verify and ensure security flaws remediation.
• Assist to automate an AppSec pipelines

• Collaborate with engineering teams to integrate security into product design and improve existing systems.
• Help deliver training and awareness on SSDLC best practices and secure coding.
• Contribute to security documentations.

• 1-3 years in application security, secure software development, or related IT/security role.
• Understand basic network technologies and protocols (HTTP, TCP/IP, DNS and the OSI model).
• Understanding of common software vulnerabilities and their mitigations.
• Basic programming experience in a popular language (e.g., Python, JavaScript, Golang).
• Understanding of CI/CD pipelines and DevSecOps principles.
• Basic understanding of AWS technologies and GitHub security features.
• Strong attention to detail in documentation and assessments.

• Familiarity with SAST/DAST/SCA tools and API security testing platforms.
• Exposure to cloud-native application security (AWS, Azure, GCP).
• Understanding of container security (Docker, Kubernetes).
• Experience of participating in Capture The Flag (CTF) competitions.

• Eager to learn and expand technical skills in application security.
• Effective communicator with both technical and non-technical audiences.
• Collaborative and proactive problem solver.

We create the conditions for high performers to thrive - through real ownership, fewer blockers, and work that makes a difference from day one.

Here, you'll move fast, take on meaningful challenges, and be recognized for the impact you deliver. It's a place where ambition gets met with opportunity - and where your growth is in your hands.

We work as one team, and we back each other to succeed. So whatever your background or identity, if you're ready to grow and make a difference, you'll be right at home here.

It's important we set you up for success and make our process as accessible as possible. So let us know in your application, or tell your recruiter directly, if you need anything to make your experience or working environment more comfortable.

We understand that work is just one part of your life. Our hybrid working model offers flexibility, with three days per week in the office to support collaboration and connection.

Curious about what it's like to be part of our team? Visit our Careers Page to learn more about our culture, open roles, and what drives us.

For a closer look at daily life at Checkout.com, follow us on LinkedIn and Instagram