Lead Application Security Engineer

WeDo

colchester, United Kingdom

Other

-

Yes

6

26.06.2025

10.08.2025

Title: Lead Application Security Engineer

Location: Fully Remote (UK-based)

Sector: FinTech / Digital Consumer Finance

We’re recruiting on behalf of a UK-based FinTech that’s simplifying how consumers engage with credit – offering digital credit cards and financial services built on cloud-native architecture and driven by data.

They are looking to hire a highly technical, hands-on Lead Application Security Engineer to take full ownership of the application security landscape – not from a policy or governance standpoint, but through deep, practical expertise in identifying and fixing vulnerabilities across live systems.

This role is perfect for a white hat hacker mindset – someone who thrives in proactively breaking applications, exposing flaws in logic, authentication, payment processing, or APIs, and using creativity (not just tooling) to harden applications from real-world threats.

What Makes This Role Stand Out?

• You’ll be hands-on: This is not a governance or compliance function. It’s about deep technical engagement with the codebase, systems, and application architecture.
• You’re walking into a mature environment: The company already has Secure SDLC and DevSecOps practices in place. This isn’t a ground-up build – it’s about stress-testing and strengthening what’s already built.
• You’ll have impact and visibility: Reporting to the CIO, with close collaboration with the Head of Information Security (compliance), you’ll shape the AppSec strategy while also getting into the code.
• You’ll build your own team: This role includes team growth – you’ll start as a leader and grow your own capability beneath you.

What You’ll Be Doing:

• Actively identifying vulnerabilities in applications, especially around authentication flows, payments, and sensitive data handling
• Thinking creatively and adversarially – “breaking the app” to protect it
• Performing penetration testing, threat modelling, and secure code reviews
• Working directly with developers to integrate security best practices into an already-operational DevSecOps pipeline
• Advising on product and architectural design from a security-first lens
• Contributing to a security culture that prioritises customer trust and system integrity

What We’re Looking For:

• Deep hands-on experience in application security – not just theory, but experience in secure coding, manual testing, and fixing complex vulnerabilities
• A proven background in credit cards, payments, or financial transaction systems
• Understanding of modern application architectures (APIs, microservices, cloud platforms – likely Azure)
• Familiarity with OWASP Top 10, SAST/DAST, and a variety of pen testing techniques
• A desire to build and lead a team, while remaining technical and practical day to day
• Right to work in the UK and ability to work remotely from within the UK

Recruitment Process:

• Initial call with Head of Engineering
• Second stage with CIO
• Final conversation and potentially a take-home exercise

If you're ready to be the attacker before the attacker is, and want to lead AppSec in an ambitious and growing FinTech, we’d love to hear from you.

Please note that if you are NOT a passport holder of the country for the vacancy you might need a work permit. Check our Blog for more information.

Bank or payment details should not be provided when applying for a job. Eurojobs.com is not responsible for any external website content. All applications should be made via the 'Apply now' button.

Created on 26/06/2025 by JR United Kingdom