Lead Application Security Engineer

Title: Lead Application Security Engineer

Location: Fully Remote (UK-based)

Salary: £110,000 – £130,000 base + Bonus

Sector: FinTech / Digital Consumer Finance

We’re recruiting on behalf of a UK-based FinTech that’s simplifying how consumers engage with credit – offering digital credit cards and financial services built on cloud-native architecture and driven by data.

They are looking to hire a highly technical, hands-on Lead Application Security Engineer to take full ownership of the application security landscape – not from a policy or governance standpoint, but through deep, practical expertise in identifying and fixing vulnerabilities across live systems.

This role is perfect for a white hat hacker mindset – someone who thrives in proactively breaking applications, exposing flaws in logic, authentication, payment processing, or APIs, and using creativity (not just tooling) to harden applications from real-world threats.

What Makes This Role Stand Out?

You’ll be hands-on : This is not a governance or compliance function. It’s about deep technical engagement with the codebase, systems, and application architecture. You’re walking into a mature environment : The company already has Secure SDLC and DevSecOps practices in place. This isn’t a ground-up build – it’s about stress-testing and strengthening what’s already built. You’ll have impact and visibility : Reporting to the CIO , with close collaboration with the Head of Information Security (compliance), you’ll shape the AppSec strategy while also getting into the code. You’ll build your own team : This role includes team growth – you’ll start as a leader and grow your own capability beneath you.

What You’ll Be Doing:

Actively identifying vulnerabilities in applications, especially around authentication flows, payments, and sensitive data handling Thinking creatively and adversarially – “breaking the app” to protect it Performing penetration testing, threat modelling, and secure code reviews Working directly with developers to integrate security best practices into an already-operational DevSecOps pipeline Advising on product and architectural design from a security-first lens Contributing to a security culture that prioritises customer trust and system integrity

What We’re Looking For:

Deep hands-on experience in application security – not just theory, but experience in secure coding, manual testing, and fixing complex vulnerabilities A proven background in credit cards, payments, or financial transaction systems Understanding of modern application architectures (APIs, microservices, cloud platforms – likely Azure) Familiarity with OWASP Top 10, SAST/DAST, and a variety of pen testing techniques A desire to build and lead a team, while remaining technical and practical day to day Right to work in the UK and ability to work remotely from within the UK

Recruitment Process:

Initial call with Head of Engineering Second stage with CIO Final conversation and potentially a take-home exercise

If you're ready to be the attacker before the attacker is, and want to lead AppSec in an ambitious and growing FinTech, we’d love to hear from you.