Enable job alerts via email!

Senior Application Security Engineer

JR United Kingdom

Glasgow

Remote

GBP 55,000 - 80,000

Full time

4 days ago

Be an early applicant

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

A leading software supply chain company is looking for a Senior Application Security Engineer based in Glasgow. In this remote-friendly role, you'll embed security practices across applications and systems, with a focus on collaboration and enabling engineering teams. Ideal candidates will have a solid background in software development and proficiency in security methodologies.

Qualifications

Proficiency in Python and some experience with TypeScript.
Deep application security knowledge.
Hands-on experience with security testing tools.
Strong understanding of cloud security and CI/CD.

Responsibilities

Embed security across the platform, from source to production.
Lead threat modeling and security reviews.
Conduct penetration testing and security assessments.
Automate security and build tools for the SDLC.

Skills

Software development

Application security

Penetration testing

Threat modeling

Collaboration

Senior Application Security Engineer, Glasgow

Client: Cloudsmith

Location: Glasgow, United Kingdom

Job Category: Other

EU work permit required: Yes

Job Views: 4

Posted: 31.05.2025

Expiry Date: 15.07.2025

Job Description:

Some people like building things. Others like breaking them. You? You love both and more importantly, you love stopping bad actors from breaking the things you helped build. If that sounds like your vibe, we’ve got a job you’ll want to see.

This job is with the software supply chain company - securing and powering how software gets delivered everywhere.

What you'll do:

Embed security across the platform, from source to production.
Architect security controls across distributed, cloud-native systems.
Lead threat modeling and security reviews (and make them enjoyable).
Conduct penetration testing services and infrastructure security assessments ethically.
Extend security automation and monitoring with tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc.
Harden everything from container runtimes to APIs to artifact pipelines.
Write secure code, review others' code, and help improve secure coding practices.
Build tools, automate routine tasks, and occasionally develop proof of concepts for fun.

You need:

A background in software development, with proficiency in Python and some experience with TypeScript.
Deep application security knowledge.
Hands-on experience with SAST, DAST, RASP, and securing cloud environments (preferably AWS).
Strong understanding of container security, API security, Infrastructure as Code (IaC), and CI/CD pipelines.
Experience with penetration testing, threat modeling, and security tool development.
Experience securing artifact systems or supply chains is a plus.
Familiarity with Firecracker, gVisor, or concepts like Software Composition Analysis (SCA) and data enclaves is a bonus.
You believe security should enable, not block, engineering teams.
You are diplomatic and able to collaborate effectively with engineering teams to secure the Software Development Life Cycle (SDLC).

This position is remote within the Island of Ireland or in the UK. Applicants must be physically located in these regions; remote work from outside these areas is not permitted. Work permit sponsorship is not available for this role.

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.