Enable job alerts via email!

Senior Application Security Engineer

JR United Kingdom

Portsmouth

Remote

GBP 60,000 - 90,000

Full time

4 days ago

Be an early applicant

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

A leading software supply chain company is looking for a Senior Application Security Engineer in Portsmouth. You will be responsible for embedding security into the software development life cycle, from architecting security controls to performing penetration testing. The role emphasizes collaboration with engineering teams and a strong foundation in software development with a focus on application security, particularly in cloud environments.

Qualifications

Deep application security knowledge and hands-on experience with cloud environments.
Experience in developing security tools and understanding of Infrastructure as Code (IaC).
Ability to collaborate effectively with engineering teams.

Responsibilities

Embed security across the platform from source to production.
Perform penetration testing services and infrastructure security assessments.
Write secure code, review others’ code, and improve secure coding practices.

Skills

Application security knowledge

Python

Threat modeling

Penetration testing

CI/CD pipelines

Container security

API security

Education

Background in software development

Experience with security tools (SAST, DAST, RASP)

Tools

CircleCI

GitHub Actions

DataDog

AWS Security Hub

Social network you want to login/join with:

Senior Application Security Engineer, Portsmouth, Hampshire

Client: Cloudsmith

Location: Portsmouth, Hampshire, United Kingdom

Job Category: Other

EU work permit required: Yes

Job Views:

Posted:

31.05.2025

Expiry Date:

15.07.2025

Job Description:

Some people like building things. Others like breaking them. You? You love both and more importantly, you love stopping bad actors from breaking the things you helped build. If that sounds like your vibe, we’ve got a job you’ll want to see.

This job is with the software supply chain company - securing and powering how software gets delivered everywhere.

What you'll do:

Embed security across the platform, from source to prod.
Architect security controls across distributed, cloud-native systems.
Lead threat modeling and security reviews (and get people to enjoy them).
Perform penetration testing services and infrastructure security assessments ethically.
Extend security automation and monitoring with tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc.
Harden everything from container runtimes to APIs to artifact pipelines.
Write secure code, review others’ code, and help everyone improve their secure coding practices.
Build tools, automate repetitive tasks, and occasionally create proof of concept exploits for testing.

You need:

A background in software development. You’re fundamentally a software engineer. Python is essential, and some TypeScript is a plus.
Deep application security knowledge.
Hands-on experience with SAST, DAST, RASP, and securing cloud environments (preferably AWS).
Strong understanding of container security, API security, Infrastructure as Code (IaC), and CI/CD pipelines.
Experience with penetration testing, threat modeling, and developing security tools.
Bonus points for securing artifact systems or supply chains.
Additional bonus if familiar with Firecracker, gVisor, or advanced security tools like Software Composition Analysis (SCA) and data enclaves.
You believe security should enable development, not hinder it.
You are diplomatic and capable of collaborating effectively with engineering teams to secure the Software Development Life Cycle (SDLC).

This job is remote within the Island of Ireland or in the UK. You must be physically located here; remote work from outside these locations is not permitted.

Work permit sponsorship is not available.

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.