Enable job alerts via email!

Senior Application Security Engineer

JR United Kingdom

Southampton

Remote

GBP 50,000 - 80,000

Full time

4 days ago

Be an early applicant

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

A leading software supply chain company is seeking a Senior Application Security Engineer in Southampton. You will secure and streamline software delivery by embedding security across platforms, performing penetration testing, and shaping security practices with engineering teams. Ideal candidates will have a strong background in software development along with deep application security knowledge and experience with various security tools and methodologies. This is a remote role within the UK, requiring a strong collaboration with engineering teams to enhance their security posture without hindering productivity.

Qualifications

Background in software development, primarily as a software engineer.
Hands-on experience with SAST, DAST, RASP, and securing cloud environments (preferably AWS).
Experience with threat modeling and building security tools.

Responsibilities

Embed security across the platform from source to production.
Lead threat modeling and security reviews.
Perform penetration testing services and infrastructure testing ethically.

Skills

Deep application security knowledge

Container security

API security

Infrastructure as Code (IaC)

CI/CD pipelines

Pen testing

Threat modeling

Building security tools

Python

TypeScript

Tools

CircleCI

GitHub Actions

DataDog

AWS Security Hub

Social network you want to login/join with:

Senior Application Security Engineer, Southampton

Client: Cloudsmith

Location: Southampton, United Kingdom

Job Category: Other

EU work permit required: Yes

Job Views:

Posted:

31.05.2025

Expiry Date:

15.07.2025

Job Description:

Some people like building things. Others like breaking them. You? You love both and more importantly, you love stopping bad actors from breaking the things you helped build. If that sounds like your vibe, we’ve got a job you’ll want to see.

This job is with the software supply chain company - securing and powering how software gets delivered everywhere.

What you'll do:

Embed security across the platform, from source to production.
Architect security controls across distributed, cloud-native systems.
Lead threat modeling and security reviews (and get people to enjoy them).
Perform penetration testing services and infrastructure testing ethically.
Extend security automation and monitoring with tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc.
Harden everything from container runtimes to APIs to artifact pipelines.
Write secure code, review other people’s code, and help everyone level up their secure coding game.
Build tools, automate boring tasks, and occasionally develop a proof of concept for fun.

You need:

A background in software development. At your core, you’re a software engineer. Python for sure and a bit of TypeScript never hurt anyone.
Deep application security knowledge.
Hands-on experience with SAST, DAST, RASP, and securing cloud environments (preferably AWS).
Strong grasp of container security, API security, Infrastructure as Code (IaC), and CI/CD pipelines.
Experience with pen testing, threat modeling, and building security tools.
Big bonus if you’ve secured artifact systems or supply chains before.
Even bigger bonus if you’ve worked with Firecracker, gVisor, or security tools like SCA and data enclaves.
You believe security should enable, not block, engineering.
You’re diplomatic—you need to work with engineering teams to secure the Software Development Life Cycle (SDLC) without spooking them.

This job is remote on the Island of Ireland or in the UK. You need to be physically located here - remote work from another country is not permitted.

Work permit sponsorship is not available.

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.