Enable job alerts via email!

Senior Application Security Engineer

JR United Kingdom

Stoke-on-Trent

Remote

GBP 60,000 - 90,000

Full time

4 days ago

Be an early applicant

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

A leading software supply chain company is seeking a Senior Application Security Engineer to enhance security across its platforms and tools. This role involves embedding security practices, performing penetration testing, and collaborating with engineering teams to secure the Software Development Life Cycle. You’ll need a solid background in software development and deep knowledge of application security, particularly in cloud environments. The role is remote within the UK and Ireland, emphasizing the importance of a close-knit teamwork environment.

Qualifications

Software engineering background with proficiency in Python.
Deep application security expertise with experience in securing cloud environments, preferably AWS.
Experience with security testing tools and practices.

Responsibilities

Embed security across platforms and lead security reviews.
Perform ethical penetration testing on services and infrastructure.
Automate security tasks and build tools for security enhancement.

Skills

Application Security Knowledge

Python

TypeScript

Penetration Testing

Threat Modeling

Cloud Security

Container Security

API Security

Infrastructure as Code (IaC)

CI/CD Pipelines

Social network you want to login/join with:

Senior Application Security Engineer, Stoke-on-Trent

Client: Cloudsmith

Location: Stoke-on-Trent, United Kingdom

Job Category: Other

EU work permit required: Yes

Job Views:

Posted:

31.05.2025

Expiry Date:

15.07.2025

Job Description:

Some people like building things. Others like breaking them. You? You love both and more importantly, you love stopping bad actors from breaking the things you helped build. If that sounds like your vibe, we’ve got a job you’ll want to see.

This job is with the software supply chain company - securing and powering how software gets delivered everywhere.

What you'll do:

Embed security across the platform, from source to production.
Architect security controls across distributed, cloud-native systems.
Lead threat modeling and security reviews (and get people to enjoy them).
Perform penetration testing on services and infrastructure ethically.
Extend security automation and monitoring with tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc.
Harden everything from container runtimes to APIs to artifact pipelines.
Write secure code, review other people’s code, and help everyone improve their secure coding practices.
Build tools, automate repetitive tasks, and occasionally create proof of concept exploits for fun.

You need:

A background in software development. You’re a software engineer at heart. Proficiency in Python and some TypeScript is beneficial.
Deep application security knowledge.
Hands-on experience with SAST, DAST, RASP, and securing cloud environments (preferably AWS).
Strong understanding of container security, API security, Infrastructure as Code (IaC), and CI/CD pipelines.
Experience with penetration testing, threat modeling, and developing security tools.
Bonus points for experience securing artifact systems or supply chains.
Additional bonus if familiar with Firecracker, gVisor, or security tools like SCA and data enclaves.
You believe security should enable, not block, engineering.
You are diplomatic and able to work collaboratively with engineering teams to secure the Software Development Life Cycle (SDLC).

This position is remote within Ireland or the UK. You must be physically located in these regions; remote work from other countries is not permitted.

Work permit sponsorship is not available for this role.

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.