Enable job alerts via email!

Senior Application Security Engineer

JR United Kingdom

West Midlands Combined Authority

Remote

GBP 60,000 - 90,000

Full time

14 days ago

Boost your interview chances

Create a job specific, tailored resume for higher success rate.

Job summary

A leading software supply chain company seeks a Senior Application Security Engineer to secure software deliveries worldwide. You will embed security across the development lifecycle, lead threat assessments, and promote secure coding practices while working remotely from the UK or Ireland. Strong proficiency in Python and application security is essential, along with experience in penetration testing and security automation tools.

Qualifications

Strong software development background in Python and TypeScript.
Deep knowledge of application security and experience with SAST, DAST, RASP.
Familiarity with container security and CI/CD pipelines is required.

Responsibilities

Embed security throughout the platform from source code to production.
Perform ethical penetration testing on services and infrastructure.
Lead threat modeling and security reviews with engaging practices.

Skills

Application Security

Python

TypeScript

Cloud Security

Penetration Testing

Threat Modeling

Security Automation

Social network you want to login/join with:

Senior Application Security Engineer, West Midlands

Client: Cloudsmith

Location: West Midlands, UK or Ireland (remote work within these locations)

Job Category:

Other

EU work permit required:

Yes

Job Views:

Posted:

31.05.2025

Expiry Date:

15.07.2025

Job Description:

Are you passionate about building and securing software? Do you enjoy stopping malicious actors and ensuring the integrity of software supply chains? If yes, then this role is for you.

This position is with a company specializing in the software supply chain, focusing on securing and delivering software efficiently worldwide.

Responsibilities include:

Embedding security throughout the platform, from source code to production.
Designing security controls for distributed, cloud-native systems.
Leading threat modeling and security reviews, making them engaging for teams.
Performing ethical penetration testing on services and infrastructure.
Enhancing security automation and monitoring using tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc.
Securing container runtimes, APIs, and artifact pipelines.
Writing secure code, reviewing others’ code, and promoting secure coding practices.
Building tools, automating tasks, and creating proof-of-concept exploits for fun.

Qualifications:

Strong background in software development, particularly in Python and TypeScript.
Deep knowledge of application security.
Hands-on experience with SAST, DAST, RASP, and cloud security (preferably AWS).
Understanding of container security, API security, Infrastructure as Code, and CI/CD pipelines.
Experience with penetration testing, threat modeling, and developing security tools.
Experience securing artifact systems or supply chains is a plus.
Familiarity with Firecracker, gVisor, SCA, and data enclaves is a bonus.
Belief that security should enable development, not hinder it.
Diplomatic skills to collaborate effectively with engineering teams on the SDLC security.

This role is remote but based in Ireland or the UK. Applicants must be physically located in these regions; remote work from other countries is not permitted.

Work permit sponsorship is not available for this position.

Get your free, confidential resume review.

or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.