SVP - Application Security Tech Lead | London, UK

Description:
This role is a cross-functional position responsible for various Application Security program initiatives. Reporting directly to the Application Security Program Director, the ideal candidate will understand modern software development trends, engineering-led security practices, and stay updated on the evolving cybersecurity threat landscape.
The candidate will liaise with internal teams and regional partners to ensure program deliverables are met. Success requires innovation, a proven track record in delivering security solutions, integrating security into DevOps pipelines, automating security as code, and enabling threat detection and response. The individual will collaborate with the SDLC program to define application security testing standards and policies, including testing methodologies (tool-based and manual) throughout the SSDLC lifecycle, focusing on continuous deployment environments using automated tools like SAST, DAST, SCA, ASPM, Secrets Scanning, etc.
Leadership responsibilities include mentoring team members, setting strategic direction, and hands-on execution of security services.

Key Responsibilities:

• Establish and manage security programs supporting testing requirements.
• Build and maintain relationships with development, product, project management, third-party vendors, enterprise architecture, and audit teams.
• Participate in strategic planning to incorporate risk governance into the enterprise strategy.
• Collaborate with business sectors to strengthen development processes and security testing.
• Assess risks and provide security advice for business decisions.
• Oversee application security programs and recommend standards and policy updates.

Qualifications:

• Experience in Threat Modeling, Application Risk Assessment, Vulnerability Assessments, Governance, Metrics, and Training.
• Bachelor's Degree with 4-6 years in web application development or code review.
• Experience as a technical lead or manager.
• Knowledge of cloud computing and DevOps tools (OpenShift, Kubernetes, Docker, Chef, etc.).
• Experience with cloud platforms (AWS, Google Cloud, Azure) and security in the cloud.
• Understanding of security vulnerabilities in web and infrastructure environments.
• Experience with source code management and deployment tools (Jenkins, GitHub, Maven, etc.).
• Ability to conduct vulnerability assessments and communicate security issues effectively.
• Familiarity with security tools like Snyk, Checkmarx, Fortify, etc., is a plus.
• Excellent communication skills and knowledge of security standards (NIST, ISO, etc.).
• Relevant certifications (GIAC, CISA, CISSP, etc.) are desired.

Education:

• Bachelor's degree or equivalent; Master's preferred.