Application Security Engineer UK or Europe Remote

Job Title: Application Security Engineer
Job Type: Permanent
Location: UK or Europe (Remote)
Salary: $150,000 - $(phone number removed)

My client is seeking an Application Security Engineer to strengthen our security posture by identifying vulnerabilities, integrating best practices into CI/CD pipelines, and ensuring compliance with PCI DSS, SOC 2, GDPR, and CCPA. You'll work closely with development teams to embed security into the Software Development Lifecycle (SDLC) from the ground up. If you're passionate about securing applications and solving complex security challenges, we want to hear from you!

1. Conduct security reviews and threat modeling during the application design phase.
2. Perform static and dynamic application security testing (SAST/DAST) on internal and third-party applications.
3. Define and maintain security standards for software development.
4. Integrate security tools and processes into CI/CD pipelines.
5. Conduct code reviews to identify vulnerabilities and ensure compliance with security best practices.
6. Collaborate with engineers to design and implement secure coding practices.
7. Investigate and remediate security incidents related to applications.
8. Provide training and guidance to developers on secure coding principles.
9. Represent the security posture of applications to key stakeholders, including customers.

1. 5+ years of experience in application security or a related field.
2. Strong understanding of OWASP Top 10 and common application vulnerabilities.
3. Proficiency in at least one programming language (C# (.NET preferred), JavaScript frameworks, SQL Server, or mobile development languages).
4. Hands-on experience with security testing tools (e.g., Veracode, Snyk, OWASP ZAP, Burp Suite).
5. Strong knowledge of secure coding practices and secure SDLC methodologies.
6. Experience in cloud security (Azure preferred) and securing cloud-native applications.
7. Familiarity with CI/CD security integration.
8. Understanding of compliance and regulatory frameworks (SOC 2, GDPR, PCI DSS).

1. Experience with container security and Kubernetes.
2. Knowledge of infrastructure security and security monitoring.
3. Familiarity with Jira for issue tracking and Notion for documentation.
4. Experience working in cross-functional teams in a fast-paced environment.
5. Security certifications such as CSSLP, CISSP, OSCP, CEH, or GWEB are a plus.

Submit your CV or contact Ash Ali directly for immediate consideration.