The Application Security Engineer is responsible for ensuring the security of applications by integrating security best practices throughout the software development lifecycle. This role involves identifying vulnerabilities, implementing secure coding standards, and collaborating with engineering teams to enhance the security posture of products and services, and to protect our customers' data.

• 3+ years of experience in application security or secure software development.
• Strong knowledge of OWASP Top 10, SAST/DAST, and secure coding practices.
• Experience with DevSecOps, security testing tools (e.g., Burp Suite, ZAP, Snyk, Github
  Advanced Security).
• Familiarity with AWS security best practices.
• Hands-on experience with CI/CD security automation and Infrastructure as Code (IaC).
• Strong English communication skills (both verbal & written), especially in the global software development environment.

Secure Software Development & Architecture

• Embed security best practices within the software development lifecycle (SDLC).
• Perform secure code reviews and provide remediation guidance to engineering teams.
• Collaborate with architects and engineers to design secure application architectures.
• Advocate for DevSecOps principles, integrating security into CI/CD pipelines.

Vulnerability Management & Threat Modelling

• Conduct regular application security assessments, including AI/LLM, SAST, DAST, IAST, and penetration testing.
• Perform threat modelling on critical applications and new features to identify potential risks early.
• Track, prioritise, and remediate vulnerabilities in coordination with engineering teams.
• Stay ahead of emerging threats and ensure applications are resilient against modern attack techniques.

Security Governance & Compliance

• Ensure compliance with industry standards (e.g., OWASP, ISO 27001, PCI DSS).
• Develop and enforce secure coding policies and guidelines across engineering teams.
• Support risk assessments and security reviews as part of the product development process.
• Maintain security documentation, reporting, and metrics for application security initiatives.

Security Awareness & Training

• Conduct engineer security training on secure coding practices and common vulnerabilities.
• Promote a security-first culture by engaging teams in security champions programs.
• Provide security guidance and best practices tailored to technology stack.