Application Security Engineer

🔒 Confidential Employer
Posted 13 August 2025
LOCATION
Remote
TYPE
Full-time
LEVEL
Mid-Senior level
CATEGORY
Technology
This employer holds a UK Home Office sponsor license — sponsorship for this specific role is at the employer’s discretion

SKILLS

Security Assessments Code Reviews Penetration Testing Vulnerability Assessments Secure SDLC Web Application Security

FULL DESCRIPTION

Summary

Application Security Engineer sought by [Employer hidden — view at passion-project.co.uk]. This full-time, remote/hybrid role involves security assessments, code reviews, penetration testing, and ensuring secure development practices. The ideal candidate possesses strong technical skills and experience in application security.

Key Responsibilities:

  • Performing security assessments and code reviews on applications to identify and mitigate vulnerabilities
  • Developing and maintaining secure software development lifecycle (SDLC) practices and guidelines
  • Collaborating with development teams to ensure security is integrated into every stage of the application development process
  • Conducting penetration testing and vulnerability assessments on web applications, mobile apps, and cloud environments
  • Providing recommendations for security improvements based on findings from code reviews, vulnerability scans, and security audits
  • Responding to and remediating security incidents related to application vulnerabilities
  • Keeping up to date with the latest security threats, vulnerabilities, and trends in application security
  • Assisting in training development teams on secure coding practices and the importance of application security
  • Ensuring compliance with industry regulations, such as GDPR, OWASP Top 10, and other security standards

Core Requirements:

  • Proven experience as an Application Security Engineer or in a similar role focused on securing applications
  • Strong knowledge of security testing methodologies, tools, and practices (e.g., static/dynamic analysis, penetration testing)
  • Proficiency in programming languages (e.g., Java, Python, C++, JavaScript) and understanding of secure coding practices
  • Familiarity with web application security standards and frameworks (e.g., OWASP Top 10, SANS, ISO 27001)
  • Experience with security tools such as Burp Suite, SonarQube, Checkmarx, and other application security testing tools
  • Solid understanding of cloud environments (AWS, Azure, Google Cloud) and securing cloud-based applications
  • Ability to work cross-functionally with developers, IT teams, and stakeholders to integrate security practices into development workflows
  • Strong analytical and problem-solving skills with attention to detail
  • A degree in Computer Science, Information Security, or a related field is preferred
  • Relevant certifications such as CISSP, CEH, or SANS/GIAC are a plus

What You’ll Be Working On:

  • Performing security assessments and code reviews on applications to identify and mitigate vulnerabilities
  • Developing and maintaining secure software development lifecycle (SDLC) practices and guidelines
  • Collaborating with development teams to ensure security is integrated into every stage of the application development process
  • Conducting penetration testing and vulnerability assessments on web applications, mobile apps, and cloud environments
  • Providing recommendations for security improvements based on findings from code reviews, vulnerability scans, and security audits
  • Responding to and remediating security incidents related to application vulnerabilities
  • Keeping up to date with the latest security threats, vulnerabilities, and trends in application security
  • Assisting in training development teams on secure coding practices and the importance of application security
  • Ensuring compliance with industry regulations, such as GDPR, OWASP Top 10, and other security standards

What We’re Looking For:

  • Proven experience as an Application Security Engineer or in a similar role focused on securing applications
  • Strong knowledge of security testing methodologies, tools, and practices (e.g., static/dynamic analysis, penetration testing)
  • Proficiency in programming languages (e.g., Java, Python, C++, JavaScript) and understanding of secure coding practices
  • Familiarity with web application security standards and frameworks (e.g., OWASP Top 10, SANS, ISO 27001)
  • Experience with security tools such as Burp Suite, SonarQube, Checkmarx, and other application security testing tools
  • Solid understanding of cloud environments (AWS, Azure, Google Cloud) and securing cloud-based applications
  • Ability to work cross-functionally with developers, IT teams, and stakeholders to integrate security practices into development workflows
  • Strong analytical and problem-solving skills with attention to detail
  • A degree in Computer Science, Information Security, or a related field is preferred
  • Relevant certifications such as CISSP, CEH, or SANS/GIAC are a plus
Sign up free — access 45,000+ UK sponsor-licensed jobs