Senior Application Security Engineer - DevSecOps & Cloud Security

An opportunity has arisen for a Senior Application Security Engineer to join a well-established health research organisation and charity that supports large-scale medical research to improve disease prevention, diagnosis and treatment.

As a Senior Application Security Engineer, you will play a key part in integrating security throughout the software development lifecycle, working alongside engineering and cloud teams to build, improve and maintain secure applications, platforms and deployment processes.

This is not a traditional vulnerability management role, it is a hands-on Application Security role centred on secure design, CI/CD security, cloud-native technologies, Kubernetes, API security, code analysis, security-as-code and supporting development teams to build secure applications.

This is a full-time permanent role, working on a hybrid basis with a Central London office location, offering a salary from £70,000 per annum and an excellent benefits package. Visa sponsorship is not available.

You will be responsible for

• Working closely with engineering and architecture teams to promote secure development from the earliest stages of delivery.
• Implementing and maintaining application security testing solutions, enabling developers to identify and remediate security risks.
• Enhancing secure development processes by integrating security controls throughout CI/CD pipelines.
• Strengthening the security of GitHub Actions and comparable continuous integration and deployment platforms.
• Providing technical guidance on secure API design and protecting externally accessible systems.
• Supporting the security of Azure cloud infrastructure, including Azure Kubernetes Service (AKS).
• Assisting with the protection of cloud-hosted data platforms and associated technologies.
• Developing and maintaining security-as-code and policy-as-code using appropriate tooling.
• Automating security processes through infrastructure-as-code and scripting technologies.
• Producing and maintaining technical documentation, security procedures and service documentation.
• Supporting development teams with the adoption and integration of security tooling and best practices.
• Contributing to wider cyber security initiatives, including threat modelling and compliance activities.

What we are looking for:

• Previously worked as a Senior Application Security Engineer, Lead Application Security Engineer, Principal Application Security Engineer, Application Security Engineer, Senior Product Security Engineer, Product Security Engineer, Senior DevSecOps Engineer, DevSecOps Engineer, Application Security Consultant or in a similar role.
• Hands-on experience embedding application security into the SDLC
• Experience securing APIs, internet-facing services, and Kubernetes (preferably AKS) and containerised environments
• Experience working with engineering teams and implementing security testing tools (SAST, DAST, IAST, SCA)
• Knowledge of security automation, security-/policy-as-code, and secure engineering practices (code review, testing, source control, documentation)
• Familiar with CI/CD tools such as GitHub and GitHub Actions
• Highly skilled in Terraform and Python
• Strong understanding of Azure security controls and cloud security governance
• Experience with threat modelling in software engineering contexts
• Knowledge of ISO 27001 and its relevance to secure engineering
• Familiar with Agile and DevSecOps methodologies
• Eligible to work in the UK

This is an excellent opportunity for a Senior Application Security Engineer where you can make a meaningful impact on the safe and effective adoption of emerging technologies.

Important Information: We endeavour to process your personal data in a fair and transparent manner. In applying for this role, Additional Resources will be acting in your best interest and may contact you in relation to the role, either by email, phone or text message. For more information see our Privacy Policy on our website. It is important you are aware of your individual rights and the provisions the company has put in place to protect your data. If you would like further information on the policy or GDPR please contact us.

Additional Resources are an Employment Business and an Employment Agency as defined within The Conduct of Employment Agencies & Employment Businesses Regulations 2003.