Application Security Engineer
London, United Kingdom
Shieldpay
The opportunity
We are looking for an accomplished Application Security Engineer to join the Information Security team at Shieldpay. You will play a key role in upholding the security of Shieldpay’s products, company systems, and people. The ideal candidate will take a “security-first” approach in everything they do.
Our global partners, and the regulatory bodies we answer to, trust us to ensure total security across all processes, whether that’s in the processing of client monies, or our internal security processes. You will be responsible for helping us achieve our mission in becoming the most trusted payment partner by ensuring our digital security.
Reporting into our Chief Information Security Officer, you'll work to make continuous security improvements across the organisation. You will be key in designing and helping implement technical security architecture for new payment services, ensuring security is built into every step of the application lifestyle.
What you’ll be doing
- Serving as the Application Security SME, providing technical expertise and guidance to engineers in the secure development of their products.
- Utilise SAST, DAST, and SCA within the development pipeline and collaborate with the engineering team to investigate, re-test, and resolve identified vulnerabilities.
- Conduct internal and external penetration testing and partner with external experts to proactively uncover potential security threats.
- Lead architectural reviews and threat modelling to embed security requirements into product designs.
- Own the secure software development lifecycle and represent application security in ISO 27001 audits, ensuring alignment and compliance with the standard.
- Contribute towards the broader company technical strategy, to guide it in a more secure direction from a development perspective.
- Regularly evaluate and report on the effectiveness of existing security controls as part of the RCSA process.
- Contribute to the wider security team and assist with incident response, monitoring, and routine security operations tasks.
- Work with the rest of the organisation to build security into everyday functions prioritising a culture of security best practices over barriers.
What we're looking for in you
- Proven experience in an Application Security, Penetration Testing, or similar role – even better if this has been within FinTech or payments!
- Experience with SAST, DAST, and SCA security tooling and the ability to interpret and address their findings.
- Familiarity with implementing ISO 27001 within software development environments.
- Proficiency in conducting penetration testing and vulnerability assessments, both manually and with automated tools.
- Knowledgeable in threat modelling and security architecture reviews to identify and mitigate risks in product designs.
- Solid understanding of software development methodologies and experience working with development teams to integrate security practices into the SDLC.
- Strong communication and collaboration skills to build effective relationships with your team and the wider business.
- Experience with AWS and GCP cloud security services, including WAF, API gateways, key management services, and secret managers.
- Ideally you will hold one or any of OSCP, OSWE, GPEN, GWAPT, GMOB, CRT, PenTest+, however this is not essential.
Our Promise
Shieldpay is an equal opportunities employer. For Shieldpay building a fair and transparent workforce begins with the recruitment process that does not discriminate on the grounds of gender, sexual orientation, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age. We offer flexible working options, such as flexible hours and hybrid work, to support our employees' work-life balance
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Audits AWS CISO Cloud Compliance DAST FinTech GCP GMOB GPEN GWAPT Incident response ISO 27001 Monitoring OSCP OSWE Pentesting SAST SDLC Strategy Vulnerabilities
Perks/benefits: Flex hours
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.