Senior Application Security Engineer

Partnered with a VC backed Fintech organisation I'm looking for a Senior Application Security Engineer to embed application security into there product development lifecycle and CI/CD pipelines. This is an individual contributor role working closely with engineering, SRE and product teams to assess, improve, and scale AppSec across a high‑volume transactional platform.

  • Review current application and API landscape, tooling and processes
  • Identify gaps and risks, then design pragmatic mitigation plans
  • Integrate security into CI/CD, SDLC and change management processes
  • Coach and enable software engineers to build secure products by default

Discovery & Assessment

  • Conduct a structured review of existing web applications and APIs
  • Map current AppSec controls, tooling and processes across the SDLC
  • Identify critical vulnerabilities, systemic weaknesses and quick wins
  • Triage and prioritise issues based on risk and business impact

Engineering & Implementation

  • Embed security controls into CI/CD pipelines (e.g. SAST, DAST, SCA, secrets scanning)
  • Partner with SRE and engineering teams on secure architectures and patterns
  • Define and implement secure coding standards and best practices
  • Drive threat modeling for key products and high‑risk changes
  • Support/oversee application pen testing activities as needed

Enablement & Ways of Working

  • Work closely with product and engineering leads to “shift left” on security
  • Coach and mentor engineers on secure design, coding and review practices
  • Create lightweight, usable security guidelines and playbooks for teams
  • Influence roadmaps so that security is considered upfront in new product development

Strategy & Roadmap

  • Contribute to the AppSec roadmap and longer‑term security strategy
  • Recommend and help select security tools and services
  • Provide regular visibility on risk, progress and priorities to engineering leadership

Core Experience

  • Strong application security background with prior software engineering experience
  • Deep understanding of how AppSec fits into modern engineering environments
  • CI/CD pipelines, cloud‑native architectures, microservices and APIs
  • Secure SDLC and change management practices
  • Hands‑on experience with:
  • Web application security
  • API security
  • Threat modeling
  • Secure coding and code reviews
  • Common AppSec tooling (SAST/DAST/SCA, secrets scanning, etc.)

Please submit your application if your profile matches the criteria.

Apply Now
Apply Now

Job Details

Company
Siena Partnership
Location
London, UK
Posted