Application Security Engineer

Application Security Engineer

London (Hybrid)

Up to £80,000 + benefits

TechOhana are partnered with a Global software business that are a leader in the niche they operate in.

The Role

As an Application Security Engineer, you’ll play a key role in ensuring secure-by-design principles are applied across web and API-driven applications.

Key responsibilities include:

• Performing application security reviews , threat modelling and secure design assessments
• Conducting SAST, DAST and dependency scanning across applications and services
• Identifying and remediating common vulnerabilities (OWASP Top 10, API security issues, authentication/authorisation flaws)
• Working with developers to improve secure coding practices and security awareness
• Supporting incident response and vulnerability management at the application layer
• Contributing to security standards, tooling and best practices across the SDLC

What We’re Looking For

• Proven experience in an Application Security or Product Security role
• Strong understanding of web application security and common attack vectors
• Hands-on experience with security tooling (e.g. Burp Suite, OWASP ZAP, Snyk, Checkmarx, Veracode or similar)
• Familiarity with modern development environments (APIs, microservices, cloud platforms)
• Ability to clearly communicate security risks to both technical and non-technical stakeholders
• Experience working in agile, software-led environments

Nice to Have

• Secure code review experience (Java, Python, JavaScript or similar)
• Knowledge of cloud security (AWS, Azure or GCP)
• Familiarity with security frameworks such as OWASP, NIST or CIS
• Relevant security certifications (e.g. CSSLP, GWAPT, OSCP – not essential)