Lead Application Security Engineer

Title: Lead Application Security Engineer

Location: Fully Remote (UK-based)

Salary: £110,000 – £130,000 base + Bonus

Sector: FinTech / Digital Consumer Finance

We’re recruiting on behalf of a UK-based FinTech that’s simplifying how consumers engage with credit – offering digital credit cards and financial services built on cloud-native architecture and driven by data.

They are looking to hire a highly technical, hands-on Lead Application Security Engineer to take full ownership of the application security landscape – not from a policy or governance standpoint, but through deep, practical expertise in identifying and fixing vulnerabilities across live systems.

This role is perfect for a white hat hacker mindset – someone who thrives in proactively breaking applications, exposing flaws in logic, authentication, payment processing, or APIs, and using creativity (not just tooling) to harden applications from real-world threats.

What Makes This Role Stand Out?

• You’ll be hands-on: This is not a governance or compliance function. It’s about deep technical engagement with the codebase, systems, and application architecture.
• You’re walking into a mature environment: The company already has Secure SDLC and DevSecOps practices in place. This isn’t a ground-up build – it’s about stress-testing and strengthening what’s already built.
• You’ll have impact and visibility: Reporting to the CIO, with close collaboration with the Head of Information Security (compliance), you’ll shape the AppSec strategy while also getting into the code.
• You’ll build your own team: This role includes team growth – you’ll start as a leader and grow your own capability beneath you.

What You’ll Be Doing:

• Actively identifying vulnerabilities in applications, especially around authentication flows, payments, and sensitive data handling
• Thinking creatively and adversarially – “breaking the app” to protect it
• Performing penetration testing, threat modelling, and secure code reviews
• Working directly with developers to integrate security best practices into an already-operational DevSecOps pipeline
• Advising on product and architectural design from a security-first lens
• Contributing to a security culture that prioritises customer trust and system integrity

What We’re Looking For:

• Deep hands-on experience in application security – not just theory, but experience in secure coding, manual testing, and fixing complex vulnerabilities
• A proven background in credit cards, payments, or financial transaction systems
• Understanding of modern application architectures (APIs, microservices, cloud platforms – likely Azure)
• Familiarity with OWASP Top 10, SAST/DAST, and a variety of pen testing techniques
• A desire to build and lead a team, while remaining technical and practical day to day
• Right to work in the UK and ability to work remotely from within the UK

Recruitment Process:

• Initial call with Head of Engineering
• Second stage with CIO
• Final conversation and potentially a take-home exercise

If you're ready to be the attacker before the attacker is, and want to lead AppSec in an ambitious and growing FinTech, we’d love to hear from you.