Lead Application Security Engineer

Lead Application Security Engineer / Ethical Hacker / Security Researcher

Location: Fully Remote (UK-based only)

Salary: Up to £130,000 base + Bonus

Sector: FinTech – Digital Payments / Credit Platforms

About the Company

We are partnering with a UK-based FinTech at the forefront of redefining consumer credit. With a secure, cloud-native platform and a mission to simplify the customer finance experience, this business is scaling rapidly while maintaining a deep focus on technology, security, and user trust.

With a mature DevSecOps environment and Secure SDLC already in place, this is an opportunity to join a business where security is embedded, respected, and essential.

The Role

We are seeking a Lead Application Security Engineer with a strong technical background in software and payment security. This is not a governance or compliance role. You will be responsible for identifying and addressing vulnerabilities in the company’s applications – particularly across authentication and payment processing systems – using manual techniques, ethical hacking, and creative security research.

You will operate as a subject matter expert in application security, reporting directly to the CIO and working closely with the Head of Information Security (compliance-focused). The successful candidate will also have the opportunity to shape and grow a team underneath them.

Key Responsibilities

• Proactively identify application-level vulnerabilities across authentication, payment flows, and core transactional systems
• Perform manual penetration testing, code reviews, and threat modelling across a modern FinTech platform
• Collaborate with engineering teams to remediate risks and implement secure development practices
• Take ownership of the company’s application security layer and continuously assess risk exposure
• Act as a technical leader in all matters related to AppSec, working with architecture, development, and infrastructure teams
• Support and improve the existing Secure SDLC and DevSecOps environment
• Provide guidance on security in design, development, and implementation phases

Required Experience

• Demonstrable hands-on experience in application security, penetration testing, or ethical hacking
• Proven background in card payment systems, payment processing, or credit card platforms
• Strong technical understanding of web applications, APIs, authentication, and data security
• Ability to identify and exploit vulnerabilities manually – beyond commercial tools
• Knowledge of OWASP Top 10, secure coding principles, and threat modelling frameworks
• Experience working in or with high-compliance environments (e.g. PCI DSS, ISO27001)
• Comfortable working independently in a remote-first environment
• Right to work in the UK

Nice to Have

• Experience working in a FinTech, payments, or digital banking environment
• Familiarity with modern cloud environments (e.g. Azure, AWS)
• Background in software engineering, particularly in secure coding or architecture

Interview Process

• Initial conversation with Head of Engineering
• Second-stage interview with the CIO
• Final stage including a potential take-home technical exercise

What’s on Offer

• Salary up to £130,000 base + performance bonus
• Fully remote working (UK-based only)
• High-impact, high-autonomy role
• Opportunity to build and lead a growing application security function
• Join a business with a strong engineering culture and security mindset already in place