1 to 25 of 42 Permanent Application Security Jobs in London

Application Security Lead Entertainment UK Hybrid/Remote Job description This role works closely with development teams to verify our partners applications satisfy the defined security criteria, supporting the organization on the security design and conducting reviews of applications, while improving automation. Primary Responsibilities: Provide technical leadership and guidance on application security best practices … methodologies, and technologies. The ideal candidate will serve as a trusted advisor to development teams, architects, and stakeholders across our clients organisation. Design and review security architectures for applications, ensuring the implementation of effective security controls and countermeasures. Conduct threat modelling exercises to identify potential security risks and vulnerabilities early in the development lifecycle. Conduct in-depth … security assessments, code reviews, and penetration testing of applications to identify and mitigate security vulnerabilities. Utilise industry-standard tools and methodologies to assess the security posture of applications and provide actionable recommendations for remediation Essential At least three years experience in a similar senior Information Security position Customer-oriented person, with the ability to educate and More ❯

heart of our digital transformation. As we continue to grow and innovate, securing our applications and protecting customer data is a top priority. We are looking for a Senior Application Security Engineer to lead our efforts in strengthening application security, mitigating risks, and ensuring best-in-class security practices. If you are passionate about cybersecurity … and eager to make a real impact, we want you on our team! Key Responsibilities: Security Strategy: Help define and execute the Holland & Barrett application security strategy. Collaborate with both tech and non-tech teams to integrate security principles into the early stages of product design and development. Secure SLDC: Establish a secure Software Development Lifecycle … software integrity, authenticity, and third-party library management. Risk Assessments: Conduct risk assessments, threat modeling, and architecture reviews alongside development teams, producing artifacts to drive the implementation of effective security controls. Standards Development: Own the creation and maintenance of tailored security standards and guidelines, developing reusable resources for various development teams. Team Support: Provide guidance and support to More ❯

Job Title: Senior Application Security EngineerSalary: £70,000Location: Reading/remote About the Organisation Join a fast-growing UK technology and consulting firm that's investing heavily in cutting-edge cyber security. With a strong focus on innovation, collaboration, and professional development, this company empowers its people to shape the future of secure digital transformation across a wide … be part of a business that values expertise, agility, and doing the right thing - where everyone has the opportunity to make a genuine impact. About the Role The Senior Application Security Engineer will play a key role in protecting the organisation's infrastructure, cloud platforms, and applications. Working within a highly technical and collaborative cyber team - supported by … a 24/7 external SOC - you'll research, test, and implement next-generation security solutions to safeguard data and systems. This role offers the chance to lead on application and cloud security initiatives, influence secure design standards, and mentor colleagues in best practices. Key Responsibilities Lead application and cloud security initiatives, ensuring systems and More ❯

Job Title: Senior Application Security Engineer Salary: £70,000 Location: Reading/remote About the Organisation Join a fast-growing UK technology and consulting firm that's investing heavily in cutting-edge cyber security. With a strong focus on innovation, collaboration, and professional development, this company empowers its people to shape the future of secure digital transformation across … be part of a business that values expertise, agility, and doing the right thing - where everyone has the opportunity to make a genuine impact. About the Role The Senior Application Security Engineer will play a key role in protecting the organisation's infrastructure, cloud platforms, and applications. Working within a highly technical and collaborative cyber team - supported by … a 24/7 external SOC - you'll research, test, and implement next-generation security solutions to safeguard data and systems. This role offers the chance to lead on application and cloud security initiatives, influence secure design standards, and mentor colleagues in best practices. Key Responsibilities Lead application and cloud security initiatives, ensuring systems and More ❯

places! This is where you come in. The Opportunity As IAG Loyalty evolves into a Platform as a Service business, we're looking for a talented and passionate Senior Application Security Engineer to join our security engineering team. You'll have a background in software engineering and a deep … interest in application and API security. You thrive on collaboration, enjoy helping others grow, and see security as an enabler - not a blocker. You'll be an AppSec advocate who supports our engineers in identifying and addressing security issues across the software development lifecycle. You'll be part of a small, dynamic team within the Product department … be required to work from one of our other office or partner locations, based on your role and 'to do' list. What you'll be doing As a Senior Application Security Engineer, you'll lead the application security practice within the IAG Loyalty security team, taking responsibility for key security KPIs in this area. More ❯

just to name a few! Job Description Your Career As a Senior Consultant in Unit 42 you will have the opportunity to work across a number of proactive cyber security domains including Cloud Security, Security Operations, Cyber Risk Management and Artificial Intelligence in cyber security. We are seeking an individual who is passionate about cyber security … consulting outcomes for clients, as they work to address the challenges associated with today’s cyber threat landscape. Your Impact SOC Advisory: 4+ years of consulting experience in SOC, security engineering, SIEM administration, and incident management and demonstrated success with serving large, multinational organisations in designing and implementing an organisation’s security operations program, organisational structures, and capabilities … Possess a deep technical knowledge in Security Incident and Event Management (SIEM) platforms, Security Orchestration and Response (SOAR) technologies, Endpoint Protection and Response/Next Gen Protection and Response (EDR/XDR) tools, Next GenFirewalls, Threat Intelligence and Hunting platforms Defensive Security Skills (desired) : Experience in security operations design, engineering and/or analysis and investigations More ❯

just to name a few! Job Description Your Career As a Senior Consultant in Unit 42 you will have the opportunity to work across a number of proactive cyber security domains including Cloud Security, Security Operations, Cyber Risk Management and Artificial Intelligence in cyber security. We are seeking an individual who is passionate about cyber security … consulting outcomes for clients, as they work to address the challenges associated with today’s cyber threat landscape. Your Impact SOC Advisory: 4+ years of consulting experience in SOC, security engineering, SIEM administration, and incident management and demonstrated success with serving large, multinational organisations in designing and implementing an organisation’s security operations program, organisational structures, and capabilities … Possess a deep technical knowledge in Security Incident and Event Management (SIEM) platforms, Security Orchestration and Response (SOAR) technologies, Endpoint Protection and Response/Next Gen Protection and Response (EDR/XDR) tools, Next GenFirewalls, Threat Intelligence and Hunting platforms Defensive Security Skills (desired) : Experience in security operations design, engineering and/or analysis and investigations More ❯

remediate security findings. The team is the Center of Excellence (COE) for Application Security, Web Application Firewalls and Cloud Security. In this capacity, the Lead AppSec Engineer can provide advice and guidance to teams in these areas to support the established standards and policies, in the form of Office Hours, Brown Bags or team consultation sessions. … Primary Responsibilities: Operate, administer, and continuously improve our off the shelf AppSec and CloudSec tools (WAF infrastructure management, user onboarding, policy/config, integrations). Triage and disposition vulnerabilities across SAST/DAST/SCA/API/IaC/CSPM sources; lead false positive reviews and suppression/exception workflows with strong audit trails. Partner with Cloud Platform teams … GCP environments using CSPM/CNAPP controls, guardrails, and baselines; guide secure patterns for serverless, containers/Kubernetes, and secrets management. Support system administration, configuration, and maintenance for the AppSec/CloudSec/WAF toolset (identity/roles, agent health, connectors, backups, upgrades, and DR testing). Evaluate security tools on an ongoing basis, to ensure we are leveraging More ❯

identify and draw attention to opportunities for enhancing our delivery and providing additional services to organisations we work with. We are seeking a highly motivated and experienced Lead Software Security Engineer to join our team. You will have a strong background in software development, security, and operations. This role is required to support the Digital Product Management team … in embedding security requirements and best practices into new Digital Products and Services. You will work closely with the Digital Product Management and IT Security teams to establish and build the right security controls and quality state gates across the product lifecycle. This includes security tooling to manage these controls. In this busy and rewarding role … you'll also: Collaborate with software development teams to integrate security into the development lifecycle Own the cultural shift to a Security DevSecOps mindset Manage & implement security controls, tools, and processes to secure applications and infrastructure Monitor and respond to security incidents and threats in a timely manner Stay up-to-date with security trends More ❯

Software & Application Security Lead Permanent | Hybrid (UK - a few visits per month) | Up to £84,000 We're partnered with a modern, forward-thinking professional services firm that's putting security at the heart of everything they build. As part of their growing technology function, they're looking for a Software & Application Security Lead to … take the lead in shaping how security is embedded into every stage of their digital product journey. This is a role with real influence - you'll help define the software security strategy, guide engineers on best practice, and ensure the products they deliver are secure by design. You'll work closely with developers, architects, and business stakeholders to … create an environment where secure coding and proactive risk management come naturally. What you'll be doing You'll play a leading role in driving a security-first culture across agile product teams, defining and delivering a clear application security strategy that aligns with business goals. Working hand-in-hand with developers, you'll weave security More ❯

Software & Application Security Lead Permanent | Hybrid (UK - a few visits per month) | Up to £84,000 We're partnered with a modern, forward-thinking professional services firm that's putting security at the heart of everything they build. As part of their growing technology function, they're looking for a Software & Application Security Lead to … take the lead in shaping how security is embedded into every stage of their digital product journey. This is a role with real influence - you'll help define the software security strategy, guide engineers on best practice, and ensure the products they deliver are secure by design. You'll work closely with developers, architects, and business stakeholders to … create an environment where secure coding and proactive risk management come naturally. What you'll be doing You'll play a leading role in driving a security-first culture across agile product teams, defining and delivering a clear application security strategy that aligns with business goals. Working hand-in-hand with developers, you'll weave security More ❯

Forest Labs is a cutting-edge startup pioneering generative image and video models. Our team, which invented Stable Diffusion, Stable Video Diffusion, and FLUX.1, is currently seeking a strong security and compliance to work closely with our team in building and implementing world class security and ensuring regulatory compliance across the business. The Role: Own and evolve the … company-wide security strategy across infrastructure, application, and corporate environments Lead our global compliance programs (e.g., ISO 27001, SOC 2) ensuring we meet regulatory and customer trust requirements. Build and maintain relationships with auditors, ensuring smooth audit processes Address AI-specific compliance requirements around data usage, model governance Build a comprehensive security program that scales with our … trails for sensitive training data and model weights Manage and scale our IT function, ensuring a secure, efficient, and user friendly digital workplace. Establish and maintain risk & governance structures, security policies, and incident response procedures. Design and implement security controls for large scale Kubernetes environments hosting training and inference workloads Lead internal risk assessments and external audits, and More ❯

the impregnability of the clients critical digital assets. This includes securing public-facing portals, safeguarding the vital infrastructure links between Aramco and Saudi government projects, and developing a proactive security posture that anticipates future threats. You are not just a manager; you are a player-coach and a strategic thinker. We are looking for someone currently in a Team … Responsibilities: Practice Leadership: Define the strategic vision, methodologies, and service offerings for our cybersecurity vertical. Hands-On Technical Delivery: Lead the architecture, design, and hands-on implementation of robust security solutions for critical systems. This includes application security, network security, and infrastructure hardening. Client Liaison: Act as a trusted security advisor to our key stakeholders … of experience in cybersecurity, with at least 2+ years in a Team Lead or Manager capacity. You possess deep, hands-on expertise in areas like Application Security (AppSec), Cloud Security, and DevSecOps. You have experience with security frameworks (NIST, ISO 27001) and a proven track record of securing large-scale, high-availability systems. You are adept More ❯

We are the security engineering team, skilled in cybersecurity, cloud security, application security, and regulatory compliance. Our global distribution allows us to leverage unique experiences and skillsets to build and operate security services that safeguard our platform. We prioritize a proactive approach to prevent security issues and stay ahead of potential threats, ensuring the … continuous protection of our services. The Security Engineer is responsible for designing and implementing robust security frameworks to protect our software and infrastructure. This role involves conducting regular security assessments, including Cloud, Kubernetes, and our Products, to identify and address vulnerabilities. Additionally, the engineer will assist in vulnerability management programs ensuring that all AWS cloud infrastructure meets … the highest security standards. In This Role, You'll Respond to security tickets promptly and professionally, including incident handling, triage, investigation, and collaboration with other teams for resolution. Serve as the point-of-contact for internal user security questions, providing guidance on security policies, tools, and best practices. Design, implement, and improve operational security processes More ❯

cloud and on-premises environments. This position's architecture focus is on securing multi-cloud infrastructure and services and on-premises infrastructure. Peer cybersecurity architects will be focused on application security, software as a service (SaaS), and network security. This role will use their deep cybersecurity knowledge in the designing and building of secure infrastructure and services in … adopted and implemented by engineering teams. Contribute to the development of non-cyber architecture-related governance patterns, policies, and standards. Provides complex analysis of potential risks to information systems' security and recommends innovative solutions. Work with cross-functional technical, development and delivery teams to ensure the application of smooth, efficient and scalable release processes. Engage with business teams … and engineering teams to define cybersecurity guardrails that promote efficient and seamless adoption of secure design patterns. Participate in security events and incident response to identify gaps in current design and propose solutions to prevent threats from reoccurring. Research and evaluate emerging security trends, threats, and technologies, and recommend appropriate solutions and enhancements. Collaborate with data users, software More ❯

A leading fintech company is seeking a Lead AppSec Engineer to join their established team. Youll be instrumental in embedding security into every stage of the software development lifecycleguiding engineers, shaping best practices, and driving secure, scalable solutions across our platform. Key Responsibilities: Security Advisory : Serve as the go-to expert for application security across engineering … teamsproviding hands-on guidance, resolving concerns, and fostering a security-first mindset. DevSecOps Enablement : Promote and implement secure development practices across CI/CD pipelines, secrets and key management, dependency management, and secure design. Vulnerability Management : Lead vulnerability remediation effortstriaging findings, prioritizing risks, and partnering with teams to deliver effective, pragmatic fixes. Tooling & Automation : Integrate security tools (e.g. … SAST, DAST, SCA, secrets scanning) into developer workflows, ensuring automation is both scalable and developer-friendly. Cloud Security Collaboration : Work alongside infrastructure teams to ensure secure configuration of AWS and Azure environments, with a focus on IAM, network security, encryption, and observability. Architecture & Design Reviews : Provide input and recommendations to ensure new services and features are secure by More ❯

Software Engineer - Security Product Engineering Job ID: R19464 Location: London - The River Building HQ Type: Permanent Ready to apply? Get started with your online application. Not quite your dream role? Sign up to get notified when the right vacancy comes along. Why Deliveroo Our mission is to transform the way you shop and eat, bringing the neighbourhood to your … of a rapidly expanding industry. As a small team making a large impact, we value autonomy, ownership, and new ideas. We are looking for a Software Engineer within the Security Product Engineering team to design, develop, and support security products, including custom access tooling (PAM), authentication solutions supporting millions of users, and more. Reporting to the Head of … Security Architecture & Engineering, this hands-on role will influence the security posture across the company, ensuring security is integrated into all projects. What you'll do: Work with cloud platforms (AWS, Azure, GCP), CI/CD pipelines, containerisation (Docker, Kubernetes), and infrastructure-as-code. Design, develop, and implement scalable, reliable, and maintainable software systems, features, and APIs. More ❯

Strong experience in building secure web and mobile apps Experience with Security architecture, Application Security assessments, penetration testing, vulnerability assessment, Secure SDLC, and Static code reviews Certified Secure Software Lifecycle Professional (CSSLP) (desirable) Responsibilities: - Design, develop, and implement security frameworks and solutions to safeguard company's assets and infrastructure. - Conduct regular security audits and risk … assessments to identify and address potential vulnerabilities. - Develop and maintain security policies and procedures in accordance with industry standards. - Configure and manage security tools, such as firewalls, intrusion detection systems, and encryption technologies. - Monitor network traffic and system logs for suspicious activity and respond to security incidents in a timely manner. - Stay updated on the latest security threats and trends to anticipate potential risks and adapt security strategies accordingly. - Collaborate with IT teams to ensure that security measures are integrated into all aspects of technology development and implementation. - Conduct employee training programs to promote awareness of security best practices and protocols. Requirements: - Bachelor's degree in Computer Science, Information Technology, or a related More ❯

About the role: Join Our Team at Holland & Barrett! Are you passionate about cloud security and looking to make a significant impact? Holland & Barrett is seeking a Cloud Security Specialist to help us define and implement our cloud security strategy. If you're an experienced professional eager to work with cutting-edge technology and collaborate with diverse … teams, we want to hear from you! Key Responsibilities: Security Strategy: Help define and execute the Holland & Barrett cloud security strategy, partnering with platform and Site Reliability Engineering (SRE) teams to build robust infrastructure that supports our business. Perimeter Security: Establish platform perimeter security by implementing controls at ingress and egress points, including creating and maintaining … an edge network with a Web Application Firewall (WAF), Distributed Denial of Service (DDoS) protection, and a Content Delivery Network (CDN). Access Control: Establish an access control baseline focusing on the principle of least privilege and segregation of duties. Monitor and enforce these controls once roles and permissions are set. Security Controls: Design, implement, and maintain security More ❯

For further details please visit Purpose of Position The Senior SecOps Engineer's primary responsibility is to provide Pantheon with in depth technical expertise working in Pantheon's IT Security Team. The Senior SecOps Engineer will also participate in technical research and development to enable continuing innovation within the IT security landscape at Pantheon. The role incumbent must … also be required to provide directed support and service for other Pantheon offices around the world. Key Responsibilities Governance – ensure all solutions are implemented in accordance with Pantheon's security best practice. Adhere to applicable regulatory and compliance related operating requirements. Work with systems development and external suppliers to resolve often highly technical or contentious security issues and … conflicts to ensure that projects and work packages are delivered on time and within budget. Actively review, monitor and improve network and cloud infrastructure security, undertake a regular programme of self-audit and base lining by utilising the appropriate tools and in conjunction with formal audits as conducted by both internal audit and external audit & penetration testers. Ensure changes More ❯

DevSecOps Engineer Permanent | UK (Hybrid - a few times per month) | Up to £84k We're partnering with a respected, forward-thinking professional services firm that's serious about embedding security into every corner of its digital transformation journey. This is a pivotal hire within their growing tech function - they're after a DevSecOps Engineer (or Lead Software Security … that genuinely backs its people. They've built a collaborative, agile culture where innovation is encouraged and development is a priority. If you're someone who thrives on moving security left, guiding engineering teams with clarity, and making a real impact - this is your kind of role. What you'll be doing: You'll lead the charge in shifting … the culture towards DevSecOps across multiple product teams, embedding security from the ground up. That means defining and rolling out a product security strategy that aligns with business goals, working closely with developers to automate and streamline security testing, and supporting pen test activity with smart, secure remediation. You'll be the go-to expert on application More ❯

DevSecOps Engineer Permanent | UK (Hybrid - a few times per month) | Up to £84k We're partnering with a respected, forward-thinking professional services firm that's serious about embedding security into every corner of its digital transformation journey. This is a pivotal hire within their growing tech function - they're after a DevSecOps Engineer (or Lead Software Security … that genuinely backs its people. They've built a collaborative, agile culture where innovation is encouraged and development is a priority. If you're someone who thrives on moving security left, guiding engineering teams with clarity, and making a real impact - this is your kind of role. What you'll be doing: You'll lead the charge in shifting … the culture towards DevSecOps across multiple product teams, embedding security from the ground up. That means defining and rolling out a product security strategy that aligns with business goals, working closely with developers to automate and streamline security testing, and supporting pen test activity with smart, secure remediation. You'll be the go-to expert on application More ❯

17th, 2025Apply Now WAF Specialist/Engineer London- Contract- Hybrid (3 days from WFO)This is a hands-on, high-impact position where you'll combine your expertise in security operations, web application security, and WAF engineering to craft custom rules, analyze traffic, reduce false positives, and uplift our overall security posture . What You'll … DoDesign and implement custom WAF rules and configurations to close security gaps.Conduct log analysis and efficacy testing , identifying and mitigating false positives.Support WAF PoCs, DevSecOps pipelines, and automation for scalable testing.Act as an SME for web & API attack methodologies , evasions, and mitigations.Collaborate with security, DevOps, and engineering teams to ensure seamless WAF integration.Stay ahead of … emerging web security threats and trends to continuously improve defenses. What We're Looking ForStrong experience in WAF management, tuning, and engineering .Hands-on background in SOC, CSIRT, AppSec, or Ethical Hacking .Skilled in log analysis (e.g., Splunk, Wireshark, or scripting for traffic analysis).Experience with at least three major WAF vendors (Akamai, F5, AWS, GCP, etc.).Ability to More ❯

Director in Unit 42 is a senior-level consulting position. The individual will be responsible for the day to day delivery of our threat-led and technology driven cyber security consulting services through leading and directly overseeing a team of Consultants. This person will have experience in developing teams and working with sales and domain leaders. The Consulting Director … and Customer Success Manager (CSM) to deliver pitches and prepare proposals to win new business and manage client relationships. We are seeking an individual who is passionate about cyber security and making a difference. You will be a continuous learner and have a sound knowledge of emerging cybersecurity trends and technologies. The individual serves as a trusted advisor to … cross-sector clients. Your Impact Oversee the delivery of our proactive consulting services, ensuring their consistency, quality and highest level of customer service Provide hands-on, expert-level proactive Security Operations Center (SOC) assessment and transformation services to clients and deliver findings to CxO and/or Board of Directors Work with the BDM and CSM to perform pipeline More ❯

Director in Unit 42 is a senior-level consulting position. The individual will be responsible for the day to day delivery of our threat-led and technology driven cyber security consulting services through leading and directly overseeing a team of Consultants. This person will have experience in developing teams and working with sales and domain leaders. The Consulting Director … and Customer Success Manager (CSM) to deliver pitches and prepare proposals to win new business and manage client relationships. We are seeking an individual who is passionate about cyber security and making a difference. You will be a continuous learner and have a sound knowledge of emerging cybersecurity trends and technologies. The individual serves as a trusted advisor to … cross-sector clients. Your Impact Oversee the delivery of our proactive consulting services, ensuring their consistency, quality and highest level of customer service Provide hands-on, expert-level proactive Security Operations Center (SOC) assessment and transformation services to clients and deliver findings to CxO and/or Board of Directors Work with the BDM and CSM to perform pipeline More ❯