Senior Application Security Engineer

Job Description

Policy Expert is seeking a Senior Application Security Engineer to join their DevSecOps team in London. This role is crucial for ensuring the security of applications and APIs, driving security improvements, and embedding a security-first mindset across the organization. The position is based in Policy Expert's London office with a 50/50 hybrid work arrangement.Role involves:

• Leading application and API security initiatives.
• Owning and driving the Application Security Posture Management (ASPM) function.
• Integrating security within the plan/design phase through threat modelling and code reviews.
• Configuring and managing security tooling such as ASPM, CSPM, IAM/PAM, and WAF.
• Collaborating with cross-functional teams to drive security improvements.
• Participating in first responder rota for security queries and alerts.
• Performing and supporting internal pentesting efforts.

Requirements:

• Proven experience delivering web application and API security improvements.
• Proficiency with DevSecOps and SDLC tooling, including SAST, DAST, SCA, ASPM, and CSPM.
• Hands-on experience with IAM solutions such as Auth0 or AWS Cognito.
• Strong background in threat modelling and vulnerability management.
• Strong background in AWS, cloud computing concepts, and cloud security best practices.

Role offers:

• Pension contributions match up to 7%.
• Private medical & dental cover.
• Learning budget of £1,000 a year + study leave.
• Enhanced maternity & paternity.
• Travel season ticket loan.
• Access to London O2 events and a private lounge.
• Employee Wellbeing Programme.
• Prayer room in the office.