Our client is a fast-growing technology organisation with a strong focus on building secure, scalable, and cloud-native digital products. As part of its continued investment in cybersecurity, the company is strengthening its application and product security capabilities.
About the RoleAs a Security Engineer, you will play a key role in enhancing product and application security by embedding best-practice cybersecurity controls across the development lifecycle. You will work closely with engineering and cloud teams to drive “shift-left” security initiatives, ensuring risks are identified and mitigated early in the development process.
Key ResponsibilitiesStrengthen security across products and applications by applying industry best practices and continuously improving security design
Drive “shift-left” initiatives by integrating automated security controls into the software development lifecycle and infrastructure
Collaborate with engineering and cloud teams to promote secure coding practices and embed security into development workflows
Support the integration of AI-driven approaches into development pipelines for threat modelling and security automation
Conduct secure design reviews to identify risks, attack surfaces, and mitigation strategies aligned with industry standards (e.g., OWASP, SANS)
Contribute to the development and maintenance of tools for secure code reviews and vulnerability remediation
Support vulnerability management efforts, including prioritisation and coordination with engineering teams for remediation
Assist in security audits and compliance initiatives (e.g., ISO 27001, SOC 2), including control implementation and evidence gathering
Support incident analysis and collaborate with SOC teams during investigations and response activities
Manage and respond to operational security requests in line with defined SLAs
Experience in Application Security, Secure Software Development, or related domains, ideally within a cloud-native or SaaS environment
Strong understanding of OWASP Top 10, secure coding practices, vulnerability management, and common web/mobile security risks
Familiarity with modern web technologies, cloud environments, and Infrastructure-as-Code (IaC)
Proficiency in at least one programming or scripting language (e.g., Python, Terraform)
Experience securing web and/or mobile applications (iOS/Android) using static and dynamic analysis techniques
Hands-on experience with modern application stacks, cloud-native environments, and security tooling
Understanding of threat modelling, secure code review practices, and attacker methodologies
Strong collaboration skills with the ability to work cross-functionally with engineering and product teams
Proactive, detail-oriented, and eager to learn with a strong security-first mindset
