Title: Application Security Engineer

Work Model: Hybrid/Remote

My client is a NASDAQ-listed cryptocurrency exchange business that is fast becoming a global brand with offices across Europe, the US, and Asia. They are actively searching for an Application Security Engineer to join their expanding team.

The Role:

Security is baked into everything they do – from the design of new features, through the development process, to conducting security testing of the systems. Security is never an afterthought, nor treated as a box-ticking exercise.

This role spans both red- and blue-team skills, giving you a holistic view of end-to-end security, the ability to make meaningful contributions to all aspects of the systems and processes, and the scope to gain practical experience across all areas of security.

My client encourages a sustainable work/life balance and supports remote working.

Key Responsibilities:

• Help the development team follow good security practices and standards

• Perform threat modelling and provide security guidance during the design of new features

• Conduct internal red-team exercises, such as web application penetration tests and breakout tests

• Perform static code analysis, both manual and automated

• Maintain up-to-date understanding of the latest threats, vulnerabilities, mitigations, and best practices

• Ensure continuous improvement of security processes and tools

Key Requirements:

• Professional experience in security engineering or web application penetration testing

• Practical understanding of OWASP Top10, OWASP ASVS

• Some familiarity with programming preferred, especially Python or Java

• Some experience with static code analysis (e.g. Semgrep) would be helpful

• Any security certifications will be a plus