Senior Application Security Engineer

Senior Application Security Engineer

🚀 We’re on a mission to make: The most successful insurance disruptor people want to stay with for life

Are you ready to transform the insurance industry with innovative technology? At Policy Expert, we are on a mission to revolutionize Home, Pet, and Motor insurance, making it clear, fair, and great value for customers. Since our inception in 2011, our breakthrough thinking and proprietary tech, have won us over 1.5 million customers and the title of the UK’s No.1-rated home insurance provider for 9 years. 🏆

Hear from our team about what it's like working at Policy Expert ✨

About Us

Our ambition is to be the most successful insurance disruptor that customers want to stay with for life. With double-digit growth 📈 and a commitment to customer-centric solutions, we are challenging the norms of an industry known for low trust and high switching rates. Our goal is to build deeper relationships with our customers, transforming insurance from a costly necessity to a valued support system.

In 2023, we were honoured with an Outstanding 2-star accreditation ⭐⭐ and ranked among the Top 100 Best Large Companies to Work for by Best Companies.

About our Engineering Team:

We have around 120 engineers out of roughly 600 people in total - and we have big ambitions. There are many interesting challenges ahead. We are seeking a skilled Application and API Security Specialist to join our team. In this role, you will be responsible for enhancing the security of our web applications and APIs, driving the ASPM function, and embedding security within the development lifecycle. You will work closely with development teams to integrate security practices into the planning, design, and deployment phases, ensuring our applications are secure and resilient against threats.

Your day-to-day

• Lead the application and API security initiatives, ensuring robust protection mechanisms are in place.
• Own and drive the Application Security Posture Management (ASPM) function.
• Integrate security within the plan/design phase through threat modelling, code and architecture reviews, and by defining secure coding standards, libraries, and best practices.
• Configure and manage AppSec tooling, including writing custom security rules for the CI/CD pipeline.
• Collaborate with cross-functional teams to drive security improvements and embed a security-first mindset across the organisation.

Our Tech Stack:

We rely heavily on the following tools and technologies:

• Java to write our application code
• Python for scripts to automate tasks
• Dynamo / Postgres / MySQL / Aurora / S3for most persistent data storage
• SNS/SQS for our event-driven architecture
• Fargateand Docker to schedule and run our services
• AWS for most of our infrastructure
• React for client face
• NodeJSfor serverless / middleware applications
• GraphQL/ RESTfor client API’s
• GitHub Actions for our CI/CD
• Micro services/ micro frontends our architecture
• Feature flags / canary releases for incremental delivery
• Cycode ASPM for static application security scans
• ZAP for dynamic application security scans

You should apply if:

• Proven experience with web application and API security.
• Proficiency with DevSecOps and SDLC tooling, including SAST, DAST, SCA, and ASPM.
• Hands-on experience with IAM solutions such as Auth0, or AWS Cognito
• Strong background in threat modelling and vulnerability management.
• Familiarity with AWS, cloud computing concepts, and cloud security best practices.

Bonus points if:

• Experience running a security champion program.
• Knowledge of security incident management and response.
• Relevant certifications such as OSCP, OSWP, CISSP, or similar.

Interview Process:

1. 15 minute Chat with someone from our Internal Talent Team
2. 1 Hour Technical Interview with our Lead Security Engineer
3. 30 mins Culture fit interview with Tech Principal of Platform Engineering

What’s in it for you:

📍 This role will be based in our London office in a Hybrid mode.

⏰ We offer flexible working hours and trust you to work enough hours to do your job well, at times that suit you and your team.

📚 Learning budget of £1,000 a year for books, training courses and conferences.

🏥 Private medical cover with Vitality.

😁 Dental Insurance.

🚉 Travel season ticket loan.

🎉 Social events throughout the year.

🎟️ Access to selected London O2 events and use of a Private Lounge.

🌈 Employee Wellbeing Programme.

Equal opportunities for everyone

Diversity and inclusion are a priority for us and we’re making sure we have lots of support for all of our people to grow at Policy Expert. At Policy Expert, we’re embracing diversity by fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone. You can read more in our website, 2023 Gender Pay Gap Report.

We’re an equal opportunity employer. All applicants will be considered for employment without attention to age, ethnicity, religion, sex, sexual orientation, gender identity, family or parental status, national origin, or veteran, neurodiversity or disability status.