Application Security Engineer

The opportunity

We are seeking an accomplished Application Security Engineer to join the Information Security team at Shieldpay. You will take a lead role in upholding the security of Shieldpay’s products, from early stages in their design to completion and go-live_._

We are an ambitious company, processing funds in excess of £30 Billion, with global partners trusting us to securely deliver monies to the right people at the right time.

As a result, we are looking for an individual with a natural curiosity for understanding how something works with a view to making continuous security improvements part of the company landscape.

You will be key in designing and helping to implement technical architecture for new opportunities, ensuring security is built into every step of the application lifecycle and ensuring a ‘security first’ approach.

What you’ll be doing

• You will serve as the subject matter expert, providing technical expertise and guidance to Shieldpay developers in the secure development of their products.
• Utilise SAST, DAST, and SCA within the development pipeline and collaborate with the engineering team to investigate, re-test, and resolve identified vulnerabilities.
• Conduct internal and external penetration testing and partner with external experts to proactively uncover potential security threats.
• Lead architectural reviews and threat modelling to embed security requirements into product designs.
• Own the secure software development lifecycle and represent application security in ISO 27001 audits, ensuring alignment and compliance with the standard.
• Contribute towards the broader company technical strategy, to guide it in a more secure direction from a development perspective.
• Regularly evaluate and report on the effectiveness of existing security controls as part of the RCSA process.
• Contribute to the wider security team and assist with incident response, monitoring, and routine security operations tasks.
• Work with the rest of the organisation to build security into everyday functions prioritising a culture of security best practices over barriers.

What we’re looking for in you

• Strong knowledge of secure coding practices and familiarity with security frameworks such as OWASP, BSIMM, or SAMM.
• Experience with SAST, DAST, and SCA security tooling and the ability to interpret and address their findings.
• Proficiency in conducting penetration testing and vulnerability assessments, both manually and with automated tools.
• Solid understanding of software development methodologies and experience working with development teams to integrate security practices into the SDLC.
• Experience in an Application Security, Penetration Testing, or similar role.
• Strong communication skills and ability to build effective relationships with engineering teams.
• As we are dedicated to fostering an inclusive environment where every individual is valued, respected, and empowered to use their voice, we’ll expect you to demonstrate a likeminded approach to how you communicate and collaborate with others.
• We don’t like old fashioned corporate hierarchy. Instead, we like to empower our people and be autonomous in their role. You should be adaptable and thrive in a fast paced, dynamic environment.
• We're building a vibrant community full of the best people the fintech world has to offer. You should be enthusiastic about our industry and able tap into your experience and expertise to help take Shieldpay to the next level.

If possible, we'd also love you to have

• A natural enthusiasm for all things application security.
• Experience with threat modelling and security architecture reviews to identify and mitigate risks in product designs.
• Familiarity with implementing ISO 27001 within software development environments.
• Experience with AWS and GCP cloud security services, including WAF, API gateways, key management services, and secret managers.
• Relevant certifications in security engineering or the general information security space, e.g. one or any of OSCP, OSWE, GPEN, GWAPT, GMOB, CRT, PenTest+

Our promise

Shieldpay is an equal opportunities employer. For Shieldpay building a fair and transparent workforce begins with the recruitment process that does not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.