Senior Application Security Engineer

A leading organisation is seeking a Senior Application Security Engineer to strengthen application security across modern development environments, ensuring vulnerabilities are identified and mitigated throughout the software development lifecycle.

This role sits at the intersection of engineering, DevOps, and security, driving secure coding practices and improving overall application security posture.

Key Responsibilities:

• Perform security testing across web, API, and thick client applications
• Conduct secure code reviews across multiple programming languages
• Identify and validate vulnerabilities including OWASP Top 10 and business logic flaws
• Assess API security, authentication, and authorization mechanisms
• Evaluate container security across Docker and Kubernetes environments
• Support vulnerability management, remediation tracking, and validation
• Conduct threat modelling and participate in design reviews
• Collaborate closely with development and DevOps teams to embed security into SDLC

Requirements:

• Strong hands-on experience in application security testing and code review
• Experience with SAST, DAST, SCA and security testing tools (e.g. Fortify, Checkmarx, Burp Suite, Snyk)
• Knowledge of OWASP Top 10, ASVS, and secure coding practices
• Experience with API security (OAuth, JWT, SAML)
• Exposure to container security and microservices environments
• Strong understanding of vulnerability management processes
• Certifications such as OSWE, GWAPT, CEH or similar preferred

Salt is acting as an Employment Business in relation to this vacancy.