Senior Application Security Engineer – Contract (6 Months) | London - Hybrid

We are working with a leading financial services organisation who are seeking a Senior Application Security Engineer for a 6-month contract based in London.

You will help shape and evolve the organisation’s application security strategy.

Role Overview

You will be responsible for driving the vision and execution of the application security programme across the software development lifecycle.

A key part of the role will involve leveraging offensive security insights (including penetration testing and red team methodologies) to improve secure design, testing coverage, and remediation prioritisation.

Key Responsibilities

• Lead and evolve the organisation’s application security strategy across engineering teams
• Embed security into CI/CD pipelines and developer workflows (e.g. GitHub-based environments)
• Design and build secure-by-default platforms and automation to reduce friction in delivery
• Integrate and enhance security tooling (SAST, DAST, SCA, API security, IaC scanning)
• Translate penetration testing and red team findings into actionable engineering improvements
• Partner with engineering teams to improve secure design, vulnerability remediation, and testing coverage
• Build or integrate AI-enabled security workflows to improve automation, signal quality, and developer productivity
• Support secure software development practices across large-scale distributed systems
• Design and develop internal security tooling, libraries, and services that integrate seamlessly into engineering workflows
• Build and maintain CI/CD extensions, GitHub integrations, and developer-facing automation that reduce manual security effort
• Create reusable components, templates, and reference implementations that enable secure-by-default application patterns
• Contribute production-quality code in languages commonly used across the organisation (e.g. Python, Go, JavaScript, PHP, or C#)
• Partner with platform and DevOps teams

Key Requirements

• Software engineering background with experience building production-grade systems
• Experience designing APIs, services, or internal platforms used by engineers
• Integrating tools into CI/CD pipelines (e.g. GitHub, GitLab, Jenkins)
• Strong understanding of application security principles and OWASP Top 10 vulnerabilities
• Experience with security testing tools (SAST, DAST, SCA, API testing, IaC scanning)
• Solid understanding of penetration testing and red team methodologies (attack chains, exploitation paths, privilege escalation, etc.)
• Experience working with penetration testers/red teams, including scoping, validating findings, and driving remediation
• Exposure to AI-assisted tooling for security, developer productivity, or automation use cases
• Strong collaborative skills working with engineers, architects, and security stakeholders
• Experience in software engineering, application security, or closely related fields
• Prior experience in highly regulated environments (financial services, healthcare, or similar) preferred
• Security or engineering certifications (e.g. OSWE, GWAPT, CSSLP) are a plus