Back to search
Secure Source Linkedin · Posted 20d ago

Application Security Specialist

United Kingdom

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

The Application Security Specialist exists to embed application security expertise across Europe’s products and services, supporting the Secure Development Practice and enabling a consistent ‘shift-left’ approach. The role is accountable for advancing application security capability, leading security reviews on higher-risk systems, and ensuring secure development practices are adopted across engineering teams. The post holder will act as a technical authority on application security, helping reduce vulnerability risk and improve security outcomes across both internal IT systems and customer-facing solutions.

Application security capability development (CoE contribution)


  • Contribute to establishing and operating a pan-European application security capability within the Secure Development CoE.
  • Build and maintain a network of application security practitioners across development teams.
  • Develop an understanding of current application security maturity, tooling and practices across Europe.
  • Define and promote consistent application security methodologies, patterns and practices.
  • Contribute to CoE forums, standards discussions and knowledge sharing across teams.


Application security reviews and assurance


  • Lead application security reviews for high-risk products and services.
  • Coordinate with Product Security Development Specialists to define scope, coverage and prioritisation.
  • Conduct and oversee:
  • static application security testing (SAST)
  • dynamic testing (DAST)
  • fuzz testing where appropriate
  • API and interface security reviews
  • architecture and design-level assessments
  • assessment against OWASP Top 10 and other relevant standards
  • Interpret findings and translate them into actionable remediation plans.
  • Provide secure design guidance during early development stages.


Secure development standards and guidance


  • Support the development and maintenance of secure coding standards across key languages such as C, C++, Java and other relevant stacks.
  • Contribute to application security policies and supporting technical documentation.
  • Provide practical guidance to developers on secure coding and remediation approaches.
  • Align standards with recognised frameworks such as OWASP and relevant secure development frameworks.






Developer enablement and training


  • Deliver and coordinate application security training for development teams.
  • Introduce internal or external specialised training content.
  • Support secure coding awareness, hands-on workshops and threat-focused learning.
  • Act as a point of contact for development teams needing security guidance.


Security culture and shift-left adoption


  • Promote a security-first mindset within engineering and product teams.
  • Embed security considerations into design, development and deployment processes.
  • Support early-stage security engagement in development lifecycles.
  • Champion pragmatic and developer-friendly security practices.


Threat and vulnerability management (product focus)


  • Support the threat and vulnerability management process across product and service lines.
  • Assist in triaging, prioritising and managing application-level vulnerabilities.
  • Provide technical input into remediation planning and risk decisions.
  • Identify recurring issues and systemic weaknesses in development practices.


CI/CD security integration and tooling


  • Design and support secure CI/CD pipeline patterns.
  • Identify, evaluate and help implement appropriate security tooling across development pipelines.
  • Integrate SAST, DAST, SCA and other application security tools into build and release processes.
  • Support automation of security controls and checks within development workflows.


Secure AI development support


  • Contribute to the development of secure practices for AI-enabled applications.
  • Support emerging controls and patterns related to AI model security, data handling and misuse risks.
  • Assist teams in embedding security into AI and data-driven development processes.


Continuous improvement

  • Monitor application security trends, vulnerabilities and emerging threats.
  • Recommend improvements to processes, tooling and developer practices.
  • Contribute to maturity improvement of the Secure Development Practice.


Task level

  • Conducting application security scans and manual reviews
  • Supporting remediation of vulnerabilities
  • Producing technical findings and guidance
  • Delivering training and guidance sessions


Process and policy level

  • Designing and embedding application security processes in SDLC
  • Developing secure coding standards and review frameworks
  • Implementing security controls into CI/CD pipelines


Theoretical and cross-disciplinary level

  • Applying secure development frameworks such as SSDF
  • Understanding application, infrastructure and data security interactions
  • Translating security theory into practical secure development practices
  • Operating across software engineering, cyber security and risk domains

Technical Skills required


  • Strong knowledge of application security principles and practices
  • Experience with SAST, DAST and software composition analysis tools
  • Knowledge of secure coding practices across languages such as Java, C, C++
  • Experience with CI/CD pipelines and DevSecOps integration
  • Threat modelling techniques and tools
  • Understanding of OWASP Top 10 and common vulnerability classes
  • Experience with API security and web application security
  • Understanding of fuzz testing and advanced testing techniques
  • Familiarity with secure AI development considerations
  • Knowledge of secure development frameworks such as SSDF
  • Understanding of vulnerability management processes


Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent