Contact Us
Book a Demo

Application Security Lead

We are seeking an Application Security Lead to take our existing Secure-SDLC to the next level, with a clear focus on improving how we design, build, test, and execute.
You’ll work closely with product and engineering teams to embed stronger security practices into application architecture and delivery, lead threat modelling, and turn risks into clear, implementable requirements and controls.
Using OWASP ASVS (and related guidance) as the baseline, you’ll help teams consistently verify security outcomes through practical validation, coaching, clear standards, and an enablement first approach.

Contact Us

Key Responsibilities

Secure SDLC (SSDLC) Enablement

  • Embed security controls into the SDLC from design through to deployment (requirements, architecture, implementation, verification, and release).
  • Partner with engineering teams to implement practical secure design patterns.
  • Define and maintain security requirements and acceptance criteria within the development process, including a security focused “Definition of Done”.
  • Support release processes including risk-based sign-off, exception handling, and remediation planning.

 

Threat Modelling and Secure Architecture

  • Facilitate threat modelling workshops and produce clear, actionable outputs, including data flow diagrams, trust boundaries, misuse cases, risk ratings, and agreed mitigations.
  • Provide hands-on architecture review and guidance for product new services, features, and integrations.

 

Security Standards and Verification

  • Apply OWASP ASVS as the primary application security requirements baseline, mapping ASVS controls into engineering deliverables and test evidence.
  • Define verification approaches using a blend of manual review, automated testing, and security tooling.
  • Drive secure coding practices and provide actionable feedback through design reviews, and targeted engineer coaching.

 

Required Skills & Experience

  • Proven senior Application Security experience (minimum 5 years), supporting engineering teams in a hands-on capacity.
  • Strong experience conducting threat modelling and driving mitigations through to implementation.
  • Demonstrable experience supporting and operating within a Secure SDLC.
  • Mandatory practical,  industry experience using OWASP ASVS to define secure development requirements and verify implementations.
  • Expert knowledge of common application security risks and mitigations. 
  • Ability to translate security requirements into pragmatic engineering guidance and communicate effectively with engineers.
  • Experience with cloud security (AWS/Azure/GCP), Kubernetes/container security, and IAM patterns.

 

Optional / Desired Experience

  • Familiarity with relevant standards and guidance such as:
    • NIST SSDF (SP 800-218) or equivalent SSDLC frameworks.
    • CWE/SANS Top 25.
    • ISO/IEC 27001 control alignment.

 

Key Attributes

  • Strong written documentation skills, producing clear architecture and security guidance, threat models, and requirements that engineers can easily implement.
  • Pragmatic and collaborative, balancing delivery pace with sensible risk reduction.
  • Strong triage mindset, prioritising security work by impact, exploitability, and exposure.
  • Comfortable working across teams to influence delivery, acting as a security enabler rather than a blocking gate.

Get in Touch

Logo 1 Logo 8 Logo 7 Logo 6 Logo 5 Logo 4 Logo 3 0 1 Member Badges CB Alumni 1 mark of trust certified ISOIEC 27001 information security management black logo En GB 1019 1 2 PICCASO FINALIST SIGNATURE image 17 Logo 1 Logo 8 Logo 7 Logo 6 Logo 5 Logo 4 Logo 3 0 1 Member Badges CB Alumni 1 mark of trust certified ISOIEC 27001 information security management black logo En GB 1019 1 2 PICCASO FINALIST SIGNATURE image 17
Contact Us
Book a Demo