Senior Product Security Engineer developing security solutions for cloud and CI/CD platforms. Focusing on implementing security controls and mitigating systemic risks in multi - cloud environments.
About the role
- Application Security Engineer embedding secure development practices across the software delivery lifecycle at IFX Payments. Ensuring integration of security into CI/CD pipelines and driving improvement in application security posture.
Responsibilities
- Embed security controls into CI/CD pipelines and development workflows.
- Implement and manage SAST, DAST, and SCA tools to detect vulnerabilities early in the lifecycle.
- Conduct secure code reviews and support developers in remediating findings.
- Lead threat modelling sessions using standard methodologies to identify design flaws.
- Review application architectures to ensure alignment with security objectives and mitigation of common threats.
- Maintain and update reference architectures based on threat modelling insights.
- Deploy and manage application security tools and integrate them with existing platforms.
- Automate security tasks using scripting (e.g., Python, PowerShell) or SOAR platforms.
- Ensure alignment with ISO 27001, FCA, and NIST standards.
- Contribute to audit readiness and support compliance automation platforms such as Drata.
- Work with engineering teams to promote secure coding practices.
- Support the rollout of role-based security training and awareness initiatives.
- Act as a security champion within development squads and mentor junior engineers.
Requirements
- Broad experience in application security or secure software development.
- Strong understanding of OWASP Top 10, secure coding techniques, and threat modelling.
- Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners.
- Familiarity with cloud platforms (Azure or AWS), CI/CD pipelines, and DevOps practices.
- Knowledge of regulatory frameworks (ISO 27001, FCA, NIST).
- Excellent communication skills and ability to work cross-functionally.
- Experience in fintech or regulated environments.
- Certifications such as OSCP, CSSLP, or CISSP.
- Familiarity with compliance automation platforms (e.g., Drata).
- Exposure to legacy system security challenges and modernisation strategies.
- A true team player with a winning mentality and strong work ethic committed to continuous improvement and high performance.
- Adaptable, tenacious and flexible who is able to perform under pressure.
Benefits
- 25 days’ annual leave, plus bank holidays and an extra day off for your birthday!
- Life Insurance.
- Holiday loyalty scheme.
- Work abroad scheme.
- Enrolment into our pension scheme, which we offer via a salary exchange scheme.
- Access to a financial education, planning and coaching platform.
- Membership with Healthcare platform, which offers cash back on healthcare focused on dental, optical & physio, plus access to stress helplines, a virtual GP and more.
- Salary exchange nursery fees.
- Enhanced parental leave.
- Cycle to work.
- Career development and progression tools.
- Company events – Sporting events, pub nights, seasonal parties, socials.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Program Manager leading programs for national economic security and investment security at Booz Allen Hamilton. Overseeing a large team and aligning objectives with strategic goals.
Senior Analyst for Digital Forensics and Incident Response at AVEVA, responsible for maintaining security program integrity and incident response lifecycle.
Research Assistant for Cybersecurity Training developing training content for cybersecurity education programs. Collaboration with leading companies and ongoing education in innovative research at Fraunhofer SIT.
Cyber Security Werkstudent supporting security consultants in customer projects and gaining insights into information security challenges. Assisting with risk analysis, documentation, and internal security tasks.
Werkstudent in Cyber Security supporting Security Consultants in Munich. Assisting in security assessments and documentation while gaining practical experience in the field.
Lead Cybersecurity Manager providing cybersecurity support and compliance with Federal and DoD cybersecurity policies. Ensuring secure integration of network components in Army environments.
Mental Health Security Specialist for Florida's DCF ensuring safety and security of patients and staff. Patrols facility, responds to emergencies, conducts safety inspections, and handles incidents.
Expert in information security with a focus on managing penetration tests for a leading financial services provider. Involves cloud transformation and regulatory compliance in a dynamic team environment.
Staff Offensive Security Engineer at RD Saúde concentrating on Adversary Emulation and Purple Engineering. Improving adversary simulations and defenses through collaboration and structured plans.