Cambridge or Remote, UK

Senior Application Security Engineer

The Opportunity

As our Senior Application Security Engineer, you will be joining the Application Security (AppSec) team within our Information Security department. This is a highly collaborative role, engaging and working with other teams (e.g., other Security disciplines, Engineering and Cloud Operations, etc.) across our business. As part of this dynamic role, you will be covering all aspects of Application Security with great opportunities for skill development and professional growth. 

You will help us achieve our goals and deliver success on behalf of our customers by: 

  • Contributing as well as guiding other AppSec team members to help enhance the security of our internally developed software products
  • Ownership of security related investigations and research into vulnerabilities and other security issues, providing the appropriate recommendations to the relevant teams to mitigate and resolve the issue
  • Significantly contribute to our continuous product and application security reviews
  • Lead internal penetration tests against our products and services

This role can be based remotely across the UK, however living within commutable distance to our Cambridge office is a definite plus! If you’re based remotely, you will ideally be happy to travel to our Cambridge office several times throughout the year.

Day to Day

  • Ownership of security tools and solutions like Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and other security testing automation tools, and their configurations, effectiveness, utilisation, and integration into the secure SDLC
  • Provide significant contribution towards our vulnerability programme, primarily reviewing and researching identified vulnerabilities
  • Regularly engage with the security community for public-facing security issues, as well as to learning new tactics that can be used in testing
  • Integrating security practices into the software development lifecycle to ensure security is considered at every stage of development
  • Mentoring and educating other members on the team
Newsroom – Featurespace launches ARIC™ Scam Detect to protect the financial services industry and outsmart scammers

Featurespace launches ARIC™ Scam Detect to protect the financial services industry and outsmart scammers

Read more here!

About you

Must haves:

  • Understanding of secure coding principles and best practices to prevent vulnerabilities in software development
  • Strong knowledge of vulnerabilities, especially web application vulnerabilities, and techniques to mitigate them
  • Proficiency in using and maintaining security testing tools such as static analysis, dynamic analysis, and interactive application security testing (SAST, DAST, IAST)
  • Ability to identify, prioritise, and remediate security vulnerabilities in applications
  • A commitment to ongoing learning and staying updated on the latest security trends, tools, and techniques
  • Strong collaborative and teamwork skills, working with other teams
  • Experience in mentoring and educating other team members
  • Effective communication to work collaboratively with development teams, management, and stakeholders on security-related issues
  • Experience in performing penetration testing to identify weaknesses in applications, writing penetration testing reports, and collaborating with development teams to remediate findings

Great to haves:

  • Knowledge and experience in securing cloud-based infrastructure (especially Kubernetes)
  • Knowledge of securing the CI/CD pipeline to ensure the safety of code deployments
  • Knowledge of encryption algorithms, cryptographic protocols, and their proper implementation
  • Ability to assess and prioritise potential threats to an application, considering its architecture and data flow (threat modelling)
  • Knowledge of industry-specific security regulations and compliance requirements (e.g. PCI-DSS, SOC Type 2, etc.)
  • Previous software development (i.e., coding) experience
Apply for job

Equal Opportunities

Here at Featurespace we are committed to being a place of equality, inclusion and respect to provide a safe environment for you to bring your authentic self to work. We know that we gain as much strength from our differences as we do our similarities. We value diversity and are dedicated to listening and learning from each other to build and maintain a positive and productive culture. We appreciate this will be an ever-evolving focus for the business to ensure everyone feels supported and has a sense of belonging.

How to apply

If you think you’re a good fit for the role above, we would love to hear from you.

Fill out the short application form, upload your CV and one of the team will get back to you.

If you have any questions or queries regarding this role, or life at Featurespace, please contact [email protected]

Featurespace Job Application Privacy Notice

Featurespace Ltd., is committed to comply with the General Data Protection Legislation and any implementing legislation (the “Data Protection Legislation”) and will process your Personal Data in accordance with the Data Protection Legislation and information security legislation. Any capitalised terms used in this Privacy Notice shall be given the same definition as in the Data Protection Legislation.

This Privacy Notice sets out the basis on which Featurespace Ltd will process Personal Data relating to job applicants.

The Data Controller is Featurespace Ltd., 140 Cambridge Science Park, Milton Road, Cambridge, CB4 0GF, United Kingdom.

Data refers to both Personal Data and Special Categories of Data. Your job application and the Personal Data held within it will be processed to assess your viability for the stated role. We may also process any information that you provide about your health, for the sole purpose of assessing whether any adjustments may need to be made to the recruitment process to accommodate you . If your application is unsuccessful, Featurespace will retain your Data for 24 months after the end of the recruitment process. Your Personal Data is processed in accordance with our legitimate interests of making sound recruitment decisions. You are under no obligation to provide us with your Personal Data. However without this, we cannot assess your job application. We will only process information about your health for the purpose of making reasonable adjustments to the recruitment process (if applicable), in accordance with our legal obligations. You have the following rights in relation to the processing of your Data: The right to be informed about how your Data is processed. You have the right to object to the processing of your Data based on our legitimate interests as outlined above. The right of access, to your Data and supplementary information relating to our use of your Data. In certain circumstances, we reserve the right to charge you for exercising this right. The right to rectification, if your Data is inaccurate or incomplete. In certain circumstances, the right to erasure, request the deletion of, or removal of, your Data. In certain circumstances, the right to restrict processing, block any further processing of your Data. We shall respond to any request made by you without delay and in any case within a month of your request. The right to complain to the Information Commissioner’s Office if you believe that your data protection/privacy rights have been breached. Your application will be submitted and stored on an application database (Greenhouse). Access to your Data on Greenhouse is limited to the relevant persons for your application- our internal recruiters, the hiring manager and interviewer(s). Your CV may be printed and shown to consulted decision makers, any physical copies will be securely and confidentially destroyed after a decision has been made on your application. Your CV is transferred to a third country, outside of the EEA, when it is processed by Greenhouse. Greenhouse meet the technical and organisational data security measures outlined in the GDPR Article 32, and are SOC2 Type II certified. We do not envisage that any decision will be taken about your application using automated means.