Sr Application Security Specialist

Senior Application Security Specialist COE (Governance & Advisory) Your Responsibilities

• Own and drive the governance, guidance, and architectural messaging for Application Security (AppSec) across the organisation, ensuring consistent adoption of secure development practices.
• Define and maintain target-state AppSec governance frameworks, including policies, standards, and secure SDLC practices; assess current-state maturity and define transition states for teams and markets.
• Provide expert advisory across development, engineering, and product teams, ensuring AppSec requirements are integrated early and effectively into design and delivery workflows.
• Perform and lead application security assessments, threat modelling sessions, design reviews, and secure code review consultations.
• Partner with Security Product Owners and engineering teams to ensure AppSec tooling, processes, and services meet organisational needs and regulatory expectations.
• Support selection, evaluation, and procurement of AppSec technologies, contributing to tool strategy, capability uplift, and adoption across teams.
• Ensure AppSec best practices are understood and leveraged across the enterprise through coaching, documentation, and stakeholder engagement.

• Extensive experience in Application Security within enterprise environments, ideally as part of a centralised Centre of Excellence or security governance function.
• Strong capability in developing and governing AppSec policies, standards, and secure SDLC frameworks.
• Expert knowledge across threat modelling, secure design, application risk assessment, and secure code review techniques.
• Hands-on understanding of DevSecOps practices, CI/CD pipeline security, and integrating security controls within modern development workflows.
• Ability to influence senior engineers, architects, and product leaders, ensuring secure-by-design principles are consistently applied.
• Experience producing AppSec maturity roadmaps, target-state models, and governance frameworks.
• Strong understanding of industry standards and frameworks (OWASP ASVS, OWASP SAMM, NIST, ISO 27034).

Desirable Skills / Knowledge / Experience

• Experience implementing or advising on secure use of AI/ML applications, including secure patterns for Generative or Agentic AI.
• Background in secure architecture reviews for microservices, APIs, and cloud-native application stacks (AWS, Azure, or hybrid).
• Experience within regulated industries such as Financial Services or Insurance.
• Strong senior stakeholder communication skills, including the ability to articulate application risks and security requirements to executives.