App Sec Engineer (Application Security)

Manchester - Hybrid, 3 days a week in the office. Commutable from Stockport, Wigan, Bolton, Rochdale, Bury, Sale, Liverpool, Warrington, and Runcorn.

Up to £75,000 + benefits

We're partnered exclusively with a Fintech business in Manchester who've been building their own SaaS platform for a decade. It's live, it's scaling, and it's handling sensitive financial data - which means application security really matters here.

They're bringing in an Application Security Engineer to take proper ownership of AppSec across the engineering function. This isn't a bolt-on role where you sit at the end of the process flagging issues. You'll be embedded in the development lifecycle from the start - running threat models, helping developers ship securely, reviewing code, and making sure the right tooling is in place.

The engineering teams are collaborative and they actually want security involvement. So if you're someone who enjoys working with developers and educating as much as you do finding vulnerabilities, you'll fit right in here.

• Strong background in application security, ideally in a SaaS or Fintech environment
• Experience with SAST, DAST, and SCA tooling - Snyk, Checkmarx, Semgrep, Burp Suite, or similar
• Threat modelling - comfortable running sessions with engineering and product teams
• Solid understanding of OWASP Top 10 and how to actually remediate real-world vulnerabilities
• API security - REST, GraphQL, and the common attack vectors around them
• Knowledge of secure SDLC and how to embed security into CI/CD pipelines
• Auth concepts - OAuth, OIDC, JWT, SAML - and where they typically go wrong
• Able to communicate risk clearly to engineers, product managers, and leadership alike