Overview:
To lead application security across a portfolio of on-premises software and applications. This role provides expert guidance, drives secure development practices, and leads key security activities such as threat modelling and backlog management. The Principal Applications Security Engineer works independently and collaborates with engineering teams and product stakeholders to continually strengthen the portfolio's security posture.
Responsibilities:
Role Specific
* Provide subject‑matter expertise in identifying, assessing, and resolving application security issues across the product portfolio.
* Lead threat modelling activities for new features and architectural changes, ensuring risks are well understood and addressed.
* Guide development teams in adopting secure coding practices for .NET/C# and Angular applications.
* Manage and prioritise the application security backlog, working independently to drive risk-based remediation with product teams.
* Support and mature Security Champions, providing coaching, guidance, and security best practices.
* Operate and improve existing application security tooling within CI/CD pipelines and influence future enhancements where appropriate.
* Develop security guidance and automation that help shift security earlier in the development lifecycle.
* Participate in architecture and security reviews, providing constructive and actionable feedback on designs.
* Contribute to the ongoing adoption of NIST SSDF-aligned practices across the development lifecycle.
Individual
* Maintain the effectiveness of the Quality and Health, Safety and Environmental (HSE) system at the sites via adherence to applicable policies and procedures
* Complete Quality and Health, Safety and Environmental (HSE) System related actions in a timely manner according to procedures e.g. CAPA, NCR
Adhere to Health, Safety and Environmental (HSE) policies and procedures.
Qualifications:
Qualifications / Education required:
1. Degree (or equivalent) in a Computer Science or Software Engineering discipline
Experience required:
1. Solid experience in an Application Security or DevSecOps role.
2. Strong software engineering background, ideally including .NET and C#.
3. Experience securing applications built with .NET/C# and modern front-end frameworks such as Angular.
4. Strong understanding of secure software development lifecycle principles and major security frameworks (e.g., NIST, OWASP).
5. Ability to identify and remediate application security vulnerabilities beyond common patterns such as the OWASP Top 10.
6. Hands-on experience using common application security tooling (e.g., SAST, DAST, SCA).
Aptitude/skills required:
* Good written and oral communication skills are required, for example, to ensure succinct report generation, effective communication with staff, peer groups, etc., across the organisation.
* Ability to work autonomously, manage personal workload effectively, and make thoughtful recommendations with limited guidance.
* Ability to influence and collaborate with cross-functional teams at all levels of the organisation.
Share this job:
Share this Job
