The Application Security Engineer is responsible for improving and embedding security throughout the software development lifecycle across Investec's engineering environments. The role focuses on secure software development practices, application security tooling, Dev Sec Ops integration, and engineering enablement to reduce security risk while supporting modern software delivery.
The role works closely with software engineering teams, platform teams, and security stakeholders to implement scalable application security controls, improve developer security practices, and enhance visibility into software supply chain and application risk.
Key Responsibilities Application Security Engineering Partner with engineering teams to embed security into software design, development, testing, and deployment processes. Provide practical security guidance and support across modern application architectures and development frameworks. Assist teams in identifying and remediating application security vulnerabilities and weaknesses. Promote secure-by-default engineering practices across the software development lifecycle. Secure Development and Code Review Support secure coding practices across primarily. NET and Type Script environments, with exposure to Python and Java ecosystems. Review application architectures, code patterns, and integrations for security risks and weaknesses. Assist development teams with remediation guidance and secure implementation approaches. Develop and maintain secure coding standards, patterns, and reusable guidance. Application Security Tooling and Dev Sec Ops Implement, maintain, and optimise application security tooling across CI/CD pipelines and engineering workflows. Manage and support tooling including: Static Application Security Testing (SAST) Software Composition Analysis (SCA) Secrets detection and scanning Software supply chain security controls Support integration of security tooling into build and deployment processes to enable automated security validation. Work closely with platform and engineering teams to improve developer experience and reduce friction in security adoption. Software Supply Chain and Vulnerability Management Assist with management and interpretation of software security findings including vulnerabilities, dependency risks, and exposure trends. Maintain familiarity with industry standards and terminology including: CWE (Common Weakness Enumeration) CVE (Common Vulnerabilities and Exposures) SBOM (Software Bill of Materials) Support prioritisation and remediation of application and dependency vulnerabilities. Contribute to improving software supply chain visibility and governance. Infrastructure as Code (Ia C) and Cloud-Native Security Support secure Infrastructure-as-Code practices with a strong focus on Bicep and cloud-native deployment models. Review and improve security controls within application deployment templates and infrastructure definitions. Collaborate with cloud and platform engineering teams to improve secure deployment standards and patterns. Promote Dev Sec Ops practices across application and infrastructure delivery pipelines. Security Enablement and Collaboration Work closely with developers, architects, and platform teams to improve security maturity across engineering environments. Assist with application security awareness, guidance, and developer enablement initiatives. Contribute to security standards, engineering patterns, and operational processes. Support investigation and response activities related to application security findings and incidents. Qualifications, Experience and Skills Bachelor's degree in Computer Science, Information Technology, Engineering, or related discipline (or equivalent practical experience) Relevant Certifications (desirable) CSSLP, GWAPT, GWEB, OSWE, or equivalent application security certifications Microsoft Azure certifications advantageous Secure software development or Dev Sec Ops related certifications beneficial Technical Skills and Experience Strong understanding of modern application security principles and secure software development practices. Hands-on experience with. NET and Type Script application ecosystems. Working knowledge of Python and Java environments advantageous. Familiarity with scripting and automation using Power Shell, Bash, or similar technologies. Experience implementing and managing application security tooling including SAST and SCA solutions. Strong understanding of software supply chain security concepts including SBOMs, dependency management, and vulnerability management. Familiarity with common application security weaknesses and frameworks including OWASP Top 10 and CWE classifications. Experience with CI/CD concepts and Dev Sec Ops integration patterns. Strong Infrastructure-as-Code knowledge with experience in Bicep desirable. Behavioural Attributes Pragmatic and engineering-focused mindset Strong analytical and problem-solving capability Collaborative and developer-friendly approach Ability to communicate complex technical concepts clearly Self-driven with strong ownership and continuous improvement mindset #J-18808-LjbffrBy continuing you agree to our Terms & Privacy Policy.