CrawlJobs Logo
Barclays Logo Barclays · IT - Software Development

Application Security Engineering Lead

United Kingdom, Glasgow · Job Posted December 23, 2025
Apply Position
Job Link Share

Job Description

Join us at Barclays as an Application Security Engineering Lead, where you'll design and deliver tools that help developers build secure software from the start. Your work will enhance security across the bank, protecting critical systems and sensitive information. To develop, implement and maintain solutions that support the safeguarding of the banks systems and sensitive information.

Job Responsibility

  • Provision of subject matter expertise on security systems and engineering patterns
  • Development and implementation of protocols, algorithms, and software applications to protect sensitive data and systems
  • Management and protection of secrets, ensuring that they are securely generated, stored, and used
  • Execution of audits to monitor, identify and assess vulnerabilities in the banks infrastructure/software and support the response to potential security breaches
  • Identification of advancements in to support the innovation and adoption of new cryptographic technologies and techniques
  • Collaboration across the bank, including developers and security teams, to ensure that cryptographic solutions align with business objectives, security policies and regulatory requirements
  • Development/ Implementation and maintenance of Identity and Access Management solutions and systems

Requirements

  • Experience with the software security landscape: CVEs, CWEs, common software vulnerability types
  • Experience with SAST, SCA, and DAST, including the strengths and weaknesses of each
  • At least one programming language (e.g. Java, Go)
  • At least one major cloud provider (e.g. AWS, GCP, Azure)
  • Experience with REST API design
  • Experience with HTTP Authentication
  • Experience with Linux at the terminal, including scripting and automation (e.g. shell, Python)

Nice to have

  • Experience with CI/CD
  • Experience with GraphQL
  • Familiarity with authentication systems (e.g. OAUTH)

What we offer

  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
Barclays - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Application Security Engineering Lead

8 matching positions

Engineering Lead, AI Application Engineering

Ema is on a mission to redefine the future of work by building a Universal AI Em...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
ema.co Logo
Ema
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years in software/solutions architecture, including 3+ years with LLM or event-driven systems
  • Expert in Python, REST/JSON APIs, and cloud infrastructure (GCP, AWS, or Azure)
  • Proven record deploying AI systems in enterprise environments
  • Familiarity with agent frameworks like LangChain, Semantic Kernel, or similar
  • Experience integrating SaaS platforms like CRM, ATS, ERP
  • Strong understanding of RBAC, SSO (Okta/AD), and security standards
  • Outstanding communication and executive presence in high-stakes environments
Job Responsibility
Job Responsibility
  • Workflow Discovery & Solution Design: Lead discovery workshops to understand human workflows, pain points, data flows, and integration needs. Translate business objectives into AI architecture blueprints covering integration, data, security, and success metrics. Author and maintain “AI-Employee” design documents to guide implementation from blueprint to SLOs
  • Data Integration & Action Building: Use declarative connectors and APIs to ingest, normalize, and secure data from enterprise systems (CRM, ERP, ATS, etc.). Build and maintain reusable action blocks using REST/SOAP/RPA and integrate them into agent-based workflows
  • Agentic Reasoning & Prompt Engineering: Design and compose reasoning agents using modern frameworks (e.g., LangChain, Semantic Kernel). Tune prompts, set up memory management, and define mesh topologies to ensure robust agentic reasoning. Own prompt evaluation, experiment design (A/A, A/B), and rollback strategies
  • Human-AI Interaction: Define and implement user interaction flows by integrating with Slack, Microsoft Teams, widgets, or customer-facing apps. Ensure seamless handoff between automated and human-in-the-loop experiences
  • Monitoring, Metrics & Observability: Define success metrics, KPIs, and SLOs
  • wire them into dashboards, alerts, and observability systems. Steward observability packs, including Terraform/Helm configurations and alerting strategies
  • Security, Identity & Permissions: Enforce zero-trust identity patterns including SSO (Okta/AD) and RBAC. Own auditing, access control, and compliance posture across deployments
  • Collaboration & Continuous Improvement: Lead technical, architectural, and security reviews with internal teams and customer stakeholders. Partner with CVEs and system integrators to unblock issues and ensure deployment success. Monitor production system health and performance, lead continuous-improvement sprints, and codify learnings into reusable playbooks and runbooks. Maintain registries of versioned prompts, connectors, and action templates to support scale and reuse. Channel field insights to Product and ML teams to refine roadmap and platform capabilities
  • Fulltime
Read More
Arrow Right

Lead Application Security Architect

The Application Security Architect is a senior, influential role responsible for...
Location
Location
United Kingdom; Sweden; Poland , London; Stockholm; Łódź
Salary
Salary:
Not provided
arrive.com Logo
Arrive
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in technology, with at least 7 years in a dedicated application security or product security role
  • Demonstrated experience designing and implementing a Secure SDLC in a cloud-native environment (GCP, AWS)
  • Hands-on experience with the architecture and strategy of AppSec tools (e.g., Snyk, Checkmarx, Veracode,)
  • Experience with securing microservices architectures, APIs, and modern web/mobile applications
  • Experience with securing AI/ML systems
  • A Bachelor’s degree in a relevant field or equivalent professional experience
Job Responsibility
Job Responsibility
  • Champion and orchestrate the definition of Arrive’s global Secure Software Development Lifecycle (SSDLC), from threat modeling to secure release, in close partnership with key stakeholders across Engineering and IT
  • Develop and maintain a comprehensive set of global security standards, baselines, and guidelines for secure coding, vulnerability management, and secure architecture
  • Create and champion the strategy for our application security tooling, including SAST, DAST, IAST, and Software Composition Analysis (SCA)
  • Define and manage the application security standards for Mergers & Acquisitions, establishing clear requirements and guiding the architectural integration of acquired technologies
  • Act as a lead security consultant and strategic partner for product and engineering teams, providing expert guidance on secure design patterns and vulnerability remediation
  • Forge a dynamic partnership with the Platform Security team: co-design the security tooling roadmap, consume their platforms where they meet global standards, and introduce new architectural patterns where needed
  • Lead security architecture reviews and threat modeling sessions for new applications and high-risk features
  • Act as a senior mentor and advocate for security engineers and champions across the organization, helping to grow our security talent
  • Stay at the forefront of emerging application security threats, with a particular focus on the risks associated with AI/ML systems
  • Collaborate with Data & AI teams to develop security principles and architectural patterns for securely integrating AI into our products
  • Fulltime
Read More
Arrow Right

Application Security Engineering Manager

I'm hiring for an Application Security Engineering Manager to lead and scale a h...
Location
Location
United States , New York City
Salary
Salary:
Not provided
thisisiceberg.com Logo
Iceberg Cyber Security
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Led AppSec teams in sophisticated engineering environments
  • understands secure SDLC
  • threat modelling
  • code review
  • application architecture risk
  • cloud/application controls
  • modern software delivery practices
  • comfortable communicating with senior stakeholders
Job Responsibility
Job Responsibility
  • Manage a distributed AppSec team
  • build out the New York function
  • set direction
  • prioritise work
  • develop engineers
  • ensure high-quality application security outcomes
  • shape AI security strategy including secure AI adoption, AI-assisted coding risks, controls, governance, and future hiring for dedicated AI Security Lead
  • act as trusted deputy to the CISO
Read More
Arrow Right

Application Security Lead

We are seeking an Application Security Lead to take our existing Secure-SDLC to ...
Location
Location
Salary
Salary:
Not provided
SQR
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven senior Application Security experience (minimum 5 years), supporting engineering teams in a hands-on capacity
  • Strong experience conducting threat modelling and driving mitigations through to implementation
  • Demonstrable experience supporting and operating within a Secure SDLC
  • Mandatory practical, industry experience using OWASP ASVS to define secure development requirements and verify implementations
  • Expert knowledge of common application security risks and mitigations
  • Ability to translate security requirements into pragmatic engineering guidance and communicate effectively with engineers
  • Experience with cloud security (AWS/Azure/GCP), Kubernetes/container security, and IAM patterns
Job Responsibility
Job Responsibility
  • Embed security controls into the SDLC from design through to deployment (requirements, architecture, implementation, verification, and release)
  • Partner with engineering teams to implement practical secure design patterns
  • Define and maintain security requirements and acceptance criteria within the development process, including a security focused “Definition of Done”
  • Support release processes including risk-based sign-off, exception handling, and remediation planning
  • Facilitate threat modelling workshops and produce clear, actionable outputs, including data flow diagrams, trust boundaries, misuse cases, risk ratings, and agreed mitigations
  • Provide hands-on architecture review and guidance for product new services, features, and integrations
  • Apply OWASP ASVS as the primary application security requirements baseline, mapping ASVS controls into engineering deliverables and test evidence
  • Define verification approaches using a blend of manual review, automated testing, and security tooling
  • Drive secure coding practices and provide actionable feedback through design reviews, and targeted engineer coaching
Read More
Arrow Right

Cloud Application Security Lead

Cloud Application security lead is a Senior VP engineer with hands-on experience...
Location
Location
Israel , Tel Aviv
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Expertise of cloud engineering and application security, demonstrated by previous roles in the domain and industry certification
  • Good understanding of security capabilities supporting application development such as authentication, authorization, credential management, certificate management, encryption for on-prem and cloud
  • Understanding of container orchestration technologies
  • Hands-on experience developing high-performance solutions following Agile methodologies ideally backend Java experience
  • Containers K8s hands on experience understanding the lifecycle of a containers and integration with security boundaries-advantage
  • Experience in building end to end solutions for the cloud domain in a secure manner
  • Familiarity with Java required, advantage - GoLang, Node.js, authentication
Job Responsibility
Job Responsibility
  • Technical engineering leadership and hands on development working with key stakeholders of cloud engineering and application security experts
  • Explore and resolve key application security gaps and drive their resolutions
  • Develop modules that resolve identified gaps in a centralized optimized manner such as: credential mgmt, authentication, authorization, end to end scanning tools
  • Act as an advisor and expert lead to various development teams across the company, to help them improve their expertise within cloud engineering and application security
What we offer
What we offer
  • Generous holiday allowance starting at 22 days
  • Private medical insurance packages
  • Employee Assistance Program
  • Fulltime
Read More
Arrow Right

Security Engineering Lead

Citi's Application, Platform and Engineering team is looking for a Security Engi...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bring your deep-dive application security engineering expertise from building production systems
  • thrive in a results-driven environment, where flexibility fuels impact
  • be a game-changer, ready to step beyond your designated role
  • love the synergy of pair programming
  • seize the opportunity to secure AI applications at scale
  • have a relentless passion to learn more about AI security, LLM attacks, and bringing your knowledge to shape Citi's secure AI future
  • proven track record of architecting and building secure, large-scale production applications and business-facing platforms from the ground up
  • hands-on experience finding and exploiting vulnerabilities, conducting red team exercises, and thinking like an attacker to strengthen defenses
  • experience building security tools and secure production systems with Go, Python, JavaScript
  • deep experience with HashiCorp Vault for enterprise-scale secrets management
Job Responsibility
Job Responsibility
  • Build secure AI products
  • conduct penetration testing and vulnerability research
  • design automated security solutions
  • identify and mitigate AI-specific vulnerabilities
  • lead security practices in development lifecycles
  • mentor engineers on secure coding practices.
What we offer
What we offer
  • 27 days annual leave plus bank holidays
  • discretional annual performance-related bonus
  • private medical care and life insurance
  • employee assistance program
  • pension plan
  • paid parental leave
  • special discounts for employees, family, and friends
  • Fulltime
Read More
Arrow Right

Engineering Manager, Application Security

At Qualia, we've built the leading B2B real estate technology that transforms th...
Location
Location
United States
Salary
Salary:
210000.00 - 240000.00 USD / Year
qualia.com Logo
Qualia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years as a security or full-stack engineer working on production systems, with 2+ years managing a security or platform engineering team
  • Hands-on depth in application security: threat modeling, code review, and at least one offensive-security discipline (pen testing, red team)
  • Track record of shipping automation that changed how a team worked - ideally including meaningful use of LLMs, agents, or ML in a security or engineering workflow
  • Comfort operating across the full security lifecycle: prevention, detection, response, and recovery
  • Strong written communication. You can write the design doc, the post-mortem, and the board-ready summary - and you can tell a product engineer why their proposal needs to change without shutting down the conversation
  • Keen product sense and a bias toward measurable impact. You care whether the risk actually went down, not whether a ticket got closed
Job Responsibility
Job Responsibility
  • Lead and grow the Application Security team - coaching senior AppSec engineers, setting goals, and owning delivery against the security roadmap
  • Build the automated pen-testing program. Stand up pipelines that run continuous, AI-assisted offensive testing against our services, APIs, and web properties - and turn the output into a triaged, actionable queue
  • Scale triage with AI. Design the workflows and tooling that let the team handle 10x the volume of findings (bug bounty, scanner output, customer reports) without 10x the headcount
  • Review engineering proposals. Sit at the front of the design process with engineering leaders across Core, Clear, Shield, Connect, and Atlas - reviewing RFCs and proposals, flagging risk early, and helping teams ship securely by default
  • Run red-teaming exercises. Drive recurring red team engagements - both internal exercises and coordinated vendor work - and close the loop into detection, response, and product hardening
  • Own the AppSec vision. Partner with the leadership team to set multi-quarter strategy across anomaly detection, threat modeling, and AI-augmented defense
  • Fight fires when they happen. Lead incident response from the application security side, and be the person engineering trusts to make the call in the room
  • Mentor and hire. Recruit strong AppSec engineers, mentor the ones you have, and build a team culture where people are pushed and supported in equal measure
What we offer
What we offer
  • comprehensive health plans
  • 401k program
  • commuter benefits
  • professional development
  • parental leave
  • flexible time off policy
  • robust online onboarding program
  • biweekly all hands meetings
  • variety of internal virtual events
  • Fulltime
Read More
Arrow Right

Application Security Engineer, Lead

Crafting the right network, with the right equipment and software, requires a co...
Location
Location
United States , Fort Meade
Salary
Salary:
77600.00 - 176000.00 USD / Year
boozallen.com Logo
Booz Allen Hamilton
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience implementing application security services such as macro-segmentation, micro-segmentation, application-aware firewalls, and Web Application Firewalls (WAF)
  • 5+ years of experience with next-generation firewalls, such as Palo Alto, or Cisco, or Fortninet, or Juniper, or Illumio
  • 5+ years of experience with application delivery products, such as F5, Nginx, A10, or NetScaler
  • Experience leading cross-functional teams across various technologies and environments
  • Experience with DoD enterprise networks, such as defense infrastructure, including DMZ and application security
  • Secret clearance
  • HS diploma or GED
Job Responsibility
Job Responsibility
  • Develop enterprise-wide infrastructure
  • Troubleshoot and resolve complex network issues
  • Analyze working infrastructures
  • Increase security, reliability, and availability for mission-critical network systems
  • Optimize client operations and modernization
What we offer
What we offer
  • Health, life, disability, financial, and retirement benefits
  • Paid leave
  • Professional development
  • Tuition assistance
  • Work-life programs
  • Dependent care
  • Recognition awards program
Read More
Arrow Right