CrawlJobs Logo

Application Security Lead

SQR

Location Icon

Location:

Category Icon
Category:
IT - Software Development

Job Type Icon

Contract Type:
Not provided

Salary Icon

Salary:

Not provided
Save Job
Save Icon
Apply Position

Job Description:

We are seeking an Application Security Lead to take our existing Secure-SDLC to the next level, with a clear focus on improving how we design, build, test, and execute. You’ll work closely with product and engineering teams to embed stronger security practices into application architecture and delivery, lead threat modelling, and turn risks into clear, implementable requirements and controls. Using OWASP ASVS (and related guidance) as the baseline, you’ll help teams consistently verify security outcomes through practical validation, coaching, clear standards, and an enablement first approach.

Job Responsibility:

  • Embed security controls into the SDLC from design through to deployment (requirements, architecture, implementation, verification, and release)
  • Partner with engineering teams to implement practical secure design patterns
  • Define and maintain security requirements and acceptance criteria within the development process, including a security focused “Definition of Done”
  • Support release processes including risk-based sign-off, exception handling, and remediation planning
  • Facilitate threat modelling workshops and produce clear, actionable outputs, including data flow diagrams, trust boundaries, misuse cases, risk ratings, and agreed mitigations
  • Provide hands-on architecture review and guidance for product new services, features, and integrations
  • Apply OWASP ASVS as the primary application security requirements baseline, mapping ASVS controls into engineering deliverables and test evidence
  • Define verification approaches using a blend of manual review, automated testing, and security tooling
  • Drive secure coding practices and provide actionable feedback through design reviews, and targeted engineer coaching

Requirements:

  • Proven senior Application Security experience (minimum 5 years), supporting engineering teams in a hands-on capacity
  • Strong experience conducting threat modelling and driving mitigations through to implementation
  • Demonstrable experience supporting and operating within a Secure SDLC
  • Mandatory practical, industry experience using OWASP ASVS to define secure development requirements and verify implementations
  • Expert knowledge of common application security risks and mitigations
  • Ability to translate security requirements into pragmatic engineering guidance and communicate effectively with engineers
  • Experience with cloud security (AWS/Azure/GCP), Kubernetes/container security, and IAM patterns

Nice to have:

  • Familiarity with relevant standards and guidance such as: NIST SSDF (SP 800-218) or equivalent SSDLC frameworks
  • CWE/SANS Top 25
  • ISO/IEC 27001 control alignment

Additional Information:

Job Posted:
February 24, 2026

Icon
SQR - All Job Offers
Job Link Share:
Copy Link Icon
Facebook Icon Twitter Icon LinkedIn Icon

Looking for more opportunities? Search for other job offers that match your skills and interests.

Briefcase Icon

Similar Jobs for Application Security Lead

Application Security Tech Lead

The position is a cross-functional role that will be responsible for various App...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's Degree with 4 - 6 years' experience in web application development or application code review
  • Experience as a technical lead or manager
  • Knowledge of cloud computing concepts and DevOps tools (OpenShift, Kubernetes, Docker, Chef, etc)
  • Experience using or testing cloud platforms (AWS, Google, Azure, etc) and security in/of the cloud
  • Understanding of security, web-based and infrastructure vulnerabilities
  • Experience in source code management, build and deployment technologies such as RLM, Ueploy, Jenkins, Artifactory, Maven, GitHub, etc
  • Experience conducting vulnerability assessments and articulating security issues to technical and non-technical audience
  • Understanding of Snyk, Checkmarx, CDXGen, Dependency Track, Fortify, GitHub Advance Security, Sonatype or Black Duck platform is a plus
  • Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures
  • Excellent communication skills (written and verbal)
Job Responsibility
Job Responsibility
  • Establish/manage multiple security programs that support the security testing requirements at the bank
  • Forge and maintain strong working relationships with development functions/teams, product delivery teams, project management, third party management, enterprise architecture, audit teams, etc.
  • Participate in security and technology strategic planning to ensure identified risk governance is incorporated into the CISO enterprise strategy
  • In partnership with business sectors, run delegate action groups to provide recommendations to strengthen development processes and security testing
  • Appropriately assess risk and provide software security advice when business decisions are made
  • Interface with Application Security Program Team to oversee Program Projects and Initiatives and make strategic recommendations to senior manager on standards and policy changes
  • Fulltime
Read More
Arrow Right

Cloud Application Security Lead

Cloud Application security lead is a Senior VP engineer with hands-on experience...
Location
Location
Israel , Tel Aviv
Salary
Salary:
Not provided
https://www.citi.com/ Logo
Citi
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Expertise of cloud engineering and application security, demonstrated by previous roles in the domain and industry certification
  • Good understanding of security capabilities supporting application development such as authentication, authorization, credential management, certificate management, encryption for on-prem and cloud
  • Understanding of container orchestration technologies
  • Hands-on experience developing high-performance solutions following Agile methodologies ideally backend Java experience
  • Containers K8s hands on experience understanding the lifecycle of a containers and integration with security boundaries-advantage
  • Experience in building end to end solutions for the cloud domain in a secure manner
  • Familiarity with Java required, advantage - GoLang, Node.js, authentication
Job Responsibility
Job Responsibility
  • Technical engineering leadership and hands on development working with key stakeholders of cloud engineering and application security experts
  • Explore and resolve key application security gaps and drive their resolutions
  • Develop modules that resolve identified gaps in a centralized optimized manner such as: credential mgmt, authentication, authorization, end to end scanning tools
  • Act as an advisor and expert lead to various development teams across the company, to help them improve their expertise within cloud engineering and application security
What we offer
What we offer
  • Generous holiday allowance starting at 22 days
  • Private medical insurance packages
  • Employee Assistance Program
  • Fulltime
Read More
Arrow Right

Application Security Engineering Lead

Join us at Barclays as an Application Security Engineering Lead, where you'll de...
Location
Location
United Kingdom , Glasgow; Knutsford
Salary
Salary:
Not provided
barclays.co.uk Logo
Barclays
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Experience with the software security landscape: CVEs, CWEs, common software vulnerability types
  • Experience with SAST, SCA, and DAST, including the strengths and weaknesses of each
  • At least one programming language (e.g. Java, Go)
  • At least one major cloud provider (e.g. AWS, GCP, Azure)
  • Experience with REST API design
  • Experience with HTTP Authentication
  • Experience with Linux at the terminal, including scripting and automation (e.g. shell, Python)
Job Responsibility
Job Responsibility
  • Provision of subject matter expertise on security systems and engineering patterns
  • Development and implementation of protocols, algorithms, and software applications to protect sensitive data and systems
  • Management and protection of secrets, ensuring that they are securely generated, stored, and used
  • Execution of audits to monitor, identify and assess vulnerabilities in the banks infrastructure/software and support the response to potential security breaches
  • Identification of advancements in to support the innovation and adoption of new cryptographic technologies and techniques
  • Collaboration across the bank, including developers and security teams, to ensure that cryptographic solutions align with business objectives, security policies and regulatory requirements
  • Development/ Implementation and maintenance of Identity and Access Management solutions and systems
What we offer
What we offer
  • Competitive holiday allowance
  • Life assurance
  • Private medical care
  • Pension contribution
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

As a Staff Application Security Engineer at Culture Amp, you will play a pivotal...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
cultureamp.com Logo
Culture Amp
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments
  • Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2)
  • Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS)
  • Strong knowledge of security automation, CI/CD integration, and DevSecOps practices
  • Experience designing and implementing security tools, frameworks, and processes that scale with developer velocity
  • Demonstrated ability to lead and influence cross-functional teams, drive change, and deliver results in ambiguous or complex environments
  • Excellent communication skills, with the ability to explain complex security concepts to technical and non-technical audiences
  • Experience mentoring and developing engineers, and a passion for building a culture of security and continuous improvement
  • Familiarity with security-related compliance requirements and standards relevant to SaaS businesses
Job Responsibility
Job Responsibility
  • Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members
  • Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps)
  • Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale
  • Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures
  • Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues
  • Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning
  • Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP)
  • Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp
  • Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community
What we offer
What we offer
  • Employee Share Options Program
  • Programs, coaching, and budgets to help you thrive personally and professionally
  • Access to external providers for mental wellbeing and coaching support
  • Monthly Camper Life Allowance
  • Team budgets dedicated to team building activities and connection
  • Intentional quarterly wellbeing pauses
  • Extended year-end breaks
  • Excellent parental leave and in work support program available from day 1
  • 5 Social Impact Days a year
  • MacBooks for you to do your best & a work from home office budget
  • Fulltime
Read More
Arrow Right

Director of Application Security

Hewlett Packard Enterprise is seeking a Director of Application Security to defi...
Location
Location
United States
Salary
Salary:
164500.00 - 398500.00 USD / Year
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience in cybersecurity, with at least 5+ years leading an application security function
  • demonstrated experience working at an enterprise-level organization with large-scale systems, processes, or operations
  • proven success in building and scaling application security programs in large, complex technology environments
  • deep understanding of secure software development practices, DevSecOps, and CI/CD tooling
  • threat modeling, code analysis, and vulnerability management
  • OWASP Top 10, SANS Top 25, and modern application security risks
  • experience with risk management frameworks (NIST CSF, ISO 27001, etc.) and regulatory requirements (SOX, GDPR, HIPAA, etc.)
  • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field (or equivalent experience)
  • CISSP, CSSLP, or other relevant security certifications preferred.
Job Responsibility
Job Responsibility
  • define and execute the enterprise application security strategy aligned with business objectives and regulatory requirements
  • build, mentor, and grow a high-performing Application Security team
  • act as a trusted security advisor to engineering and product executives
  • develop and mature programs for secure software development
  • establish policies, standards, and patterns to deliver secure products at scale
  • partner with engineering, DevOps, and cloud teams to embed security tooling into CI/CD pipelines
  • lead developer outreach efforts
  • engage with product management to incorporate security requirements into roadmaps
  • drive the integration of an application security risk register
  • measure and report on the maturity and effectiveness of the AppSec program using KPIs and KRIs
What we offer
What we offer
  • comprehensive suite of benefits supporting physical, financial and emotional wellbeing
  • investment in personal and professional development
  • programs catered to career growth
  • unconditional inclusion
  • flexibility to manage work and personal needs.
  • Fulltime
Read More
Arrow Right

Security Lead – Cloud & IT Security

HPE Operations is our innovative IT services organization. It provides the exper...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's or Master's degree in Computer Science, Information Security, or related field
  • Minimum 10 years in IT security
  • At least 5 years in a leadership role
  • Proven track record in deploying and managing enterprise firewalls (e.g., Palo Alto, Fortinet, Check Point)
  • Strong knowledge of cloud security for AWS, Azure, and/or Google Cloud
  • Experience with DDoS mitigation solutions (e.g., Cloudflare, Akamai, AWS Shield)
  • Experience with Burpsuite
  • Hands-on knowledge of SIEM, SOAR, EDR, and vulnerability management tools
  • Strong analytical thinking
  • Problem-solving ability
Job Responsibility
Job Responsibility
  • Develop and maintain the organization's IT security roadmap aligned with cloud and enterprise infrastructure
  • Lead security design reviews for new systems, services, and cloud deployments
  • Deploy, configure, and manage network security appliances including next-generation firewalls, IDS/IPS, and web application firewalls
  • Implement and maintain cybersecurity protocols, including endpoint protection, identity management, and access control policies
  • Design and operate DDoS protection mechanisms to ensure availability of critical systems
  • Implement and enforce security measures in public, private, and sovereign cloud environments
  • Monitor and audit cloud configurations to ensure compliance with industry standards (ISO 27001, NIST, CIS, etc.)
  • Lead threat modeling, risk assessment, and vulnerability management initiatives
  • Oversee incident detection, response, and recovery processes to minimize business impact
  • Ensure adherence to regulatory and compliance requirements such as GDPR, HIPAA, PCI-DSS
What we offer
What we offer
  • Health & Wellbeing benefits
  • Personal & Professional Development programs
  • Unconditional Inclusion environment
  • Comprehensive suite of benefits supporting physical, financial and emotional wellbeing
  • Fulltime
Read More
Arrow Right

Senior Application Security Engineer

As an Application Security - Senior Product Security Engineer, you will play a c...
Location
Location
United States
Salary
Salary:
157000.00 - 216000.00 USD / Year
alpha-sense.com Logo
AlphaSense
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Application or Product Security, preferably in a SaaS or cloud-native environment
  • Strong understanding of web app and API security, microservices, and containerized architectures
  • Experience integrating security tooling into modern CI/CD workflows
  • Proficiency with SAST, DAST, IaC scanning, and container security platforms
  • Skilled in secure coding and code review for at least one major language (Python, Java, Go, JavaScript)
  • Familiarity with AWS security, Kubernetes security, and DevSecOps best practices
Job Responsibility
Job Responsibility
  • Lead application security initiatives across all SaaS products and microservices
  • Conduct threat modeling, architecture reviews, and secure code assessments for both backend and frontend systems
  • Implement and manage security automation in CI/CD, integrating SAST, DAST, SCA, and container image scanning tools
  • Collaborate with engineering teams to triage, prioritize, and remediate vulnerabilities across applications and containerized workloads
  • Drive AppSec awareness and training, developing secure coding practices and guidelines
  • Evaluate and deploy container security controls, ensuring images and orchestrators (Kubernetes, ECS, etc.) follow best practices
  • Support bug bounty and vulnerability disclosure programs and coordinate penetration testing
  • Stay ahead of emerging application and container threats, and recommend preventive controls aligned with OWASP and CIS benchmarks
What we offer
What we offer
  • Competitive compensation, benefits, and career growth opportunities
  • Opportunity to shape and drive product security strategy
  • Collaborative and security-minded engineering culture
  • Work on cutting-edge security challenges in a fast-growing company
  • Performance-based bonus
  • Equity
  • Generous benefits program
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

As a Staff Application Security Engineer at Culture Amp, you will play a pivotal...
Location
Location
Australia , Melbourne; Sydney
Salary
Salary:
Not provided
cultureamp.com Logo
Culture Amp
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Extensive experience in application security engineering, with a proven track record of leading security initiatives in SaaS or cloud-native environments
  • Deep technical expertise in secure software development, secure coding practices, and common security frameworks (e.g., OWASP Top 10, NIST, PCI, SOC 2)
  • Proficiency in multiple programming languages (e.g., Ruby, Python, JavaScript, Go) and experience with modern web application architectures and cloud platforms (e.g. AWS)
  • Strong knowledge of security automation, CI/CD integration, and DevSecOps practices
  • Experience designing and implementing security tools, frameworks, and processes that scale with developer velocity
  • Demonstrated ability to lead and influence cross-functional teams, drive change, and deliver results in ambiguous or complex environments
  • Excellent communication skills, with the ability to explain complex security concepts to technical and non-technical audiences
  • Experience mentoring and developing engineers, and a passion for building a culture of security and continuous improvement
  • Familiarity with security-related compliance requirements and standards relevant to SaaS businesses
Job Responsibility
Job Responsibility
  • Lead and drive the most complex and high-impact application security reviews, threat modeling, and risk assessments across our product portfolio, providing expert guidance and direction for other team members
  • Collaborate with engineering, product, and platform teams to embed security into the SDLC, including secure design, code review, and automated security testing (DevSecOps)
  • Develop and scale security automation, tools, and centralized libraries that enable developers to build secure applications efficiently and at scale
  • Proactively identify, assess, and address security risks and vulnerabilities in our SaaS environment, including cloud-native and microservices architectures
  • Own and evolve our vulnerability management programs, ensuring timely triage, remediation, and communication of security issues
  • Mentor and support engineers across the organization, fostering a culture of security awareness, knowledge sharing, and continuous learning
  • Influence and drive cross-functional security initiatives, partnering with compliance, privacy, and infrastructure teams to meet regulatory and customer requirements (e.g., SOC 2, ISO 27001, OWASP)
  • Stay current with the latest security threats, technologies, and best practices, and advocate for their adoption within Culture Amp
  • Represent Culture Amp’s security expertise internally and externally, including supporting customer security reviews and contributing to the broader security community
What we offer
What we offer
  • Employee Share Options Program
  • Programs, coaching, and budgets to help you thrive personally and professionally
  • Access to external providers for mental wellbeing and coaching support
  • Monthly Camper Life Allowance
  • Team budgets dedicated to team building activities and connection
  • Intentional quarterly wellbeing pauses
  • Extended year-end breaks
  • Excellent parental leave and in work support program available from day 1
  • 5 Social Impact Days a year
  • MacBooks for you to do your best & a work from home office budget
Read More
Arrow Right
Jobs by Category
Art and Entertainment Jobs Banking Jobs Call Center Jobs Construction Jobs Consulting Jobs Customer Service Jobs Education Jobs Energy Jobs Finance Jobs Gastronomy Jobs Health and Beauty Jobs Hospitality and Tourism Jobs Human Resources Jobs Insurance Jobs IT - Administration Jobs IT - Software Development Jobs Legal Jobs Logistics Jobs Manufacturing Jobs Marketing, Digital Marketing, SEO, SEM Jobs Media Jobs Nursing Jobs Office Administration Jobs Pharmacy Jobs Physical Work Jobs Public Relations Jobs Public Sector Jobs Purchasing Jobs Quality Control Jobs Real Estate Jobs Research and Development Jobs Sales Jobs
Job Positions Jobs by Country
United States Jobs United Kingdom Jobs India Jobs Canada Jobs Australia Jobs Germany Jobs Ireland Jobs Poland Jobs
Company
Blog About Us Contact
Follow Us
Facebook
X (Twitter)
LinkedIn
Instagram
CrawlJobs Group
ITFlashcards AllDevBlogs
© 2026 CrawlJobs Ltd. All Rights Reserved
Terms & Conditions Privacy Policy