Senior Application Security Engineer, Brightflag

• 5+ years’ experience in application security, penetration testing, or a similar security-focused engineering role
• Bachelor’s degree in computer science or a related field, or equivalent industry certifications
• Deep understanding of web application security, threat modelling, and secure software development practices
• Strong experience embedding security tools (SAST, DAST, dependency scanning) into CI/CD pipelines and hands-on experience in penetration testing of web applications. Excellent knowledge of OWASP vulnerabilities and secure coding principles
• Familiarity with emerging cybersecurity exploits, attack techniques, and mitigation strategies
• In-depth knowledge of web application architectures and secure software development practices
• Strong understanding of network protocols, cryptographic technologies, and authentication/authorisation models
• Proficiency in Java and secure coding practices
• Strong coding, scripting, and automation experience, with an emphasis on reducing security toil through tooling
• Ability to work independently as the expert in application security
• Experience working as a trusted partner to software engineers to drive security adoption effectively and in a collaborative manner
• Strong and pragmatic problem-solving capabilities so that security enables development with security and engineering needs being balanced effectively
• Ability to take ownership of security beyond identifying problems; this person is accountable for ensuring security is implemented correctly
• Excellent communication skills, with the ability to clearly explain security concepts to software engineers, DevOps, and leadership without unnecessary complexity

Desirable

• As an Application Security Engineer at Brightflag, you will play an integral role in the success of our engineering team and help ensure that features are delivered securely
• We have a number of high-profile customers across Europe, the US, and Australia, and we are growing quickly
• Our engineers take ownership of their work, solve complex problems creatively, and contribute to building exceptional products
• We build products using an Agile, process-driven methodology
• As a subject matter expert, you will work with the Product & Engineering teams to embed security in requirements, technical designs, and implementation to ensure alignment with our InfoSec and Engineering security standards
• Drive our Secure By Design approach: embed security into the SDLC by reviewing requirements with security impact, assessing technical designs, and performing secure code reviews
• Conduct penetration testing on application features for vulnerabilities, including OWASP Top 10 issues and emerging threats, and work with engineering to remediate findings
• Improve DevOps security by integrating static analysis (SAST), dependency scanning, dynamic testing (DAST), and security automation into CI/CD, ensuring security across our tech stack (includes Java, Spring, MySQL, Elastic, AWS)
• Develop and deliver security training and mentoring to software engineers, ensuring security knowledge is shared across teams
• Secure the integration of AI/ML-based features by applying security best practices to data-driven applications and mitigating risks unique to LLMs and data pipelines
• Collaborate with our DevOps and AWS infrastructure security team, supporting testing and scanning of vulnerabilities in the application tech stack
• Support and guide the external penetration testing process, ensuring findings translate into actionable security improvements