Information Security Engineer (Application Security)

As an Information Security Engineer, you will play a critical role in driving secure application development and vulnerability remediation across our AWS and Azure cloud environments. You'll collaborate with cross-functional teams to embed security into systems, tools, and workflows, ensuring the security and integrity of our digital assets.

This role is ideal for someone who thrives in a cloud-native, developer-focused environment and is passionate about building scalable security practicesnot just identifying issues, but helping resolve them through engineering and automation.

Job Description:

Conduct vulnerability scans and risk assessments in public cloud environments (AWS, Azure) to identify and remediate security risks

Support the integration and ongoing use of SAST, DAST, and SCA tools within CI/CD pipelines and developer workflows

Collaborate with development teams to improve secure application development practices and provide guidance on vulnerability remediation

Contribute to application and infrastructure threat modeling to proactively identify potential risks

Evaluate and advise on the security of AI-enhanced applications and large language models (LLMs)

Apply Kubernetes and container security best practices to help ensure secure deployment of services

Define and maintain application security governance, policies, and technical standards

Work with external penetration testers to coordinate testing efforts and ensure timely triage and resolution of findings (note: this is not a primary pen testing role)

Maintain and enhance security logging and monitoring strategies in collaboration with cloud ops and SIEM teams

Provide training and knowledge-sharing to development teams on application security tools and best practices

Stay up to date on current security trends, threats, and regulatory changes to continuously improve security posture

Partner with IT, legal, compliance, and other teams to ensure a holistic and aligned approach to security

WHAT YOULL NEED:

Bachelor's degree in computer science, Information Security, or a related field or related work experience

CISSP certification (or equivalent security certification) required; CSSLP is a plus

7 years of Information Security experience with at least 5 years in IT roles .

Strong understanding of security architecture design, particularly in Kubernetes, and familiarity with industry-standard security frameworks and best practices

Proven experience of conducting penetration tests, vulnerability assessments, risk assessments, and threat modelling.

Knowledge of regulatory standards such as GDPR, PCI_DSS 4.0, and ISO-27001

Solid understanding of the Software Development Life Cycle (SDLC) and its integration with secure development practices.

Strong communication skills in English and the ability to work collaboratively in a team environment.