Senior Application Security Engineer

About the role

• The Senior Application Security Engineer is responsible for strengthening Enfuce’s application and platform security by embedding security-by-design principles across the full software development lifecycle. Acting as a senior technical authority, the role ensures that application security controls, tooling and practices are proportionate and effectively aligned with Enfuce’s risk appetite and regulatory obligations.

• The role combines hands-on application security expertise with strong collaboration and enablement capabilities. The Senior Application Security Engineer partners closely with Engineering, Product and the Platform team to integrate security seamlessly into the design, build and delivery processes. Enabling Enfuce to innovate at pace while maintaining a robust security posture.

What you'll be doing:

• Act as a Senior Application Security specialist within the Information Security team. You will contribute directly to Enfuce’s technology risk management and security assurance capabilities in a regulated financial services environment.

• Embedded secure software development lifecycle (SSDLC) practices across engineering teams and ensuring security is considered from early design through to build, deployment and ongoing operation.

• Work closely with the Platform and Engineering teams to assess and influence the security of cloud-native, API-driven applications with a strong focus on AWS based environments.

• Integrate and continuously improve automated application security testing within CI/CD pipelines, including SAST, DAST and software composition analysis (SCA). Ensuring that the tools provide meaningful and actionable results.

• Facilitate and lead threat modelling exercises and security design reviews for new and existing services. You will identify risks early and supporting teams with proportionate and pragmatic mitigations.

• Provide expert guidance on security-critical design and implementation decisions. This includes authentication and authorisation, cryptography, logging and monitoring, secrets management and secure configurations.

• Triage, assess, and manage application security vulnerabilities. You will closely collaborate with engineering teams to prioritise remediation based on risk and business impact.

• Support testing programmes such as penetration testing, vulnerability scanning and bug bounty activities. Ensuring that findings are validated, tracked and remediated effectively.

• Develop and maintain application security standards, secure design patterns, and documentation that strengthen Enfuce’s overall security baseline and support consistent implementation across teams.

• Contribute application security expertise to internal assurance activities, external audits, and regulatory assessments.

• Champion a strong security culture across Enfuce by promoting security as a shared responsibility rather than a gatekeeping function.

What you'll bring:

• A strong understanding of common and emerging security vulnerabilities affecting web applications and APIs.

• Practical knowledge of recognised standards and frameworks such as OWASP Top 10, OWASP ASVS and NIST guidance.

• Hands-on experience using application security tooling, including static application security testing (SAST), dynamic application security testing (DAST) and software composition analysis (SCA).

• Practical secure coding knowledge and the ability to read and reason about application code, with experience in languages such as Java and Python

• Proven experience managing vulnerability remediation within application security.

• Experience working in cloud-native environments with familiarity in AWS.

• Confidence reviewing technical designs and architecture, facilitating threat modelling sessions and advising engineering teams on secure design choices and trade-offs.

• A strong commitment to quality and security throughout the software development lifecycle, including secure design, testing and continuous improvement.

• The ability to communicate effectively with both technical and non-technical stakeholders, balancing security risk and regulatory expectations.

Why You’ll Love Working At Enfuce:

• High autonomy & ownership: We give you the freedom to own your work and trust you to make the best decisions for your projects.

• Top-tier talent: Join a team of industry experts and highly skilled professionals who are as passionate as you are about innovation.

• Unlimited growth potential: We support your ambition with plenty of room for personal and professional growth within the company.

• Flexible, remote work: Work from anywhere up to 30 days, in an environment that values flexibility and work-life balance.

• A supportive culture: You’ll be part of a team that encourages, motivates, and celebrates success together.

Comprehensive benefits package: We take care of our people with great benefits to match the value you bring.

Benefits & Perks:

Fair pay and employee stock option:

• We value the input of every employee and want you to tap into the growth we build together. That’s why our salaries are competitive and reassessed regularly, and you have access to an employee stock option program.

Flexible Paid Time Off:

• We offer a flexible paid time off policy, providing up to 5 weeks of annual vacation days and paid family leave (subject to country regulations). Additionally, you can benefit from hybrid or remote work options, promoting a healthy work-life balance.

Regular Fun With Your Team:

• To spend other than work-related time with your teammates, you get a team activity budget for three quarters a year. The fourth quarter is reserved for a company-wide event.

Individual Learning Budget:

• You get a yearly learning budget to use for courses and other relevant learning opportunities that help you develop your skills.