×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Consultant

Application Security Engineer

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: Thought Machine
Full Time position
Listed on 2026-02-24
Job specializations:
  • IT/Tech
    Cybersecurity, IT Consultant
Job Description & How to Apply Below
Position: Application  Security Engineer
Location: Greater London

Thought Machine’s mission is bold – to properly and permanently rid the world’s banks of legacy technology. To achieve this, we have developed the foundations of modern banking through core and payments technology which run natively in the cloud. What we are attempting is hard and means we need great people working together to build great technology.

We have grown rapidly in the past few years – growing our team to more than 550 individuals across offices in London, New York, Singapore and Sydney. We have raised more than $500m in funding and are now valued at $2.7bn. Our investors include Molten Ventures, Eurazeo, Intesa Sanpaolo, Temasek, Nyca Partners, JPMorgan Chase Strategic Investments, Standard Chartered Ventures, and more.

We have created a culture that enables our team to produce the best work in the industry while ensuring we have fun along the way. We're regularly cited as having a fantastic workplace culture and have been recognised by Sifted magazine as having one of the highest Glassdoor ratings for a UK fintech company and the industry's most generous employee share package.

Global Finance Magazine named us one of the world’s most innovative fintechs, and the Financial Times recognised us as one of Europe’s fastest-growing companies in 2023 and 2024.

This position plays a key role in ensuring Thought Machine teams are taking all required steps in building a secure product set. You will play a major and leading role in protecting Thought Machine product against security risks, with influence to implement cutting‑edge measures to minimise exposures and vulnerabilities.

Whether engineering a system to address a technical security hurdle, protecting our customers' data, or consulting on a wide range of security topics, you are empowered to engage and lead cross‑functionally.

A large part of Thought Machine product security function is a greenfield challenge, we are building the bank of tomorrow with cutting‑edge web technology, no best‑practice/shelve security frameworks or tools can solve our security challenge. We are building the best security to enable engineering and impress financial service auditors. Key qualities of the ideal candidate would have experience in OWASP top 10 vulns, devsec

Ops, data privacy protection, passion to mentor and enable devs, creativity, autonomy, ability to work and complete multiple projects simultaneously.

DUTIES
  • Drive improvements to Thought Machines product security posture through strategic planning and collaboration with both development and infrastructure teams, with trust, autonomy and influence.
  • Produce production web scale grade application security design.
  • Review and produce data privacy and financial regulatory functional and nonfunctional designs.
  • Perform design reviews and threat modeling of Thought Machine services and products.
  • Perform vulnerability assessments and security testing.
  • Provide subject matter expertise on all areas of security and privacy throughout the Software Development lifecycle.
  • Liaison with development teams for design, code reviews & education.
  • Contribute to security strategy, security tooling selection and creation.
  • Conduct regular security assessments and code reviews.
Requirements Essential
  • Expertise with a programming language (e.g. Python, Go or Java)
  • Experience of security in a Dev Ops environment
  • Experience in web application penetration testing and security tooling (e.g. Burp proxy, web/network scanners, static code analysers, etc).
  • Coding experience for automating/integrating security tools and creation of security tools.
  • Knowledge of security in distributed systems at scale.
  • Cloud and containers technology knowledge (e.g. AWS, GCP, Kubernetes, Docker)
  • Experience of performing security design reviews, threat modelling and risk assessments
  • Knowledge of application security issues
Desirable
  • Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc.)
  • Contributions to the security community (public research, blogging, presentations, etc)
  • Awareness and experience of the Data Protection Act, ISO 27001 and PCI‑DSS

We actively hire candidates who demonstrate technical excellence in their field and welcome people of all ages and backgrounds, providing everyone with equal access to professional development. You are encouraged to apply even if your experience doesn't accurately match the job description. We also encourage applications from those with different abilities, including candidates with ADHD, autism, dyslexia or dyspraxia.

#J-18808-Ljbffr
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search