×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Application Security Engineer

Job in Salford, Manchester, Greater Manchester, M9, England, UK
Listing for: Finova Technologies Private Limited
Full Time position
Listed on 2026-06-16
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 80000 - 100000 GBP Yearly GBP 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Location: Salford

Application Security Engineer – Manchester Based (3 Days Hybrid)

Finova is seeking a hands‑on Application Security Engineer to embed security into the design, build, and shipment of software across a multi‑cloud SaaS fintech platform.

About the Role
  • Core Responsibility: Partner closely with developers, the IAM Specialist, and the Cloud Security Engineer to ensure identity, infrastructure, and code are defended together.
  • The Stack: Multi‑cloud environment spanning AWS, Azure and GCP. Applications run on .NET / ASP.NET with SQL Server backends.
  • Key Challenge: Protect regulated financial data while defending a growing portfolio of AI‑powered features against a new class of application risks (prompt injection, model abuse, and training data leakage).
  • Work Model: Highly collaborative, hands‑on hybrid role focused on making secure‑by‑default the path of least resistance for engineering teams.
About You
  • Experience: 4–6 years in application security, product security, or security‑focused software engineering within regulated environments.
  • Framework Expertise: Strong working knowledge of .NET / ASP.NET application security (Claims‑based identity, ASP.NET Core authorization, data protection APIs).
  • Security Models: Deep familiarity with OWASP Top 10, OWASP ASVS, and hands‑on experience leading threat modelling sessions (STRIDE/attack trees).
  • CI/CD Pipeline

    Skills:

     Experience integrating and tuning security tools (SAST, SCA, DAST) within Azure Dev Ops, Git Hub Actions or similar pipelines.
  • Code Review: Confident reading and reviewing C# code to find authorization flaws, deserialization issues, or tenant isolation gaps during PRs.
  • Core Fundamentals: Solid understanding of cryptographic primitives, API security at scale (OAuth 2.0 / OIDC, JWT pitfalls), and SaaS multi‑tenancy data exposure risks.
  • Consultative Delivery: Experience working as a delivery engineer or consultant, shipping security work into messy, deadline‑driven customer environments.
  • Communication: Clear communicator who can effectively coach a junior engineer, debate with a senior engineer, and explain critical risks to non‑technical executives.
Nice to Have
  • Fintech Background: Experience working in fintech, payments, banking or insurance environments.
  • AI Security: Hands‑on experience securing AI/LLM features, prompt injection defense, and familiarity with OWASP LLM Top 10 or MITRE ATLAS.
  • Offensive Security: An offensive security background (OSCP, OSWE or equivalent) or experience with bug bounty program design.
  • Certifications: CSSLP, GWAPT, GWEB, CISSP or vendor‑specific cloud security certifications.
  • Database Security: Experience identifying SQL Server‑specific application risks, including ORM misuse and stored procedure vulnerabilities.
  • Community Contributions: Contributions to open‑source security tooling, CVE research, or published security writing.
Key Attributes
  • The Collaborative Builder: Thrive in shared‑accountability environments, working alongside infrastructure and identity specialists to build multi‑layered defenses.
  • Pragmatic and Ruthless: Tune tools to protect developer workflows from noise, ensuring that every alert is a high‑signal, high‑trust finding.
  • Curious and Adaptive: Energized by new technical frontiers, translating the emerging risks of AI endpoints and LLMs into practical engineering guardrails.
  • Resilient Communicator: Comfortable operating in regulated environments, translating complex vulnerabilities into business context for leadership while remaining a trusted peer to developers.
What Will You Be Doing? Secure SDLC & Shift‑Left Automation
  • Toolchain Ownership: Own the application security toolchain end‑to‑end (SAST, SCA, DAST, secrets, container and IaC scanning) integrated into Azure Dev Ops and Git Hub Actions.
  • Scanner Optimization: Tune scanners to maximize high‑signal findings and eliminate noise so engineers trust the alerts.
  • Early Detection: Build and maintain pre‑commit and pull‑request security checks to catch issues before code is merged.
  • Vulnerability Management: Drive CVSS‑based SLAs, automated tracking and exception workflows for application‑layer issues across product teams.
  • Coding Standards: Define and evolve secure coding…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search