Senior Application Security Specialist

Senior Application Security Specialist Permanent

Location:

Manchester (Hybrid minimum 2 days per week onsite) Salary: up to £80,000  Car Allowance  Bonus Scheme About the Client Our client is a global technology-led organisation operating at significant scale, with a large in-house engineering function delivering high-traffic, business-critical web applications. Their application security team plays a pivotal role in protecting platforms built by over 1,000 developers, working in a fast-paced, engineering-driven environment.

The team is evolving rapidly, moving away from manual security processes towards automation, bespoke tooling and closer collaboration with development teams.

This role offers genuine autonomy, technical challenge and the opportunity to influence application security  youll spend your day As a Senior Application Security Engineer, youll sit at the intersection of development and security, helping to secure internally built web applications through hands-on technical work, automation and strong developer engagement. Youll be trusted to operate with autonomy, shaping how application security is delivered across the organisation.

Key responsibilities include:

Reviewing application code to identify and remediate security vulnerabilities across modern web applications Performing and supporting web application penetration testing, focused on real-world risk rather than tick-box security Designing, building and improving security tooling and automation for tasks such as code review and vulnerability detection Working closely with developers to advise on secure design, remediation approaches and best practice Supporting the shift from manual-heavy processes to scalable, automated and AI-assisted security workflows Acting as a senior technical voice within the team, contributing to decisions, mentoring others and influencing direction Participating in on-call activity as required, supporting high-availability systems What youll bring to this role This role suits a senior, hands-on security professional with a strong development background who enjoys solving complex problems and engaging directly with engineers.

Youll bring:
Strong coding experience, particularly in Golang and/or Python (experience with .NET also beneficial) Proven application security experience, with a focus on web application vulnerabilities rather than infrastructure-only security Hands-on experience with code review, penetration testing, and identifying issues such as XSS, SQL injection and logic flaws Experience building or improving security automation and tooling (Dev Sec Ops  mindset) Familiarity with tools such as Burp Suite, SAST/DAST tools, Git Hub/Git Lab, Linux and Docker The confidence and communication skills to work with large, opinionated developer groups and challenge constructively A pragmatic, delivery-focused mindset suited to a fast-moving, commercial environment Security certifications (e.g. OSCP, OSWE, Dev Sec Ops ) are desirable but not essential practical capability matters more Perks & Benefits:
Performance-Based Bonus:
Annual bonus paid in two instalments (April & September), based on company and personal performance. Pension Scheme:
Employer-matched contributions of up to 7.5%. Hybrid Working:
Minimum 2 days per week in the office, with flexibility on which days. Flexible

Working Hours:

40-hour workweek with flexibility in how hours are structured. Generous Annual Leave: 25 days holiday  your birthday off, plus bank holidays. Option to buy or sell up to 5 additional days. Free Gym Membership:
Available to all employees. No Visa Sponsorship Available for this role. What happens next? One of our Recruitment Consultants will be in touch and inform you if youve been successful to the next stage of the process or not, which is a qualification call where we will tell you more about the role and the client, and understand more about you, your experience and career aspirations.

Should we both wish to proceed, we will submit your details to the client and be in touch regarding the outcome and any further steps. The interview process for this client consists of:
Stage 1 Remote 60-90 minutes…