Application Security Engineer (Fintech)

TL;DR

Senior Application Security Engineer (Fintech): Designing and evolving application security within a fast-moving fintech environment with an accent on integrating security into the SDLC and proactive, developer-first security. Focus on leading application security reviews, defining secure architecture patterns, and owning the application security tooling stack.

Location: Hybrid in London

Company

hirify.global is a payment and software service provider, headquartered in London serving small, local businesses across Europe.

What you will do

• Design, implement, and continuously improve a Secure SDLC integrated from design through production.
• Embed security into planning and delivery via threat modelling, security requirements, and automated controls.
• Lead application security reviews for new systems, major features, and high-risk changes across web, API, mobile, and backend services.
• Define and maintain secure architecture patterns for authentication, authorisation, APIs, data protection, and multi-tenant isolation.
• Own the application security tooling stack (SAST, DAST, SCA), integrating it into CI/CD with high-signal, low-noise outputs.
• Partner with engineers to triage and remediate vulnerabilities based on exploitability, impact, and regulatory risk.

Requirements

• 6+ years’ experience in application security, security engineering, or software engineering with a strong AppSec focus.
• Demonstrated experience designing or operating Secure SDLC practices in fast-moving product teams.
• Hands-on expertise in web and API security, including authentication, authorisation, data flows, and common vulnerability classes.
• Proven experience integrating SAST, DAST, and SCA into CI/CD pipelines.
• Strong threat modelling and secure design skills for complex, cloud-native systems.
• Experience with modern backend and frontend or mobile stacks (e.g. JVM, Node.js, Go, TypeScript).
• Familiarity with AWS and cloud-native architectures (IAM, KMS, containers, microservices).

Nice to have

• Experience in fintech, payments, or other regulated environments.
• Familiarity with OWASP ASVS, OWASP Top 10, PCI DSS, DORA, or ISO 27001.
• Exposure to mobile security, API gateways, WAFs, or infrastructure-as-code.
• Security or cloud certifications (e.g. OSWE, OSCP, CSSLP, CISSP, AWS Security).

Culture & Benefits

• You take end-to-end responsibility for outcomes (Extreme ownership).
• You balance risk reduction with product velocity (Pragmatic and delivery-aware).
• You build trust with engineers, product, and operations teams (Low-ego and collaborative).
• You measure success through outcomes (Impact-driven and Data-informed).
• You produce clear documentation, reusable patterns, and automation (High bar for craft).
• You actively look for opportunities to use automation and AI to improve security outcomes (AI-first mindset).