Cyber Security Engineer (AppSec)

TL;DR

Cyber Security Engineer (AppSec): Improving application security across a cloud-native technology estate with an accent on developer-friendly security guardrails and CI/CD pipeline integration. Focus on vulnerability management, practical threat modeling, and automating security workflows to reduce friction for engineering teams.

Location: Hybrid (London), averaging two to three days onsite.

Company

The hirify.global is one of the world’s leading news organisations, globally recognised for its authority, integrity, and accuracy.

What you will do

• Improve application security across the FT’s cloud-native technology estate.
• Develop and improve security guardrails across GitHub-based CI/CD pipelines and engineering workflows.
• Manage vulnerability triage using SAST, software composition analysis, and secret scanning.
• Support and facilitate practical threat modeling sessions for applications and new features.
• Create scripts and small tools in Python to automate security workflows and improve visibility.
• Collaborate with product, platform, and software engineering teams to remediate issues pragmatically.

Requirements

• Practical experience in application security (AppSec).
• Experience identifying and remediating application security risks in modern engineering environments.
• Proficiency in vulnerability triage, prioritisation, and remediation tracking.
• Ability to write automation scripts, ideally in Python.
• Familiarity with common web application security risks and secure coding practices.
• Must be based in or able to work in London (Hybrid).

Nice to have

• Exposure to AWS security, cloud security, or infrastructure-as-code (Terraform, CloudFormation).
• Experience with container or Kubernetes security.
• Experience with bug bounty programs or penetration testing.
• Knowledge of AI security, including LLM-enabled applications and prompt/data leakage risks.
• Experience with Splunk or similar SIEM platforms.

Culture & Benefits

• 50% hybrid working model fostering both remote adaptability and in-person collaboration.
• Generous annual leave and medical cover.
• Inclusive parental leave packages.
• Subsidised gym memberships.
• Commitment to diversity, equity, and inclusion in a warm, collaborative environment.