Job Title: Senior Application Security Engineer
Duration: Minimum 1 year
Workload: Full time hours
Setup: Freelance (Daily rate / Limited Company / Umbrella / Sole Trader)
Location: Remote
We’re looking for a senior-level security expert to lead proactive security design and validation across complex web application environments.
Key Responsibilities:
- Lead security architecture reviews and conduct in-depth threat modelling for new products and infrastructure.
- Perform hands-on penetration testing and security assessments to uncover and validate vulnerabilities.
- Research emerging threats and develop mitigation strategies to stay ahead of evolving attack vectors.
- Collaborate with engineering teams to embed security into the development lifecycle (DevSecOps).
Must-Have Skills:
- 7+ years in offensive and defensive security roles, with long-term project experience.
- Proven expertise in penetration testing (especially web applications) and threat modelling.
- Strong programming/scripting skills, particularly in Python.
- Deep knowledge in at least one core security domain (e.g., cryptography, secure architecture, authentication).
- Excellent communication skills in English.
Nice-to-Have:
- Experience with cloud-native security (AWS, GCP, Kubernetes).
- Familiarity with securing serverless or AI/ML platforms.
- Industry certifications such as OSCP, OSCE, or CISSP.