Application Security Engineer - Manager

• Conduct penetration testing of web applications, APIs, and mobile applications (iOS/Android).
• Conduct threat modelling, and secure design reviews to identify potential security risks and vulnerabilities across applications, platforms, and products.
• Partner with product and engineering teams to embed secure-by-design principles into product development, including AI systems.
• Drive the reduction of critical and high-risk vulnerabilities through root cause analysis and actionable remediation guidance.
• Work closely with engineering teams to ensure application security principles are understood and security issues are resolved without impacting delivery timelines.
• Deliver security training and awareness sessions for developers and key stakeholders to uplift secure development practices.

• 4-5 years of experience in security assessments and penetration testing of web applications, APIs, and mobile platforms.
• Proven experience in threat modelling and secure design reviews for applications.
• Ability to review and interpret code (e.g., React, Python, JavaScript) to identify security risks and weaknesses.
• Strong understanding of common application security vulnerabilities, including OWASP Top 10 and SANS Top 25.
• Knowledge of AWS security services (e.g., IAM, KMS, Security Hub, GuardDuty, network security controls).
• Exposure to AI security, including associated risks, threat models, and governance considerations.
• Excellent written and verbal communication skills, with the ability to clearly articulate risk and influence technical and non-technical stakeholders.
• Ability to work independently while collaborating effectively across multiple teams.

OakNorth Bank