RemoteLeaf Logo
Log in Sign up

Senior Application Security Engineer

3 weeks, 4 days ago
United Kingdom
Full-time
Senior
Application Security Engineer
Cybersecurity
Burp Suite CI/CD Django GCP MongoDB Penetration Testing Python Terraform Vue.js
Apply Now
Prolific

Prolific

Prolific is a platform that enables researchers to quickly find trustworthy research participants. With a pool of over 120,000 active and verified participants, Prolific ensures high-quality responses through continuous monitoring and engagement. The p...

Professional Services
51-250
Founded 1997
$0M raised
View All Jobs 160

Description

  • Serve as the technical authority for application security across Prolific’s engineering organization.
  • Perform hands-on security testing and code review to identify and remediate vulnerabilities in web applications and APIs.
  • Lead threat modelling sessions for new features and high-risk systems.
  • Build, automate, and maintain security tooling for detection, testing, and remediation workflows.
  • Implement and tune SAST, SCA, DAST, and secret scanning in CI/CD pipelines.
  • Partner with product engineering, platform, data, and TechOps teams to embed secure development practices across the SDLC.
  • Run penetration tests and improve detection coverage for emerging threats.
  • Explain security issues clearly to engineering teams and drive remediation efforts.
  • Stay ahead of modern attack paths and security risks affecting participant data, credentials, payment flows, and API integrations.

Requirements

  • Several years of experience in application security, product security, or security engineering.
  • Strong knowledge of OWASP Top 10 for web and API security.
  • Experience with modern attack paths such as authentication flaws, SSRF, injection, business logic abuse, and supply chain attacks.
  • Hands-on security testing experience across web apps and APIs, especially using Burp Suite.
  • Experience working with complex, large-scale systems and modern architectures.
  • Proficiency in Python for security tooling, automation, or custom detection; Django experience is a plus.
  • Experience implementing and tuning SAST, SCA, DAST, and secret scanning in CI/CD.
  • Practical threat modelling experience, including leading lightweight sessions.
  • Strong collaboration and communication skills with the ability to drive remediation.
  • Experience with Django, Vue.js, MongoDB, or GCP is preferred.
  • Experience with security champions or bug bounty programmes is preferred.
  • Experience with supply chain security, including SCA, SBOMs, and dependency review, is preferred.
  • Experience with IaC security such as Terraform or policy-as-code is preferred.
  • Hands-on certifications such as OSCP, GWAPT, or BSCP are preferred.
  • Experience helping build security practices in scaling environments is preferred.

Benefits

  • Competitive salary.
  • Benefits package.
  • Remote working.
  • Mission-driven culture.
  • Access to a unique human data platform and opportunities for groundbreaking research.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Smartsheet

Senior Security Engineer II, Application Security (Remote Eligible)

Smartsheet 1K-5K Internet Software & Services

Smartsheet is hiring a Senior Security Engineer II to strengthen application security for its global SaaS platform by securing AI-integrated features, expanding security automation, and leading high-impact security reviews.

United States Full-time Senior Application Security Engineer
$175k-$245k
AWS Azure CI/CD GCP GitLab Go Java JavaScript LLM Penetration Testing Python Ruby TypeScript
9 hours, 19 minutes ago
e.l.f. Beauty

Senior Application Security Engineer

e.l.f. Beauty 251-1K Consumer Goods

Senior Application Security Engineer role at a remote marketing and digital commerce company focused on securing applications across the software development lifecycle.

India Full-time Lead Application Security Engineer
Agile AWS Azure CI/CD Cybersecurity DevSecOps GCP HTML JavaScript Penetration Testing Python REST API
1 day, 6 hours ago
Binance

Binance Accelerator Program - Blockchain / Smart Contract Security

Binance 5K-10K Capital Markets

Binance is seeking a Binance Accelerator Program participant to support smart contract and blockchain security work, including audits, vulnerability analysis, and risk detection across Web3 systems.

Asia Hong Kong Taiwan Internship Entry Level Application Security Engineer
Blockchain Git Python VS Code
2 days, 10 hours ago
Evolve Security Academy

Senior Application Security Tester & AI Red Team Subject Matter Expert

Evolve Security Academy 11-50 Internet Software & Services

Evolve Security is seeking a senior offensive security specialist to lead complex web, API, and AI red team engagements while defining the firm’s testing methodology for LLM-enabled and agentic systems.

United States Full-time Senior AI (Artificial Intelligence) Application Security Engineer
Bash GraphQL JavaScript JWT Metasploit Nmap OpenID Connect Penetration Testing Postman PowerShell Python REST API SAML SPA TypeScript
3 days, 19 hours ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers