Application Security Engineer

London, United Kingdom

Shawbrook Bank

Shawbrook is a specialist savings and lending bank, offering personal loans, residential and commercial mortgages, business finance, and savings products.

View company page

Company Description

Shawbrook is a new type of specialist financial services company, combining the relentless focus on customer service and innovation you would expect from a fintech with the expertise and certainty of a bank. Shawbrook is driven by a purpose to solve complex problems that unlock opportunity for its rapidly growing customer base of over 300,000 UK consumers and businesses.

Our success would not have been possible without our Team. Our people differentiate us from the competition through their deep sector knowledge, they are the life force of our business.

Join Shawbrook because you:

  • Want to help us deepen our industry sector knowledge, combining technology alongside the best banking brains.
  • Want to build a bank for the future and be part of our digital transformation journey that will enable customers & businesses to thrive
  • Want to continue to grow professionally. We encourage you to grow and be the best version of yourself.
  • Care about sustainability? We want to be better for our people, environment and society.
  • Bring passion and enjoyment to your work. You’ll work hard but you’ll have fun too.

Job Description

Off the back of growing demand for change and increased pace of delivery across Shawbrook, we are looking for an experienced Application Security Engineer to join our InfoSec team.

In this role, you'll play a pivotal part in ensuring the security and integrity of our software applications. You will be key in defending our digital assets against the ever-evolving landscape of cyber threats by staying up-to-date with the latest security technologies and best practices.

The complex technical environment at Shawbrook will give you endless opportunities to learn and develop your skills, gaining exposure to a wide range of systems and software and taking ownership of more complex projects as you progress.


What you’ll be doing:

  • Conduct thorough code reviews, enhancing security and compliance.
  • Perform advanced penetration testing and vulnerability assessments.
  • Utilize Qualys and other patch management tools for up-to-date security.
  • Deploy Veracode and similar tools to remediate code security issues.
  • Collaborate with DevSecOps teams to automate security in the CI/CD pipeline.
  • Harness Azure and cloud security practices for secure cloud applications.
  • Apply OWASP's Top Ten knowledge to enhance web app security.
  • Stay updated on AI/ML for security threat prevention.
  • Secure containerized apps with Docker and Kubernetes.
  • Secure APIs using modern security mechanisms and protocols.


What you’ll need…

Code Review- You will be conducting in depth code reviews to identify and rectify vulnerabilities, coding best practices, and compliance with security standards.

Experience with Scanning Tools- You will use Veracode or similar scanning tools to detect and remediate security issues in application code.

DevSecOps and CI/CD Experience- You will collaborate with DevSecOps teams to seamlessly integrate security into the Continuous Integration/Continuous Deployment (CI/CD) pipeline, promoting automation and security as code.

Cloud Security Experience- You will use cloud platforms, such as Azure & AWS, and the latest cloud security practices to ensure the security of cloud-based applications and infrastructure.

Web Application Security Experience- You will use OWASP's Top Ten vulnerabilities and other web app security tools to assess and enhance the security of web applications.

Additional Information


Your Wellbeing - We take your health and well-being very seriously by providing a range of benefits to give you and your family peace of mind. These include:

  • Market leading family friendly policies such as access to our Maternity, Adoption and Paternity policies from Day 1 of your employment
  • Free access to Headspace, a mindfulness & meditation digital health app
  • Free access to Peppy digital health app that offers personalised support through fertility treatment becoming a parent or menopause
  • EAP (Employee Assistance Programme) - Offering you support on a wide range of subjects including financial concerns, mental wellbeing and more general queries around family, work, housing and health
  • Cycle to work scheme
  • Discounts on gym membership
  • Contributory pension scheme & death in service

Your Lifestyle - It’s important you strike the right balance between your work and personal life. We provide benefits to support you when at work and when you’re enjoying your leisure time.

  • Minimum of 25 days holiday per year
  • Option to buy or sell holiday days through our flexi-holiday scheme
  • Discounts on gym membership nationwide
  • Access to discounts on a range of high street and online brands
  • Community support and charitable giving

Your Contribution - We’re focused on rewarding those that go the extra mile in helping us achieve our goals.

  • Participation in our annual discretionary bonus scheme designed to reward your contribution to our success
  • Proudly Shawbrook recognition scheme focused on recognising our role models and thanking our colleagues for a job well done
Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: APIs Application security Automation AWS Azure Banking CI/CD Cloud Compliance DevSecOps Docker FinTech Kubernetes OWASP Pentesting Qualys Veracode Vulnerabilities

Perks/benefits: Career development Fertility benefits Fitness / gym Flex vacation Health care Parental leave Salary bonus

Region: Europe
Country: United Kingdom
Job stats:  11  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.