Application Security Engineer

Purpose of Position

Your role is to establish and lead an AppSec program within the Product and Technology department, acting as an evangelist for AppSec, trusted by engineers and managers alike. As a member of the core security team, you will engage in assessing application design proposals, to identify improvements to enable our engineers to create secure products. You will own the existing training program, redesign it to better equip engineers with the knowledge needed to develop secure applications, and create a Security Champions program to scale and embed a DevSecOps mindset across P&T.

• Secure the SDLC: Integrate security tooling (e.g. SAST, DAST, dependency scanning) into CI/CD pipelines and IDEs. Automate and optimise checks so teams can identify and fix issues early and efficiently.
• Threat modelling & secure design: Collaborate with product and engineering teams during the design phase to conduct threat modelling sessions and pre-implementation security reviews.
• Code & architecture reviews: Guide developers on secure coding practices, perform targeted code reviews, and help resolve vulnerabilities with actionable remediation support.
• Vulnerability lifecycle management: Identify, triage, track and report on vulnerabilities across internal and external apps and systems, collaborate with engineers, support the bug bounty process, present vulnerability management reports.
• AI/ML & LLM security: Provide guidance on secure development of AI/LLM-powered features, help teams manage risks, lead threat modelling exercises for AI components.
• Incident response collaboration: Support investigation and root cause analysis of application-layer incidents. Contribute to post-incident reviews and longer-term mitigation strategies.
• Research & innovation: Stay ahead of industry threats and attack trends. Propose and test innovative ideas to reduce risk across our software supply chain and platforms.

• 3+ years in application security, product security or related technical roles.
• Experience working directly with software engineer and product managers to secure web applications.
• Experience in working within an Agile environment.
• Coding proficiency in languages such as JS, PHP, Python, Terraform.
• Experience with Cloud Native environments (AWS), Containers and Terraform.
• Hands on experience with DAST, SAST, SCA tools, reporting and dashboarding platforms.
• Excellent interpersonal skills and ability to clearly communicate at every level of the organisation.
• Mentorship and training skills.
• Ability to work across two different departments with multiple touch points.

• Flexi-Week and Work-Life Balance: We prioritise your mental health and wellbeing, offering you a flexible four-day Flexi-Week at full pay and with no reduction to your annual holiday allowance. We also offer a variety of different paid special leaves.
• Flexi-Office: We offer an international culture and flexibility through our Flexi-Office and hybrid/remote work possibilities to work across Awin regions
• Health & Well Being: With our support and access to various initiatives and sports offers, you can devote yourself to your mental and physical well-being.
• Development: We've built our extensive training suite Awin Academy to cover a wide range of skills that nurture you professionally and personally, with trainings conveniently packaged together to support your overall development.
• Remote Working Allowance: You will receive a monthly allowance to cover a part of your running costs. In addition, we will support you in setting up your remote workspace appropriately.
• Appreciation: Thank and reward colleagues by sending them a voucher through our peer-to-peer program.
• We are hiring in multiple countries, additional benefits in terms of health, well being, security and more will be discussed further upon first initial interview with the talent team.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Information Technology
• Industries: Advertising Services

Diversity & Inclusion are paramount to us, and we proudly pursue and hire diverse team members. We champion uniqueness and authenticity; this is who we are at our core. Our network of affiliate partnerships are diverse and transparent, as are the employees powering our vision to build the world's leading open partner ecosystem. We welcome all backgrounds, identities, and experiences. If you need support at any point in the application or interview process, please let us know.

Apply now to begin the next stage of your career at a progressive company that supports both your professional and personal development.