Job Title

Senior Application Security Specialist Permanent Location: Manchester (Hybrid minimum 2 days per week onsite) Salary: up to 80,000 + Car Allowance + Bonus Scheme About the Client Our client is a global technology-led organisation operating at significant scale, with a large in-house engineering function delivering high-traffic, business-critical web applications. Their application security team plays a pivotal role in protecting platforms built by over 1,000 developers, working in a fast-paced, engineering-driven environment. The team is evolving rapidly, moving away from manual security processes towards automation, bespoke tooling and closer collaboration with development teams. This role offers genuine autonomy, technical challenge and the opportunity to influence application security at scale. How youll spend your day As a Senior Application Security Engineer, youll sit at the intersection of development and security, helping to secure internally built web applications through hands-on technical work, automation and strong developer engagement. Youll be trusted to operate with autonomy, shaping how application security is delivered across the organisation. Key responsibilities include: Reviewing application code to identify and remediate security vulnerabilities across modern web applications Performing and supporting web application penetration testing, focused on real-world risk rather than tick-box security Designing, building and improving security tooling and automation for tasks such as code review and vulnerability detection Working closely with developers to advise on secure design, remediation approaches and best practice Supporting the shift from manual-heavy processes to scalable, automated and AI-assisted security workflows Acting as a senior technical voice within the team, contributing to decisions, mentoring others and influencing direction Participating in on-call activity as required, supporting high-availability systems What youll bring to this role This role suits a senior, hands-on security professional with a strong development background who enjoys solving complex problems and engaging directly with engineers. Youll bring: Strong coding experience, particularly in Golang and/or Python (experience with .NET also beneficial) Proven application security experience, with a focus on web application vulnerabilities rather than infrastructure-only security Hands-on experience with code review, penetration testing, and identifying issues such as XSS, SQL injection and logic flaws Experience building or improving security automation and tooling (DevSecOps mindset) Familiarity with tools such as Burp Suite, SAST/DAST tools, GitHub/GitLab, Linux and Docker The confidence and communication skills to work with large, opinionated developer groups and challenge constructively A pragmatic, delivery-focused mindset suited to a fast-moving, commercial environment Security certifications (e.g. OSCP, OSWE, DevSecOps) are desirable but not essential practical capability matters more Perks & Benefits: Performance-Based Bonus: Annual bonus paid in two instalments (April & September), based on company and personal performance. Pension Scheme: Employer-matched contributions of up to 7.5%. Hybrid Working: Minimum 2 days per week in the office, with flexibility on which days. Flexible Working Hours: 40-hour workweek with flexibility in how hours are structured. Generous Annual Leave: 25 days holiday + your birthday off, plus bank holidays. Option to buy or sell up to 5 additional days. Free Gym Membership: Available to all employees. No Visa Sponsorship Available for this role. What happens next? One of our Recruitment Consultants will be in touch and inform you if youve been successful to the next stage of the process or not, which is a qualification call where we will tell you more about the role and the client, and understand more about you, your experience and career aspirations. Should we both wish to proceed, we will submit your details to the client and be in touch regarding the outcome and any further steps. The interview process for this client consists of: Stage 1 Remote 60-90 minutes technical interview involving a code review. Stage 2 Onsite 60 minute interview focussed on CV background and culture. Equal Opportunities We are committed to providing equal opportunities for all candidates and welcome applications from individuals regardless of age, disability, gender identity, marital status, race, religion or belief, sexual orientation, or any other characteristic protected by law. As an employment agency for permanent and contract hires, we are dedicated to promoting a diverse and inclusive workforce, and we encourage applications from underrepresented groups to drive innovation and equality within the workplace. Should you require any reasonable adjustments please let us know so we can accommodate for any interactions with us at Biometric Talent, but also inform the client to ensure reasonable adjustments are made to allow for a fair and equitable process. TPBN1_UKTJ