This website uses cookies to ensure you get the best experience.

Expenti and our selected partners use cookies and similar technologies (together “cookies”) that are necessary to present this website, and to ensure you get the best experience of it. If you consent to it, we will also use cookies for analytics purposes.

See our Cookie Policy to read more about the cookies we set.

You can withdraw and manage your consent at any time, by clicking “Manage cookies” at the bottom of each website page.

Select which cookies you accept

On this site, we always set cookies that are strictly necessary, meaning they are necessary for the site to function properly.

If you consent to it, we will also set other types of cookies. You can provide or withdraw your consent to the different types of cookies using the toggles below. You can change or withdraw your consent at any time, by clicking the link “Manage Cookies”, which is always available at the bottom of the site.

To learn more about what the different types of cookies do, how your data is used when they are set etc, see our Cookie Policy.

These cookies are necessary to make the site work properly, and are always set when you visit the site.

Vendors Teamtailor

These cookies collect information to help us understand how the site is being used.

Vendors Teamtailor
Expenti career site
Malaga, Reading · Hybrid

Application Security Engineer

About this role

We are seeking a technically skilled Application Security Engineer to join our growing security team and help secure the software we build and deliver. You will play a key role in implementing secure development practices, integrating security into CI/CD pipelines, and collaborating closely with engineers to identify, prioritise, and remediate vulnerabilities.

This role is ideal for someone passionate about DevSecOps, threat modelling, and proactive security in modern software development environments, particularly within a GitLab-driven, multi-cloud (AWS, Azure, GCP) architecture.


Your mission

Your mission is to embed security across our software development lifecycle. You will work directly with engineering teams to assess application risk, implement tooling for static and dynamic analysis, and ensure critical issues are identified and addressed early. You’ll bring deep security insight to the development process and champion a security-first mindset without slowing down delivery.


What’ll you do

Secure Software Development Lifecycle (SSDLC)

  • Define and implement security checkpoints (e.g., threat modelling, secure design reviews) for critical features
  • Collaborate with developers to ensure security is considered throughout the SDLC
  • Maintain and enforce secure coding guidelines and reference architectures


CI/CD Security Integration

  • Integrate SAST, DAST, container and secret scanning tools into GitLab pipelines
  • Configure policy-as-code to block critical vulnerabilities from being deployed
  • Continuously optimise security tooling to minimise noise and developer friction


Vulnerability Management

  • Review and triage findings from GitLab security scans and third-party tools
  • Coordinate with Engineering and the Head of Security to prioritise remediation
  • Track vulnerability metrics and support risk reporting


Collaboration & Enablement

  • Partner with engineers to provide secure coding guidance and remediation support
  • Contribute to internal security training, documentation, and awareness campaigns
  • Act as a technical point of contact for application security during audits and assessments


What you'll bring

Essential Experience

  • 3+ years in application security, software engineering, or DevSecOps roles
  • Strong knowledge of secure coding principles and common vulnerabilities (OWASP Top 10, CWE)
  • Hands-on experience with GitLab CI/CD and integrating tools like Snyk, Semgrep, Checkmarx, or similar
  • Experience reviewing code and infrastructure (IaC - preferably Terraform) for security issues
  • Familiarity with cloud-native architectures and their associated risks (containers, APIs, microservices)
  • Familiarity with identity and access controls in Azure, AWS, or GCP


Soft Skills

  • Strong communicator, able to influence and support developers and product developement
  • Pragmatic and collaborative; solutions-oriented with a ‘can do’ approach
  • Passionate about automation and modern engineering practices
  • Curious, self-driven, and eager to stay current on emerging security trends
Locations
Malaga, Reading
Remote status
Hybrid

About Expenti

We're digital innovators, leveraging the latest tech to deliver solutions that drive engagement, supercharge efficiency and create unstoppable growth. It's our mission to push the envelope and build products that redefine what's possible.

Epic experiences. Exceptional quality. That's Expenti.

Malaga, Reading · Hybrid

Application Security Engineer

Loading application form

Already working at Expenti ?

Let’s recruit together and find your next colleague.