Techfellow Limited is seeking a Lead Application Security Engineer to establish a new application security function within a technology-enriched investment firm. This senior role involves shaping and implementing a DevSecOps environment while collaborating with engineering teams to ensure secure software delivery.
[Up to c. $375k Comp Package (or equivalent) | Hybrid Working] We’re supporting a globally respected investment firm on the build-out of a greenfield Application Security function. With cloud-native infrastructure, modern DevOps practices, and executive-level buy-in, the firm is investing in a long-term AppSec roadmap - and now they’re seeking a hands-on technical lead to own its implementation from the ground up. This is a senior opportunity for someone who’s ready to shape, build, and run a full-stack DevSecOps environment - educating developers, embedding testing and automation into CI/CD pipelines, and influencing how secure software is delivered across the business. It’s ideal for someone with a development background who’s since moved into security, and who understands the pressures engineers face. You’ll be given autonomy and influence - but also expected to bring clarity, energy, and leadership to make it happen... Key Responsibilities • Lead the design, delivery, and evolution of a new application security programme, reviewing the existing roadmap and working with the Head of DevOps and CTO to gain alignment and sign-off • Act as a subject matter expert on secure development - advising engineers, promoting best practices, and embedding security into CI/CD workflows without blocking productivity • Partner with DevOps teams to ensure secure automation across infrastructure and application layers, aligning closely with platform and tooling standards • Manage, deploy, and optimise security tools across the pipeline - including SAST, DAST, SCA, OSS scanning, and dependency management • Define and maintain AppSec standards, policies, and documentation to support scalable adoption across engineering teams • Build developer-friendly guidance and training that encourages secure coding habits, threat awareness, and proactive risk mitigation • Stay ahead of emerging threats and trends in application security - providing input on tooling decisions, framework updates, and control enhancements • Act as the escalation point for complex security issues in the SDLC, advising on risk, controls, and code-level mitigations when needed What You’ll Bring... • 6+ years’ experience in software development, DevOps, or security engineering - with a focus on secure software delivery • Strong development background - able to read and support code in multiple languages and relate to the demands of modern engineering teams • Demonstrated expertise across DevSecOps tools and practices - including CI/CD security integration and automation • Experience managing CI/CD platforms (GitHub, Jenkins, GitLab CI/CD, Azure DevOps) at a systems or server level • Solid grasp of IaC (Infrastructure-as-Code) tooling such as Terraform or CloudFormation • Skilled in scripting and automation using Python, Bash, or similar • Hands-on experience with cloud infrastructure (AWS essential, Azure/GCP a bonus) and container orchestration (Docker, Kubernetes) • Strong understanding of secure architecture principles and frameworks - NIST CSF, ISO27001, SOC 2, etc. • Excellent communication skills - able to influence senior stakeholders, translate security concerns, and build trust across technical teams • (Preferred) Prior experience working in fast-paced financial environments or building AppSec programmes from the ground up • (Preferred) Relevant certifications (e.g. OSWE, CSSLP, CISSP, or equivalent) ...
Techfellow Limited is seeking a Lead Application Security Engineer to establish a new application security function within a technology-enriched investment firm. This senior role involves shaping and implementing a DevSecOps environment while collaborating with engineering teams to ensure secure software delivery.