Application Security Engineer

Job Title

Job Description

So, who are we?

IG is a FTSE 100 fintech operating across five continents, serving over 1.3m customers and handling billions of dollars in transactions – built on scale, trust, and proof. We didn't pivot to innovation; it's how we've always operated. What that means for the people who work here is real: genuinely complex problems to solve, the technology and resources to tackle them properly, and the kind of scope that's rare in established businesses.

The bar is high – bring a curious and forward-thinking mindset and we'll give you the platform to define what comes next. Join us at IG – the future gets built here.

Your team

We are seeking a passionate “Application Security Engineer” who has hands-on experience in securing applications across SDLC, Penetration Testing. The ideal candidate will be responsible for identifying vulnerabilities, conducting security assessments, collaborating with developers and helping to embed security best practices into product development.

Your role in the Team's Success

Your role contributes to the success of the AppSec team by proactively identifying and mitigating application security risks, collaborating with developers and product teams to embed security early in the SDLC, Penetration Testing, SAST/DAST, Secret management, WAF, Purple Team Exercise . The position also supports process improvements, leverages automation to deliver security at pace, and helps strengthen overall security awareness across the organization.

What you'll do

• Perform security assessments/Penetration Testing of web, mobile, and cloud-based applications.

• Conduct secure code reviews, threat modelling, and architecture reviews.

• Collaborate with engineering teams to integrate security into CI/CD pipelines.

• Identify, validate, and track remediation of vulnerabilities discovered through SAST, DAST, SCA, and penetration testing.

• Develop and enforce secure coding standards and guidelines.

• Execute Purple Team/Red Team exercise and work closely with SOC team on this.

• Provide training and guidance to developers on application security best practices.

• Research and stay up-to-date with emerging security threats, tools, and techniques.

• Support incident response and root cause analysis for application-related security issues.

What you'll need for this role

• Bachelor’s degree in computer science, Information Security or related field.

• 3+ years of professional experience in Application Security / Secure Software Development Lifecycle (SSDLC) / Cyber security / Offensive Security.

• OSCP certified with hands on experience with Penetration Testing

• Strong understanding of common vulnerabilities and mitigation techniques (OWASP Top 10, SANS 25, etc.).

• Hands-on experience with one or more security tools:

  • SAST (Checkmarx, Fortify, SonarQube, etc.)

  • DAST (Burp Suite, OWASP ZAP, AppScan, etc.)

  • SCA (Black Duck, Snyk, etc.)

  • WAF(Akamai, Barracuda,etc)

• Familiarity with cloud environments (AWS, Azure, GCP) and related security controls.

• Exposure to bug bounty programs or responsible disclosure.

• Strong knowledge on Attack simulations/Red team/purple team exercise.

• Working knowledge of DevOps/DevSecOps tools and processes (Jenkins, GitHub Actions, GitLab CI/CD).

• Excellent problem-solving and communication skills.
   

Preferred (Nice-to-Have):

• Experience with container and Kubernetes security.

• Knowledge of API security testing (Postman, SoapUI, or Burp plugins).

• Experience in secure code review.

How we work

We try to take a thoughtful approach to our ways of working as a company. We follow a hybrid working model with 3 days in the office -- which we think balances the need to collaborate effectively and connect with each other. When it comes to how we deliver, there are 5 things we want everyone to do to drive high performance, better learning and career satisfaction:

• Lead and Inspire: Drives trust, alignment, and enthusiasm

• Think Big: Focus on the problems that most impact commercial outcomes

• Champion the client: Understand and prioritise client's needs

• Deliver at pace: Push for fast, sustainable growth;

• Raise the bar: Take ownership, be accountable and share feedback

We believe that diversity is vital to success, it fuels creativity, drives innovation and sets us up for global success. We're committed to building teams with a variety of perspectives and skills to help us realise our vision and strategy, that's why we encourage applications from people with diverse backgrounds and experiences to join us on this journey. Learn more about our D&I approach here.

The Perks

Your growth fuels our success! Thrive with tailored development programs, mentoring opportunities with leaders, and clear career progression. Expand your network through committees, sports and social clubs. Enjoy extra time off for volunteering and community work.

Learn more about the Perks here!

Join us for this exciting journey. Apply now!

Number of openings