Security Technical Lead

Overview

We are seeking an experienced robust Application Security Team Lead with strong hands-on expertise in penetration testing, secure code review, and software supply chain security, combined with the ability to mentor and guide a team member. This role is primarily technical with hands-on and will actively contribute to offensive security testing, design reviews, and remediation support across SaaS and enterprise applications and collaborating with development teams to enhance overall security posture.

Key Responsibilities

• Conduct end-to-end penetration testing of products across vertical
• Perform in-depth manual and automated security testing of web applications, APIs, Mobile application and backend components to uncover security flaws.
• Conduct secure source code reviews (Java, JavaScript, Python, .NET, Go, etc.)
• Identify business logic flaws, abuse cases, and complex attack chains
• Assess and mitigate software supply chain risks:
• Open-source dependency analysis
• Container & base image security
• Collaborate closely with product developers to triage, mitigate, and re-test identified vulnerabilities.
• Ensure product is secure from exploitable issues for both on-premises deployments and cloud-hosted SaaS environments.
• Continuously improve internal testing methodologies, tools, and documentation to keep pace with evolving threats.
• Engage with clients and collaborate with development teams to drive issue resolution.
• Leading the team and provide security pen test guidance to internal team members and participate in security design reviews and drive upskilling initiatives (advanced attacks, AI-assisted testing, new techniques)
  

• 8 - 10 years of experience in penetration testing, application security, or offensive security roles.
• OSCP or equivalent certification is a must
• Strong understanding of OWASP Top 10, CWE/SANS 25, network protocols and common attack vectors affecting modern applications.
• Ability to write custom exploitation scripts targeting web applications and automating repetitive tasks.
• Proven experience testing banking, fintech, or SaaS platform applications.
• Proficiency with security tools such as Burp Suite, OWASP ZAP, Kali, Nmap, and custom scripts.
• Familiarity with secure coding practices and development methodologies (Agile, DevSecOps) and Software Supply Chain Security
• Experience interpreting and analyzing source code, network configurations, and application logs to support test findings.
• Excellent verbal and written communication skills for engaging both technical and non-technical stakeholders.
• Experience working with cross-functional teams to enhance the overall security posture.
• Willingness to learn continuously and staying updated with the latest security trends, threats, and technologies.
  
  

• Burp Suite, ZAP, Nuclei
• SAST tools (Semgrep, CodeQL, Fortify, Checkmarx)
• Dependency & container scanners
• Docker, Kubernetes
  
  

• Certifications such as OCSP or relevant security certifications.
• SaaS relates such as Azure and AWS knowledge
• Familiarity with security frameworks and standards (e.g., NIST, OWASP, SANS, CIS Controls).
• Knowledge of regulatory requirements and compliance (e.g., GDPR, PSD2).
• Proficiency in scripting and automation for security tasks (e.g., Python, PowerShell).
  
  

• Maternity leave: Transition back with 3 days per week in the first month and 4 days per week in the second month
• Civil Partnership: 1 week of paid leave if you're getting married. This covers marriages and civil partnerships, including same sex/civil partnership
• Family care: 4 weeks of paid family care leave
• Recharge days: 4 days per year to use when you need to physically or mentally needed to recharge
• Study leaves: 2 weeks of paid leave each year for study or personal development
  
  

Please make sure to read our Recruitment Privacy Policy