Application Security Engineer
Our team is filled with ambitious, curious and entrepreneurial people. We hire and nurture inquisitive, creative minds looking to flourish in a supportive and collaborative environment
We usually respond within two weeks
The opportunity
We are looking for an accomplished Application Security Engineer to join the Information Security team at Shieldpay. You will play a key role in upholding the security of Shieldpay’s products, company systems, and people. The ideal candidate will take a “security-first” approach in everything they do.
Our global partners, and the regulatory bodies we answer to, trust us to ensure total security across all processes, whether that’s in the processing of client monies, or our internal security processes. You will be responsible for helping us achieve our mission in becoming the most trusted payment partner by ensuring our digital security.
Reporting into our Chief Information Security Officer, you'll work to make continuous security improvements across the organisation. You will be key in designing and helping implement technical security architecture for new payment services, ensuring security is built into every step of the application lifestyle.
What you’ll be doing
- Serving as the Application Security SME, providing technical expertise and guidance to engineers in the secure development of their products.
- Utilise SAST, DAST, and SCA within the development pipeline and collaborate with the engineering team to investigate, re-test, and resolve identified vulnerabilities.
- Conduct internal and external penetration testing and partner with external experts to proactively uncover potential security threats.
- Lead architectural reviews and threat modelling to embed security requirements into product designs.
- Own the secure software development lifecycle and represent application security in ISO 27001 audits, ensuring alignment and compliance with the standard.
- Contribute towards the broader company technical strategy, to guide it in a more secure direction from a development perspective.
- Regularly evaluate and report on the effectiveness of existing security controls as part of the RCSA process.
- Contribute to the wider security team and assist with incident response, monitoring, and routine security operations tasks.
- Work with the rest of the organisation to build security into everyday functions prioritising a culture of security best practices over barriers.
What we're looking for in you
- Proven experience in an Application Security, Penetration Testing, or similar role – even better if this has been within FinTech or payments!
- Experience with SAST, DAST, and SCA security tooling and the ability to interpret and address their findings.
- Familiarity with implementing ISO 27001 within software development environments.
- Proficiency in conducting penetration testing and vulnerability assessments, both manually and with automated tools.
- Knowledgeable in threat modelling and security architecture reviews to identify and mitigate risks in product designs.
- Solid understanding of software development methodologies and experience working with development teams to integrate security practices into the SDLC.
- Strong communication and collaboration skills to build effective relationships with your team and the wider business.
- Experience with AWS and GCP cloud security services, including WAF, API gateways, key management services, and secret managers.
- Ideally you will hold one or any of OSCP, OSWE, GPEN, GWAPT, GMOB, CRT, PenTest+, however this is not essential.
Our Promise
Shieldpay is an equal opportunities employer. For Shieldpay building a fair and transparent workforce begins with the recruitment process that does not discriminate on the grounds of gender, sexual orientation, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age. We offer flexible working options, such as flexible hours and hybrid work, to support our employees' work-life balance
- Team
- Technology
- Locations
- London
- Remote status
- Hybrid
- Employment type
- Full-time
- Employment level
- Professionals

Workplace & culture
Our team is filled with ambitious, curious and entrepreneurial people. We hire and nurture inquisitive, creative minds looking to flourish in a supportive and collaborative environment, recognised by being placed within the top 100 startups to work for in 2022 by Tempo and Flexa certified in 2023
We don’t like old fashioned corporate hierarchy. Instead we like to empower our people to make a change and be autonomous in their role with all the support you need with the other teams around you.
About Shieldpay
Shieldpay Limited: Regulated by the Financial Conduct Authority under the Payment Services Regulations 2017 (Reference number 770210) as an authorised payments institution. Shieldpay is a company providing simple and transparent payment solutions across the legal, financial, and professional services industries. The firm offers Third-Party Managed Accounts, Escrow facilities and payment agent services.
Shieldpay Trust Services Limited: Registered with HMRC as a trust service provider (Reference XPML00000158706) and provides the services as a corporate trustee to the beneficiaries of the trust, established by deed, in connection with escrow transactions.
Registered Address for our Group Companies is 3rd Floor, 1 Ashley Road, Altrincham, Cheshire, WA14 2DT.
Already working at Shieldpay?
Let’s recruit together and find your next colleague.