About Company
Are you an Application Security Engineer seeking a challenging environment where your expertise directly shapes product integrity? Career.zycto is at the forefront of leveraging cutting-edge technology to solve complex industry challenges. We pride ourselves on fostering a culture of innovation, continuous learning, and robust security practices. Join a dedicated team in Guiseley where your insights into secure development lifecycles and vulnerability mitigation will be paramount. We empower our engineers to not only identify risks but also architect preventative solutions that safeguard our platforms, making us an ideal place for security-minded individuals to thrive and grow their impact.
Job Description
Career.zycto is actively seeking a talented and passionate Application Security Engineer to join our growing team in Guiseley, Leeds. In this pivotal role, you will be instrumental in embedding security throughout the entire software development lifecycle (SDLC), working hand-in-hand with development, DevOps, and QA teams to design, implement, and maintain secure applications. Your day-to-day will involve a diverse range of activities, from conducting comprehensive security reviews and threat modeling sessions for new features and systems, to performing static and dynamic application security testing (SAST/DAST) on our existing codebase. You’ll be expected to identify vulnerabilities, articulate their risks clearly to technical and non-technical stakeholders, and provide pragmatic recommendations for remediation.
This isn’t just about finding flaws; it’s about building a culture of security by empowering our engineering teams with the knowledge and tools they need to write secure code from the outset. You will contribute to the development of security standards, guidelines, and reusable components that streamline secure development practices. We’re looking for someone who thrives on staying ahead of the latest security threats, vulnerabilities, and mitigation techniques, constantly researching and integrating best practices into our security framework. You will also play a key role in incident response, assisting in the investigation and resolution of application security incidents, ensuring a robust and resilient posture against evolving cyber threats.
We value proactive problem-solvers who can communicate effectively, collaborate seamlessly, and demonstrate a deep commitment to continuous improvement. If you’re eager to make a significant impact on the security of critical applications, mentor fellow engineers, and evolve within a dynamic tech landscape, Career.zycto offers the perfect platform for your career aspirations. This is an exciting opportunity to shape the future of our product security and contribute to a secure digital experience for our users.
Key Responsibilities
- Conduct comprehensive security reviews and threat modeling for new features and existing applications.
- Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) to identify vulnerabilities.
- Collaborate with development teams to provide guidance on secure coding practices and design secure architectures.
- Develop and implement security controls, standards, and best practices throughout the SDLC.
- Automate security testing processes and integrate them into CI/CD pipelines.
- Participate in security incident response, investigation, and remediation efforts.
- Research emerging security threats, vulnerabilities, and effective mitigation strategies.
- Provide security training and awareness to engineering teams to foster a security-conscious culture.
- Evaluate and recommend security tools and technologies to enhance our application security posture.
Required Skills
- Proficiency in application security principles and secure coding practices.
- Experience with SAST, DAST, IAST, and penetration testing methodologies.
- Strong understanding of common web application vulnerabilities (OWASP Top 10).
- Familiarity with at least one major programming language (e.g., Python, Java, C#, Go).
- Experience with cloud security principles and practices (e.g., AWS, Azure, GCP).
- Knowledge of identity and access management (IAM) concepts.
- Excellent problem-solving and analytical skills.
- Strong communication and interpersonal abilities to collaborate effectively with cross-functional teams.
Preferred Qualifications
- Bachelor's degree in Computer Science, Information Security, or a related field.
- Relevant security certifications (e.g., CSSLP, OSCP, GWAPT, CISSP).
- Experience with security frameworks and standards (e.g., NIST, ISO 27001).
- Hands-on experience with container security (Docker, Kubernetes).
- Previous experience with bug bounty programs or responsible disclosure initiatives.
- Experience in a highly regulated industry (e.g., FinTech, Healthcare).
Perks & Benefits
- Competitive salary and performance-based bonuses.
- Generous paid time off and public holidays.
- Comprehensive private medical and dental insurance.
- Life assurance and income protection schemes.
- Company pension scheme with employer contributions.
- Opportunities for professional development and certifications.
- Flexible working options where applicable.
- Modern office environment with excellent transport links.
- Regular team social events and company-wide celebrations.
How to Apply
Ready to secure the future with Career.zycto? We encourage all qualified candidates to submit their applications by clicking on the link below. Please ensure your CV highlights your relevant experience in application security. We look forward to reviewing your application!
