Siena Partnership

www.thesienapartnership.com

1 Job

22 Employees

About the Company

Siena Partnership is a boutique consultancy providing executive search, interim management, delivery teams and advisory services.

We connect high-performing professionals from technology, change, finance and operations across multiple sectors.

For further insight into the business please visit our website.

http://www.thesienapartnership.com

Listed Jobs

Company Name: Siena Partnership
Job Title: Senior Application Security Engineer
Job Description: Job Title: Senior Application Security Engineer Role Summary: Drive the integration of application security into the product development lifecycle and CI/CD pipelines for a high‑volume fintech platform. Lead security assessments, remediation planning, and continuous improvement of AppSec controls while collaborating closely with engineering, SRE, and product teams. Expactations: - Individual contributor with strong software engineering foundation. - Influence security strategy and road‑mapping, ensuring security is embedded from inception. - Provide actionable risk visibility and progress metrics to leadership. Key Responsibilities: - Conduct structured reviews of web applications and APIs, mapping current AppSec controls. - Identify critical vulnerabilities, system weaknesses, and quick‑win remediation opportunities. - Triage and prioritize issues based on risk and business impact. - Embed SAST, DAST, SCA, and secrets scanning into CI/CD pipelines. - Partner with SRE and engineering on secure architectures and coding standards. - Drive threat modeling for key products and high‑risk changes. - Support and oversee application penetration testing activities. - Mentor engineers on secure design, coding, and review practices. - Develop lightweight security guidelines, playbooks, and training materials. - Contribute to AppSec roadmap and recommend security tools/services. Required Skills: - Deep knowledge of web application and API security. - Expertise in threat modeling, secure coding, and code review. - Hands‑on experience with SAST, DAST, SCA, and secrets scanning tools. - Practical understanding of CI/CD pipelines, cloud‑native architectures, microservices, and APIs. - Ability to integrate security into SDLC and change management processes. - Strong communication skills for coaching and influencing cross‑functional teams. Required Education & Certifications: - Bachelor’s degree in Computer Science, Information Security, or related field. - Industry certifications preferred: CISSP, OSCP, CISM, or equivalent.

London, United kingdom

On site

Senior

01-12-2025