Skills

Communication Penetration Testing Incident Response Cloud Security CI/CD DevOps Training Architecture Security Architecture Risk Mitigation Software Development CI/CD Pipelines Microservices

Job Specifications

Summary Description:

We are seeking an experienced Application Security Engineer to embed security across the software development lifecycle. The role focuses on enabling security-by-default delivery, operationalising DevSecOps pipelines, reducing application and AI-specific risks, and ensuring security findings are actionable and trusted by engineering teams.

Role Type: Contract

Start Date: Immediate

Salary: Day Rate

Location/Language: Reading 2 days per week / Language: English

Requirements Description:

Proven experience in application security, secure engineering, or DevSecOps.
Hands-on experience with SAST, DAST, SCA, and application security tooling (e.g., Checkmarx, Akido).
Strong knowledge of API security, authentication/authorization, and secure architecture.
Experience in secure-by-design principles, implementation patterns, and embedding security into orchestration APIs and AI/ML model interactions.
Familiarity with CI/CD pipelines and cloud DevOps environments.
Excellent collaboration and communication skills to translate findings into actionable remediation for engineering teams.

Tasks Description:

Drive security-by-default delivery of solutions without slowing development velocity.
Operationalise DevSecOps pipelines, ensuring automated security coverage via SCA, SAST, DAST.
Reduce application and AI-specific risk through secure design and implementation patterns.
Enable rapid adoption of application security tooling and ensure findings are actionable, prioritised, and trusted.
Establish security quality gates and risk thresholds to enable informed release decisions without manual friction.
Conduct threat modelling, secure design reviews, and security architecture assessments.
Perform code reviews, identify vulnerabilities, and recommend secure implementation patterns.
Collaborate with DevOps and platform teams to integrate security into CI/CD pipelines and cloud environments.
Provide training and guidance to engineering teams on secure coding and remediation practices.
Support incident response and remediation for application security issues.

Essential Skills/Experience Description:

Hands-on experience with application security tooling (SAST, DAST, SCA).
Deep understanding of DevSecOps practices, CI/CD integration, and cloud security.
Experience with secure coding principles and secure-by-design implementation.
Familiarity with API security and orchestration of microservices / AI models.
Strong collaboration and communication skills.

Desirable Skills/Additional Information Description:

Certifications: CSSLP, OSWE, GWAPT, or similar.
Background in penetration testing or secure software development.
Experience with enterprise-scale security programmes and AI/ML risk mitigation.
Knowledge of automated security findings prioritisation and remediation playbooks.

Team Contact: jude.russell@next-ventures.com

About the Company

Next Ventures is a multi-award winning, global I.T recruitment business, supplying specialist project teams to the Large Enterprise. We source local I.T talent internationally across five practice areas: - SAP - Business Applications - Cloud & Infrastructure - Development & Integration - Data Established in 2001 and now with 8 offices worldwide, our service is truly global with 70% of our business outside of the UK. Each of our offices is supported by a team of multi-lingual recruitment consultants who are all speciali... Know more