We're working with a fast-growing global SaaS business to find a Staff Application Security Engineer based in Belfast. This is a senior, high-impact hire that will act as the security lead for the Belfast office and wider UK region, sitting at the intersection of technical expertise, engineering partnership, and security leadership.
The Role
Reporting into the Senior Manager of Information Security, you'll own the application security programme across a global engineering organisation. This isn't a purely advisory position, you'll be hands-on, embedded with engineering teams, and expected to drive real change across the secure software development lifecycle.
You'll work closely with Principal Engineers to influence technical direction, lead vulnerability remediation efforts, manage relationships with penetration testing vendors, and champion a security-first culture across the business.
What You'll Be Doing
- Leading application security across the full SDLC, including threat modelling, secure code review, and security architecture consultation
- Owning the enterprise secrets management programme, defining standards and implementing solutions across all environments
- Partnering with offensive security and pen test vendors to identify, validate, and remediate vulnerabilities
- Driving adoption of security tooling including SAST, DAST, Snyk, and related platforms
- Mentoring engineers and building security awareness and maturity across global teams
- Supporting incident response and providing deep technical expertise during security investigations
What We're Looking For
- 5+ years hands-on application security experience, including secure code review, threat modelling, and AppSec tooling
- Strong engineering foundations -- this role requires someone who can partner with Principal Engineers as a technical peer
- Experience with secrets management at enterprise scale
- Proficiency in Python, Bash, or Go for automation and custom tooling
- Familiarity with OWASP Top 10 and proven ability to architect remediation solutions
- Excellent communication skills with the ability to influence technical and non-technical stakeholders across multiple global offices
- A track record of mentoring senior engineers and raising security maturity
Desirable
- Experience with Snyk or similar SCA/SAST platforms
- AWS or GCP security operations experience, particularly serverless and containerised environments
- DevSecOps background and CI/CD pipeline security experience
- Security certifications such as CSSLP, GWEB, or eCPPT
Package:
- Discretionary bonus
- Hybrid or remote options available - N.Ireland based
- 35 days annual leave inc stat
- Enhanced pension
- Private health
Please apply now if you are meeting the above criteria or contact Andrew Harrison directly.