AppSec Engineer

Security & Infrastructure London, United Kingdom


AppSec Engineer

Who are we?

We want to help small businesses win. That’s why we’re here. 

We connect small business owners to investors – to create jobs, support local communities and power economies – because we believe that people are made to do more. And we want to help realise their goals. 

So, we created the leading small business loan platform. Investors have lent £9.8 billion in 130,000 loans to 90,000 small business owners. In a single year, this lending unlocked 115,000 jobs and contributed £6.5 billion to the global economy. There’s never been a better time to join! 

Be part of the team that changes everything. Let’s build the place where small businesses can get the funding they need to win and leave a legacy behind, forever. 

This role sits within the Tech Security teams. The drivers behind our platform – brilliant people working together to create, code, and build the next game changers.

What will you be doing?

As an AppSec engineer in our DevSec team you will be responsible for ensuring that security is embedded and automated to protect the network and infrastructure. This is a hands-on AppSec role where the candidate will be helping to implement security tools and work with engineering teams to remediate web and infrastructure vulnerabilities.

To do this you will:

  • Implement automated security tooling for containers and web applications
  • Work with engineering teams to help remediate vulnerabilities
  • Scope penetration testing engagements on our infrastructure
  • Properly balance security risk against the other needs of the business
  • Triage issues found by tools, external reports, and various tests, to accurately assess the real risks
  • Design application security requirements
  • Train development, infrastructure, and IT teams on security best practices

You have experience in and enjoy the following:

  • Security Professional - A foundation and in-depth technical knowledge of security engineering
  • Collaboration - Engagement with the InfoSec team and other stakeholders 
  • Automating - Experience scripting and optimizing day-to-day operations, workflows, and security tools
  • Previous experience in an web security role, or a role that works closely with infrastructure security
  • Strong understanding of network security techniques
  • Strong understanding of the OWASP Top Ten
  • Experience of training engineers in secure best practices 
  • Excellent communication skills, in both technical and non-technical topics

Bonus points for...

  • Previous experience working with security tooling in cloud environments, notably AWS
  • Experience working with Vulnerability tools and WAFs 
  • DAST Experience
  • API Security knowledge

Why should you join us? 

We’re gearing up for our biggest chapter yet – and it’s being driven by tech. 

That means full steam ahead working on our global platform and real challenges for you to noodle and solve – as we build new things, reimagine the stack and go after the greenfield. 

We believe that great ideas come from everywhere. So, there are no pigeonholes here. We keep it agile and open. Think big remits and huge ownership in a continuous learning environment. Close knit teams, with mentorships and global career opportunities. Everyone working together to make a genuine difference to small business owners. 

Join the team making it happen. Help us define long-term commitments and launch the next game changers – let’s build the incredible.  

It’s in our differences that we find our strengths. 

At Funding Circle, we celebrate and support the differences that make you, you. We’re proud to be an equal opportunity workplace and affirmative action employer. We truly believe that diversity makes us better. We particularly encourage applications from applicants from underrepresented backgrounds. We welcome applicants who may want to work flexibly. 

Want to Build the Incredible? We’d love to hear from you.