Application Security Team Lead

City of London (hybrid)

Up to £100,000 per annum + annual discretionary bonus

On behalf of a key client, I am looking for an experienced and forward-thinking Application Security Team Lead to shape, evolve, and elevate our application security capability. This is a high-impact role where you'll embed security into modern engineering practices, influence technical direction, and enable secure delivery at scale across our organisation.

As the Application Security Team Lead, you'll take ownership of how application security is delivered across the business, ensuring it is practical, automated, and seamlessly integrated into engineering workflows. Reporting to the Cyber Security Technical Manager, you'll lead a small but growing team while remaining hands-on with tooling, standards, and secure-by-design practices.

The organisation can offer this role on a hybrid working basis with a non-negotiable 3 day per week in their London office, therefore you must be within reasonable commuting distance.

Responsibilities:

• Leading, developing, and supporting the Application Security team to deliver high-quality AppSec services.
• Owning and operating application security tooling (including SAST and DAST) to ensure effective coverage across all in-scope applications.
• Embedding automated security testing and guardrails into CI/CD pipelines in partnership with engineering and platform teams.
• Defining and maintaining secure development standards, secure coding guidelines, and threat-modelling practices.
• Providing practical, risk-based security guidance to engineering, product, and architecture teams.
• Working with our Vulnerability Lead to drive identification, triage, and prioritisation of application vulnerabilities.
• Establishing and tracking key AppSec metrics, including remediation timelines and tooling coverage.
• Building and running a security champions programme to scale secure-by-design thinking across engineering.
• Supporting secure architecture and design reviews, especially for cloud-native and API-driven systems.
• Staying ahead of emerging threats, technologies, and development practices-including software supply chain and AI-assisted development.

Experience/Skills required:

• 5+ years' experience in an application security, or a related role, including 2+ years focused on AppSec.
• Experience leading, mentoring, or coaching engineers or security professionals.
• Hands-on experience with AppSec tooling (SAST, DAST, SCA, secrets management).
• Experience integrating security controls into CI/CD pipelines (eg, GitHub, AWS DevOps).
• Strong understanding of Agile, DevOps, and cloud-native architectures.
• Practical experience with secure coding, threat modelling, and vulnerability management.
• Strong problem-solving skills and the ability to prioritise risk in line with business needs.