Application Security Engineer

Job Title

Job Description

Hello, we're IG Group. We are a publicly-traded FTSE250 FinTech company who run mobile, web and desktop platforms that help our clients trade stocks & shares, leveraged products, Futures & Options and Crypto.

We are ambitious. Over 340,000 people already use our platforms. We're global with offices in 18 countries and products in 16 regions. We're hungry to move faster, ship better product for our customers and grow our user base. We believe in high autonomy, and we want people who are looking to do things differently in order to create better experiences for our customers.

We work in cross-functional teams and are laser focused on increasing the number of active clients we serve to drive sustainable growth.

This role drives the company's success by safeguarding applications through proactive risk identification and mitigation, embedding security early in the development lifecycle, and promoting secure coding practices. By streamlining processes, leveraging automation, and fostering collaboration across teams, the role ensures security is delivered at pace while enabling innovation and strengthening the organization's overall security posture.

Your role contributes to the success of the AppSec team by proactively identifying and mitigating application security risks, collaborating with developers and product teams to embed security early in the SDLC, and driving secure coding practices through reviews, guidance, and knowledge sharing. The position also supports process improvements, leverages automation to deliver security at pace, and helps strengthen overall security awareness across the organization.

• Perform security assessments of web, mobile, and cloud-based applications.
• Conduct secure code reviews, threat modelling, and architecture reviews.
• Collaborate with engineering teams to integrate security into CI/CD pipelines.
• Identify, validate, and track remediation of vulnerabilities discovered through SAST, DAST, SCA, and penetration testing.
• Develop and enforce secure coding standards and guidelines.
• Provide training and guidance to developers on application security best practices.
• Research and stay up-to-date with emerging security threats, tools, and techniques.
• Support incident response and root cause analysis for application-related security issues.

Key Qualification Requirements:

• Bachelor's degree in Computer Science, Information Security or related field.
• Atleast 2–3 years of professional experience in Application Security / Secure Software Development Lifecycle (SSDLC).
• Strong understanding of common vulnerabilities and mitigation techniques (OWASP Top 10, SANS 25, etc.).
• Hands-on experience with one or more security tools:
  • SAST (Checkmarx, Fortify, SonarQube, etc.)
  • DAST (Burp Suite, OWASP ZAP, AppScan, etc.)
  • SCA (Black Duck, Snyk, etc.)
• Experience in secure code review.
• Familiarity with cloud environments (AWS, Azure, GCP) and related security controls.
• Working knowledge of DevOps/DevSecOps tools and processes (Jenkins, GitHub Actions, GitLab CI/CD).
• Excellent problem-solving and communication skills.

Preferred (Nice-to-Have):

• Relevant certifications such as OSWE, OSCP, GWAPT, eWPT, CEH, or CSSLP.
• Experience with container and Kubernetes security.
• Knowledge of API security testing (Postman, SoapUI, or Burp plugins).
• Exposure to bug bounty programs or responsible disclosure.

We try to take a thoughtful approach to our ways of working as a company. We follow a hybrid working model with 3 days in the office -- which we think balances the need to collaborate effectively and connect with each other. When it comes to how we deliver, there are 5 things we want everyone to do to drive high performance, better learning and career satisfaction:

• Lead and Inspire: Drives trust, alignment, and enthusiasm
• Think Big: Focus on the problems that most impact commercial outcomes
• Champion the client: Understand and prioritise client's needs
• Deliver at pace: Push for fast, sustainable growth;
• Raise the bar: Take ownership, be accountable and share feedback

We believe that diversity is vital to success, it fuels creativity, drives innovation and sets us up for global success. We're committed to building teams with a variety of perspectives and skills to help us realise our vision and strategy, that's why we encourage applications from people with diverse backgrounds and experiences to join us on this journey. Learn more about our D&I approach here.

It really is more than a job. We'll recognize your talent and make sure that you can still have a life – at work, and outside of it. Networks, committees, awards, sports and social clubs, mentorships, volunteering opportunities, extra time off… the list goes on.

• Matched giving for your fundraising activity

• Flexible working hours and work-from-home opportunities

• Performance-related bonuses

• Insurance and medical plans

• Career-focused technical and leadership training's in-class and online, including unlimited access to LinkedIn Learning platform.

• Contribution to gym memberships and more

Join us for this exciting journey. Apply now

Number of openings