Senior Application Security Engineer at Deimos

Role Overview

• We are seeking a Senior Application Security Engineer to join our engineering team. Security is embedded in everything we do at Deimos. In this role you will shift security left - building tools, libraries, and automated guardrails that empower developers to move fast without compromising security. You will not be a gatekeeper; you will be an enabler, working closely with product and engineering teams to make secure coding the simplest, most efficient option.

What You Will Be Doing

• Defining the security standard for our product-team deployments and applications.
• Integrating and optimising security tools (SAST, SCA, Secret Detection) into developer workflows.
• Working with product teams to architect and build secure frameworks and patterns, reducing their future cognitive load.
• Automating remediation for common security issues across environments.
• Designing and deploying AI/LLM models and tooling for security-focused change reviews.
• Driving developer engagement with security through initiatives like Security Champions programmes, workshops, lunch-and-learns, and the security health score initiative.
• Collaborating with product teams on threat modelling and translating compliance requirements (ISO 27001, SOC 2) into clear technical specs.
• Hardening CI/CD pipelines and ensuring actionable, relevant security checks.
• Working with Security Operations Engineers to automate security incident triage, removing noise to prioritise high-signal alerting.

What You Must Have

• Bachelor's degree in Computer Science or a related Software Engineering field, or equivalent practical experience.
• A minimum of 5 years of experience in Software Engineering or DevOps, with at least 3 of those years specifically focused on application security.
• Strong communication skills to translate technical vulnerabilities into business and engineering impact.
• Experience with cloud security (AWS) and Infrastructure as Code (Terraform/CloudFormation).
• Proficient in architecting and developing secure applications (preferably in Java).
• Proficient in scripting (Python, Bash, Go) for automation of security tasks.
• Deep understanding of CI/CD systems and embedding security checks without slowing delivery.
• Proven ability to independently define security standards, drive adoption across engineering teams, and manage a Security Champions programme.
• Advantageous: AppSec fundamentals (OWASP Top 10, dependency management, OAuth2/OIDC), experience with SonarQube and CrowdStrike.