Security Specialist, Web & Mobile Applications

About the role

Own application security across web and mobile client deliveries, threat modelling, secure SDLC practices, vulnerability assessment, and remediation guidance. You will work directly with engineering leads on production systems for growth-stage and enterprise clients.

What you will do

• Conduct threat modelling and security reviews for web and mobile application architectures
• Run application security assessments, OWASP Top 10, API security, auth/session flows, and mobile-specific risks
• Guide secure coding practices in React, Next.js, Node.js, and native mobile stacks
• Review third-party integrations, webhook handlers, and payment flows for common failure modes
• Coordinate penetration testing and track remediation through to verified closure
• Document security findings and work with delivery leads on prioritised fix plans

Requirements

• 3+ years in application security, secure SDLC, or security-focused engineering roles
• Strong understanding of OWASP ASVS and mobile security fundamentals (iOS/Android)
• Hands-on experience reviewing web APIs, authentication, and authorisation implementations
• Familiarity with SAST/DAST tooling and dependency vulnerability management
• Ability to communicate risk clearly to engineers and client stakeholders

Nice to have

• OSCP, CEH, or equivalent security certification
• Experience with bug bounty or formal pen-test report remediation
• Cloud security basics on AWS or GCP
• Experience in fintech, healthtech, or regulated product environments