Application Security Engineer (f/m/d)

Your role is to establish and lead an AppSec program within the Product and Technology department, acting as an evangelist for AppSec, trusted by engineers and managers alike. As a member of the core security team, you will engage in assessing application design proposals, to identify improvements to enable our engineers to create secure products. You will own the existing training program, redesign it to better equip engineers with the knowledge needed to develop secure applications, and create a Security Champions program to scale and embed a DevSecOps mindset across P&T. Secure the SDLC: Integrate security tooling (e.g. SAST, DAST, dependency scanning) into CI/CD pipelines and IDEs. Automate and optimise checks so teams can identify and fix issues early and efficiently. Threat modelling & secure design: Collaborate with product and engineering teams during the design phase to conduct threat modelling sessions and pre-implementation security reviews. Code & architecture reviews: Guide developers on secure coding practices, perform targeted code reviews, and help resolve vulnerabilities with actionable remediation support. Vulnerability lifecycle management: Identify, triage, track and report on vulnerabilities across internal and external apps and systems, collaborate with engineers, support the bug bounty process, present vulnerability management reports. AI/ML & LLM security: Provide guidance on secure development of AI/LLM-powered features, help teams manage risks, lead threat modelling exercises for AI components. Incident response collaboration: Support investigation and root cause analysis of application-layer incidents. Contribute to post-incident reviews and longer-term mitigation strategies. Research & innovation: Stay ahead of industry threats and attack trends. Propose and test innovative ideas to reduce risk across our software supply chain and platforms.