Senior Application Security Engineer Remote - United Kingdom - Yelp

Key Responsibilities

• Design, implement, and maintain security tooling and processes for web and mobile applications, including SAST, DAST, and dependency scanning.
• Conduct threat modeling, code reviews, and penetration tests to identify and remediate vulnerabilities in production and pre‑production environments.
• Collaborate with engineering teams to embed secure coding practices into CI/CD pipelines and provide actionable guidance on security best practices.
• Lead incident response efforts, perform root cause analysis, and develop mitigation plans for security incidents affecting internal and external services.
• Stay current with emerging security threats, OWASP Top 10, and industry regulations, translating findings into proactive security improvements.

Requirements

• 5+ years of experience in application security, with a strong background in secure software development lifecycle.
• Proficiency in Python and Node.js, and hands‑on experience with AWS security services (e.g., IAM, KMS, GuardDuty).
• Deep knowledge of SAST tools, OWASP guidelines, and penetration testing methodologies.
• Excellent communication skills, able to explain complex security concepts to technical and non‑technical stakeholders.
• Experience with container security, CI/CD automation, and cloud‑native security practices is a plus.