Permanent

Location: Manchester (Hybrid – minimum 2 days per week onsite)

Salary: up to £55,000 + Bonus

About the Client

Our client is a global, technology-led organisation operating at significant scale, with thousands of developers building entirely in-house systems that power a high-volume, always-on digital platform. Their Application Security team sits at the heart of this environment, working closely with engineering teams to ensure secure-by-design development across a complex, fast-moving estate.

The team is evolving rapidly, shifting away from manual, reactive security processes towards more automated, tooling-led and developer-focused approaches. This role offers the chance to work on genuinely challenging application security problems, with real autonomy to influence how security is embedded across the software lifecycle.

How you’ll spend your day

You’ll join a specialist Application Security team, focused on securing internally built web applications used across the business. Working closely with developers, you’ll help identify vulnerabilities early, improve secure coding practices, and evolve the team’s tooling and automation capabilities.

Key responsibilities include:

• Performing application security assessments and web application penetration testing
• Reviewing code to identify security vulnerabilities and advising developers on remediation
• Building, improving and maintaining security tooling for automated code review and DevSecOps workflows
• Supporting the transition from manual security processes to more automated, scalable solutions
• Working closely with development teams to embed security into CI/CD pipelines
• Providing clear, practical security guidance to a large, fast-moving developer community
• Contributing ideas to improve how application security is delivered across the organisation

What you’ll bring to this role

We’re looking for someone with a strong technical foundation who’s comfortable working with code and enjoys solving complex security problems in modern development environments.

You’ll bring:

• Strong experience in application security, with a focus on web applications rather than infrastructure
• A development background or strong coding skills (e.g. Golang, Python, .NET) with the ability to review and understand code
• Hands-on experience with web application penetration testing tools (e.g. Burp Suite)
• Experience building or enhancing security automation tooling (DevSecOps)
• Solid knowledge of Linux, containers (Docker), and modern CI/CD platforms (GitLab / GitHub)
• The ability to communicate effectively with developers and influence secure coding practices
• A proactive, creative mindset and comfort working in a fast-paced, engineering-led environment

Desirable (but not essential):

• Certifications such as OSCP, OSWE or DevSecOps
• Experience transitioning security teams towards automation-first approaches

Perks & Benefits:

• Performance-Based Bonus
  • Annual bonus paid in two instalments (April & September), based on company and personal performance.
• Pension Scheme
  • Employer-matched contributions of up to 7.5%.
• Hybrid Working
  • Minimum 2 days per week in the office, with flexibility on which days.
• Flexible Working Hours
  • 40-hour workweek with flexibility in how hours are structured.
• Generous Annual Leave
  • 25 days holiday + your birthday off, plus bank holidays. Option to buy or sell up to 5 additional days.
• Free Gym Membership
  • Available to all employees.
• No Visa Sponsorship Available for this role.

What happens next?

One of our Recruitment Consultants will be in touch and inform you if you’ve been successful to the next stage of the process or not, which is a qualification call where we will tell you more about the role and the client, and understand more about you, your experience and career aspirations.

Should we both wish to proceed, we will submit your details to the client and be in touch regarding the outcome and any further steps.

The interview process for this client consists of:

• Stage 1 – Remote 60-90 minutes technical interview involving a code review.
• Stage 2 – Onsite 60 minute interview focussed on CV background and culture.

Equal Opportunities

We are committed to providing equal opportunities for all candidates and welcome applications from individuals regardless of age, disability, gender identity, marital status, race, religion or belief, sexual orientation, or any other characteristic protected by law. As an employment agency for permanent and contract hires, we are dedicated to promoting a diverse and inclusive workforce, and we encourage applications from underrepresented groups to drive innovation and equality within the workplace.

Should you require any reasonable adjustments please let us know so we can accommodate for any interactions with us at Biometric Talent, but also inform the client to ensure reasonable adjustments are made to allow for a fair and equitable process.

How to Apply

To apply, please submit your CV and cover letter to brad.jones@biometrictalent.com