About the Role
HolistiQ Technologies is seeking a skilled Cybersecurity Engineer / Application Security Specialist to help secure digital products, applications, APIs, cloud infrastructure, and technology platforms throughout development, launch, and ongoing operation.
You will work alongside software engineers, technical architects, penetration testers, QA engineers to identify security risks, implement security controls, remediate vulnerabilities, and embed security into the Software Development Lifecycle.
Key Responsibilities
- Perform application security reviews, vulnerability assessments, threat modelling, and security risk assessments.
- Secure web applications, APIs, cloud environments, authentication systems, databases, infrastructure, and integrations.
- Identify security vulnerabilities and provide practical remediation guidance.
- Implement and improve secure coding practices and Secure Software Development Lifecycle (SSDLC) processes.
- Review authentication, authorisation, IAM, RBAC, OAuth 2.0, OpenID Connect, JWT, session management, and access controls.
- Implement and maintain SAST, DAST, dependency scanning, secrets scanning, and vulnerability management processes.
- Review AWS, Azure, containers, Kubernetes, CI/CD pipelines, and cloud security configurations.
- Support DevSecOps practices and security automation.
- Work with penetration testers to remediate vulnerabilities and verify security fixes.
- Support security testing following material platform updates and production changes.
- Assist with security monitoring, Security Incident investigation, response, and remediation.
- Contribute to security standards, technical procedures, risk management, and cybersecurity governance.
Required Skills
Practical experience in Cybersecurity Engineering, Application Security, Product Security, Cloud Security, DevSecOps, Secure Software Development, Vulnerability Management, Threat Modelling, API Security, IAM, Security Architecture, or Infrastructure Security.
Strong knowledge of OWASP Top 10, OWASP API Security Top 10, authentication and authorisation security, secure coding, vulnerability remediation, cloud security, CI/CD security, and security testing.
Experience with technologies or tools such as AWS, Azure, Docker, Kubernetes, GitHub Actions, GitLab CI/CD, Azure DevOps, SAST, DAST, SIEM, vulnerability scanners, secrets management, C#, .NET, Java, JavaScript, TypeScript, Python, PowerShell, or Bash is advantageous.
Relevant certifications such as CISSP, CCSP, CSSLP, Security+, CySA+, CASP+/SecurityX, AWS Security Specialty, Azure Security Engineer, GIAC certifications, or equivalent practical experience are desirable but not essential.
Compensation & Structure
This is not a salaried employment position at this stage.
Successful candidates will be appointed as Contributor Members and participate in a profit-sharing model under which 60% of Net Profit from Projects is allocated collectively to eligible Contributor Members and distributed based on level of seniority and participation.
This is not a traditional employment opportunity. We are looking for someone who wants to help build, protect, and scale innovative technology platforms while sharing in the long-term value they create.
The salary field shown on Indeed is a platform requirement and should be treated as a placeholder only.
Who We Are Looking For
We are looking for cybersecurity professionals who can do more than identify risks. You should be able to understand how modern applications and infrastructure work, identify weaknesses, recommend practical solutions, and collaborate with engineering teams to implement and maintain effective security controls.
You should be comfortable working in a growing technology environment where security processes, technical standards, and cybersecurity capabilities are being developed and improved.
Pay: £25,777.38-£88,634.30 per year
Work Location: Remote