Security Engineer - Application Security

About IFX Payments

We're an award-winning global provider of foreign exchange and payment solutions. At IFX, our mission is to become the number one service-led alternative banking partner in EMEA for corporates and Financial Institutions that add value beyond the transaction. We have one guiding principle: to
Win. Properly.

What we offer

Everyone at IFX Payments has a meaningful and impactful role to play in helping us achieve that goal. We take pride in the quality of our work but balance that with the speed, intent, tenacity, and focus needed to win. We're a high-performance team who can trust each other as individuals to get the job done so we can be successful together.

Being part of IFX Payments, you'll receive every opportunity to thrive in your role to contribute to that success. We'll invest in you along the way to genuinely help you grow and take your career to new and exciting places. You'll work alongside experienced industry leaders, receive guidance from pioneering performance coaches and have the option to gain qualifications in your field that help you realise your ambitions. In exchange, we don't expect anything extra from you during your time here. We only ask you to do one thing:
Make it count.

Benefits

• 25 days of annual leave + bank holidays and your birthday off.
• Pension auto-enrolment with salary sacrifice contributions.
• Healthcare cash plan including support for dental, physio and therapies.
• Discounts on fitness, cinema discounts, shopping, travel, entertainment and more!
• Life Insurance.
• Work abroad.
• Cycle to work.
• Nursery fees salary exchange.
• Employee Assistant Programme
• Career progression with excellent training and development.
• Company events - Pub nights, sporting events, seasonal parties, socials

Overview of the role

IFX Payments is seeking a technically skilled and proactive Application Security Engineer to embed secure development practices across its software delivery lifecycle. This role is critical in reducing application-layer risks, implementing secure coding standards, and ensuring that threat modelling and architecture reviews are consistently applied across all development efforts.

You will work closely with engineering, and platform teams to integrate security into CI/CD pipelines, automate vulnerability detection, and drive continuous improvement in application security posture.

Responsibilities

Secure Development Lifecycle (SDLC)

• Embed security controls into CI/CD pipelines and development workflows.
• Implement and manage SAST, DAST, and SCA tools to detect vulnerabilities early in the lifecycle
• Conduct secure code reviews and support developers in remediating findings.

Threat Modelling & Architecture Review

• Lead threat modelling sessions using standard methodologies to identify design flaws
• Review application architectures to ensure alignment with security objectives and mitigation of common threats.
• Maintain and update reference architectures based on threat modelling insights.

Tooling & Automation

• Deploy and manage application security tools and integrate them with existing platforms.
• Automate security tasks using scripting (e.g., Python, PowerShell) or SOAR platforms.

Governance & Compliance

• Ensure alignment with ISO 27001, FCA, and NIST standards.
• Contribute to audit readiness and support compliance automation platforms such as Drata

Collaboration & Training

• Work with engineering teams to promote secure coding practices.
• Support the rollout of role-based security training and awareness initiatives.
• Act as a security champion within development squads and mentor junior engineers.

Requirements

• Broad experience in application security or secure software development.
• Strong understanding of OWASP Top 10, secure coding techniques, and threat modelling.
• Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners.
• Familiarity with cloud platforms (Azure or AWS), CI/CD pipelines, and DevOps practices.
• Knowledge of regulatory frameworks (ISO 27001, FCA, NIST).
• Excellent communication skills and ability to work cross-functionally.
• Experience in fintech or regulated environments.
• Certifications such as OSCP, CSSLP, or CISSP.
• Familiarity with compliance automation platforms (e.g., Drata).
• Exposure to legacy system security challenges and modernisation strategies.
• A true team player with a winning mentality and strong work ethic committed to continuous improvement and high performance.
• Adaptable, tenacious and flexible who is able to perform under pressure.

Diversity & Inclusion

We believe that diversity and inclusion are essential to our success. We are committed to fostering a culture where everyone feels valued and respected, regardless of their background,identity or experiences. By embracing diverse perspectives and promoting equity, we aim to create an environment where all employees can perform and reach their full potential.

Additional Information

- We work on a hybrid basis from our office in central London.
- You must be eligible to work in the UK to be considered for this position.
- Full background check will be carried out.