Rodeo
ResourcesPartnersSign in

Allwyn UK

Application Security Engineer

Watford
Posted about 13 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Application Security Engineer

At the heart of everything we do is our vision to change lives every day, and our mission to grow The National Lottery responsibly and champion its impact.

We are Allwyn UK, part of the Allwyn Entertainment Group - a multi-national lottery operator with a market-leading presence across the USA (Michigan and Illinois) and Europe, including Czech Republic, Austria, Greece, Cyprus and Italy.

While the main contribution of The National Lottery to society is through the funds to good causes, at Allwyn we put our purpose and values at the heart of everything we do. Join us as we embark on a once-in-a-lifetime, large-scale transformation journey by creating a National Lottery that delivers more money to good causes.

We'll talk a bit more about us further down the page, but for now - let's talk about the role and who we're looking for...

A bit about the role

The Application Security Engineer is responsible for ensuring the security of software applications through rigorous testing and validation. This role is dedicated to embedding security testing throughout the software development lifecycle (SDLC), identifying vulnerabilities, and supporting development teams in remediating security issues. The focus is on proactive, continuous security assessment of applications, both pre- and post-deployment, to maintain the highest standards of software security.

What you'll be doing

  • Collaborate with development teams to create and maintain application threat models (e.g., STRIDE, DREAD).
  • Identify and document application-specific risks; propose effective countermeasures.
  • Integrate and operate application vulnerability scanning tools (e.g., Sonar Cloud, Snyk, OWASP ZAP, Burp Suite, Tenable WAS) within CI/CD pipelines.
  • Interpret vulnerability reports, prioritise remediation based on risk, and track resolution with development teams.
  • Promote awareness of common application vulnerabilities (e.g., SQL injection, XSS, CSRF) and mitigation strategies (OWASP Top 10, ASVS, MASVS).
  • Support development teams in adopting secure coding standards, including static analysis tools, code reviews, and automated linting.
  • Plan, execute, and manage Static, Dynamic, Mobile, and Interactive Application Security Testing (SAST, DAST, MAST, IAST).
  • Embed security testing into CI/CD pipelines for continuous, automated validation.
  • Simulate real-world attack scenarios to identify weaknesses in application logic and implementation.
  • Develop and maintain scripts, tools, and processes to automate application security testing.
  • Produce clear, actionable security testing reports for technical and non-technical stakeholders.
  • Maintain comprehensive documentation of testing methodologies, findings, and remediation guidance.
  • Work closely with software engineers, QA, and product teams to embed security best practices.
  • Deliver training and awareness sessions on application security testing techniques and secure development.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

What experience we're looking for

Must have:

  • 3-5+ years of hands-on experience in application security testing
  • Strong knowledge of SAST, DAST, MAST, and IAST tools and methodologies.
  • Familiarity with secure SDLC and Application DevSecOps practices.
  • Experience integrating application security testing into CI/CD pipelines.
  • Good understanding of common application vulnerabilities and mitigation strategies (OWASP Top 10, ASVS, MASVS).
  • Proficiency in at least one programming or scripting language (e.g., Python, JavaScript, C#).
  • Strong analytical, problem-solving, and troubleshooting skills.
  • Excellent communication and teamwork abilities.
  • Experience in producing clear, concise technical documentation and security reports.
  • Commitment to continuous learning and keeping up with evolving application security threats and technologies.

Nice to have:

  • CREST Certified Web Application Tester
  • Bachelor's degree in Software Engineering

Key Measures of Success

  • Proactive identification and remediation of application vulnerabilities.
  • Effective integration of application security testing into development workflows.
  • Demonstrated improvement in application security posture over time.
  • Positive feedback from development teams regarding security testing support.
  • Ability to communicate complex security concepts to technical and non-technical stakeholders

About us

At Allwyn, we are dedicated to changing lives and growing the National Lottery responsibly, championing its positive impact on people, places, and the planet.

Innovation - We pride ourselves on it! We're constantly looking for new ways to excite our customers, bringing new products to market to enjoy which is all supported by our responsible play values and making them accessible to all.

Giving back - Did you know that playing the lottery generates around £30m a week for charities and good causes in the UK? Our aim is to have doubled this number by the end of the first 10-year license.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Sustainability - Our aim is to become a net zero national lottery. We have 2030 targets to decarbonise our operations and energy. We've already transitioned to renewable energy providers, made our London and Watford offices zero gas, and ensured our fleet consists of low-emission vehicles. In addition, we're working with our value chain partners to develop a net zero target date.

Empowering every voice - We believe in creating a culture where everyone feels they belong, can be themselves, has access to opportunities and can thrive for the benefit of good causes. Our diverse teams are working hard to make all parts of The National Lottery inclusive - whether people play a game in a store or online, because when everyone can play, everyone wins.

An inclusive reward offering with wellbeing at the centre

At Allwyn, inclusion is built into how we care for our people. Our benefits and policies support colleagues and their families at every stage of life and career. By prioritising wellbeing and belonging, we create a workplace where everyone feels valued, rewarded, and empowered to succeed. Our people are more than colleagues - they're winners, driving positive change and making a real difference in communities.

Benefits

  • Company Bonus Scheme
  • Matched pension contributions up to 8.5%
  • 26 days annual leave + 2 Life Days (and bank holidays)
  • Single Private Health Cover
  • Complimentary Private Medical
  • Income Protection
  • Flexible Benefits - EV Scheme, Money Coach, Will Writing, Mortgage Advice, Dental and Eye Care Schemes.
  • Enhanced Family Leave (Maternity, Paternity, Adoption)
  • Wellness Allowance £500
  • Employee Assistance Programme
  • Discounted Health Assessments
  • Volunteering Days
  • Matched Funding

We are a Disability Confident Leader which means we've taken proactive steps to ensure our workplace is accessible and inclusive for disabled and neurodivergent colleagues and candidates. As part of this we offer an interview to disabled applicants who meet the essential requirements of the job.

If you need any assistance or adjustments to this job description or in the application process, please contact a member of the talent team at careers@allwyn.co.uk and we'll be happy to help.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Application Security Testing
SAST
DAST
MAST
IAST
Secure SDLC
DevSecOps
Vulnerability Scanning
Threat Modeling
Secure Coding Standards
Analytical Skills
Problem-Solving
Communication Skills
Technical Documentation
Continuous Learning
Programming

Location

Watford, England, United Kingdom

Sign up to applySee more jobs like this