Application Security Engineer

Company Description We have an exciting opportunity to join our Manchester-based cybersecurity start-up. Cytix is a platform that brings penetration testing to development. For most teams, application security isn't broken, it's just out of reach. Keeping up with fast paced development introduces compromise on testing decisions that leaves critical holes in production.

In this role, you won't be confined to traditional 4+1 web applications. We're breaking away from the constraints of CHECK or CE+ standards, and we're not interested in producing lengthy PDF reports. Instead, our focus is on seamlessly integrating continuous penetration testing into our customers' Software Development Life Cycle (SDLC).

Collaborating closely with both our in-house development team and clients, you'll play a pivotal role in shaping the evolution of our products and services. This is your chance to actively contribute to the future of security testing.

If you thrive in a fast-paced environment and possess a passion for AppSec along with a strong team spirit, this role is tailor-made for you. The potential for significant career advancement is substantial, as we're in search of individuals who will form our core team. As a well-funded cybersecurity start-up doing something innovative, this opportunity is genuinely one-of-a-kind for the right individual.

Role Description

Salary: Up to £50k (reviewed regularly) EMI share options Pension 8% (3% employer, 5% employee) Discretionary benefits Private healthcare (inc. dental, optical, and hearing) Unlimited holidays Location Office / Hybrid (Manchester Centre, 1-3 days/ week) Permanent, full-time (40hrs/week) Exclusions No agencies No STC/contractors No remote workers No visa sponsorships

Requirements:

Essential: 2+ years experience in application security, performing security assessments of web applications and APIs; penetration testing. Strong team working skills. Experience using application security testing tools, e.g. BurpSuite. Solid understanding of application security vulnerabilities, including those outlined in the OWASP Top 10 Web Application and API security testing guides, e.g. Cross-Site Scripting, Broken Access Controls, Server-Side Request Forgery, Business Logic Flaws, etc. Strong ability to identify, exploit and explain application security vulnerabilities. Strong oral and written communication skills, with the ability to communicate security risks and vulnerabilities to a range of technical and non-technical stakeholders.

Preferred Skills: Mobile application security testing experience is a plus but not required Experience in a customer facing role (consultancy or similar) is preferred but not required. Knowledge of emerging vulnerability classes, detection and exploitation methods, e.g. AI security is advantageous.

Advantageous: CRT / CSTM / OSCP / OSWE - Certifications are advantageous but not required for this role. Experience performing application security risk assessments is advantageous but not necessary. Customer support / development experience