Rodeo
ResourcesPartnersSign in

RealVNC

Applications Security Engineer

Cambridge
Posted about 18 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Company

RealVNC is the remote access platform for engineers looking for the most reliable and the most secure solution built by the creators of VNC technology. Over the last 25 years, as the inventors of VNC, we've enabled a global workforce to work wherever works and created the remote access market. Our software is used by hundreds of millions of users worldwide including IT professionals from global companies, such as Intel, IBM, NASA, Shell, DreamWorks and Philips.

Our lead product, VNC Connect, allows users to connect securely to a remote device anywhere in the world, see its screen in real-time, and take control as though sitting in front of it. The product has been deployed across a myriad of use cases, from remote support through to deploying the software onto connected devices such as medical ventilators, set-top boxes, heavy industrial machinery and more.

Backed by leading mid-market private equity firm, Livingbridge since 2021, we are investing in our people to support our highly ambitious growth plans. As part of our people strategy to develop our next generation organisation, we are looking to add new team members that are integral to the success of the business, committed to delivering high quality results, collaboration and innovation to help accelerate company growth.

Position

We are seeking a highly skilled Applications Security Engineer to join our Cyber Security team, helping to ensure security is embedded throughout the Software Development Lifecycle (SDLC). This is a hands-on technical role: we need someone who can identify, analyse, and help mitigate vulnerabilities in our applications throughout the development lifecycle. This role exists to protect our customers and reputation by making sure security is tested into our products before they ship. You will work closely with Security, Development and QA teams to embed robust, evidence-based security practices throughout our software delivery process.

Key responsibilities of this role will include;

Hands-On Security Testing

  • Conduct manual penetration testing and vulnerability assessments across various environments including web, API, desktop and mobile applications.
  • Execute Dynamic Application Security Testing (DAST) on running applications, focusing on XSS, SQL Injection, Broken Access Control etc., manually confirming exploitability beyond what scanners or AI analysis reports.
  • Use Interactive Application Security Testing (IAST) tools for runtime analysis, such as Burp Suite, OWASP ZAP, Frida, applying hands-on technique to validate and extend automated results.
  • Conduct Static Application Security Testing (SAST) and Software Composition Analysis (SCA) on source code and binaries, manually triaging findings to separate real risk from noise, using AI tools to accelerate initial triage where helpful.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Secure Design & Threat Modelling

  • Ensure the foundation is secure from the start by conducting threat modelling and risk assessments during design phases.
  • Provide security requirements for new features and architecture reviews.

Development & Code Assurance

  • Perform secure code reviews and advise developers on ensuring security best practices are followed.
  • Make use of AI-assisted code review tools to speed up initial passes, while personally validating any flagged issue against actual code behaviour.
  • Collaborate with engineering teams to integrate security into development workflows.

Deployment & Monitoring

  • Partner with DevOps to advise on secure configurations and hardening in production environments.
  • Support incident response and remediation of application-level vulnerabilities.

Threat Intelligence, Governance & Training

  • Keep up to date with industry news, vulnerability announcements and guidelines.
  • Deliver secure coding training and promote a positive security posture.

Requirements

You;

  • Have hands-on experience with DAST, IAST and penetration testing tools (e.g., Burp Suite, OWASP ZAP, Frida), and can manually identify and exploit vulnerabilities beyond what these tools surface automatically.
  • Can demonstrate independent, hands-on technical ability, for example through CTF experience, bug bounty history, HackTheBox/TryHackMe rankings, or a technical portfolio, rather than relying on AI-assisted tooling to do the analysis for you.
  • Have 3-5 years' experience in an application security, penetration testing, or software engineering role with a strong security focus.
  • Have a strong understanding of secure SDLC and DevSecOps principles.
  • Strong understanding of application security principles and common vulnerabilities (e.g., XSS, SQL Injection, Broken Access Control).
  • Have experience with Static Application Security Testing (SAST).
  • Have practical experience using software composition analysis (SCA) tools such as Blackduck, Mend/Whitesource, Snyk or similar.
  • Can easily explain complex security concepts to non-technical stakeholders and write clear security reports.
  • Work well with a wide range of stakeholders as part of a cross-functional team, including system administrators, developers, network engineers and information security compliance.
  • Have proficiency in secure coding practices (Java, Python, C++ or similar).
  • Are familiar with common Operating Systems - Windows, Linux, macOS, Android and iOS.

Anything Else?

As well as the above, if you have any of the desired experience below then we'd like to know about it!

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job
  • Leveraging AI to help drive efficiency in day-to-day workflows.
  • Exploit development activities, such as exploiting buffer overflows, crafting shellcode or analysing patches.
  • Knowledge and understanding of Cyber Security frameworks such as NIST Cybersecurity Framework.
  • Regulatory compliance - knowledge of GDPR, ISO-27001 and SOC2.
  • Details of any security-based qualifications.

Benefits

This role offers a great opportunity to join our Cyber Security team, working for a successful, growing company with a recognised global brand and huge potential and vision. Working with us on our growth journey provides the chance to see first-hand how your individual contributions as part of a dynamic team influence the success of our business. We want to see you grow with us. We're committed to creating a culture where contributions are recognised, careers grow and people thrive together. Through a clear career framework and ongoing development, we can help you unlock your full potential.

We also offer generous benefits, including a contributory pension, EV car leasing scheme, private dental and medical cover.

We work in a hybrid environment where employees combine working remotely and working from the office to facilitate a high-performance working environment - with the ability to collaborate effectively and build a cohesive team bond whilst being able to focus and deliver quality results. With this in mind, you will need to easily be able to commute to Cambridge and / or London.

How To Apply

If you'd like to join RealVNC as an Applications Security Engineer, please click on the 'apply for this job' button and fill in your details.

RealVNC has a responsibility to ensure that all staff are eligible to live and work in the UK and if you're invited to interview you'll be required to provide proof of your eligibility to work.

RealVNC is an equal opportunities employer, committed to staff welfare and professional development.

Staffing and Recruitment Agencies

To all Staffing and Recruiting Agencies: Our website is only intended for individuals and preferred suppliers of RealVNC. Staffing and recruiting agencies and individuals being represented by an agency that is not a preferred supplier are not authorized to use this site or to submit profiles, applications or CVs, or to forward CVs directly to employees or any other company location, and any such submissions will be considered unsolicited.

RealVNC does not accept unsolicited CVs or applications from agencies other than preferred suppliers. RealVNC is not responsible for any fees related to unsolicited CVs or applications and explicitly reserve its right to contact candidates presented in such unsolicited CV or application.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Applications Security
Penetration Testing
Vulnerability Assessment
Dynamic Application Security Testing
Static Application Security Testing
Software Composition Analysis
Secure Coding Practices
Threat Modelling
Risk Assessments
Collaboration
Incident Response
DevSecOps
Burp Suite
OWASP ZAP
Java
Python

Location

Cambridge, England, United Kingdom

Sign up to applySee more jobs like this