Rodeo
ResourcesPartnersSign in

MUFG Investor Services

DevSecOps Engineer

London
Posted about 23 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Company Description

MUFG Investor Services is a trusted partner to many of the world’s largest public and private funds, providing asset servicing and operational solutions built for alternatives. With over $1 trillion in client assets under administration, we offer fund administration, banking, payments, fund financing, foreign exchange overlay, corporate and regulatory services, custody, business consulting, and more.

Operating from 17 locations worldwide, we help clients mitigate risk, enhance efficiency, and navigate the operational complexities of today’s investment management landscape. As a division of Mitsubishi UFJ Financial Group (MUFG), one of the world’s largest financial institutions with approximately $3 trillion in assets, we combine deep expertise with the strength and stability of a leading financial institution. To learn more, visit us at www.mufg-investorservices.com.

Job Description

We are seeking a proactive and collaborative Application Security Engineer who speaks the language of developers, thrives in the purple team space and is an automation advocate. The successful candidate will work closely with engineering & IT teams to enhance the security of our applications, API’s and infrastructure by implementing preventative controls and identifying risks through security testing.

You Will:

  • Act as a security champion to foster the secure by design approach across the business.
  • Support the identification and analysis of web application security vulnerabilities across the business to reduce risk.
  • Oversee daily management of application security platforms to maintain comprehensive coverage, ensure compliance and remediation of findings.
  • Conduct threat modelling and review application architectures to identify potential risks early in the SDLC.
  • Implement application security controls and proactive measures to prevent security incidents.
  • Implement and manage SAST/SCA tooling across our application repositories to identify source code risks.
  • Scale automated DAST solutions across our applications to maximise testing coverage and provide visibility into runtime security posture.
  • Provide security guidance and remediation advice to engineers where applicable.
  • Carry out penetration testing on internally developed applications to identify security defects.
  • Review and assess the security of third-party vendor applications through configuration and hardening reviews.
  • Validate remediation of security issues by the development team and 3rd parties.
  • Coordinate and arrange external penetration testing assessments to independently evaluate the security of our applications.
  • Build and maintain effective collaboration with development and IT teams.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Qualifications

You Have:

  • Experienced in applications security focusing on red, blue or purple team activities.
  • Experienced in software development or experience contributing to Open-Source projects.
  • Experienced with DAST tools such as Burp Suite, OWASP Zap or similar.
  • Experience with SAST/SCA tools such as Snyk, Veracode, Checkmarx or similar.
  • Proficient in one or more of the following languages - Python, JavaScript, .NET or Java.
  • Well-versed in analysis of open source and third-party library vulnerabilities.
  • Well-rounded knowledge of the Software Development Life Cycle (SDLC) and agile methodologies.
  • Hold a strong understanding and experience testing of both REST and GraphQL APIs.
  • Demonstrated experience with development tools including GitLab/GitHub, Datadog, Jira, Docker, and various IDEs.
  • Previously worked very closely with development and DevOps teams to resolve security issues.
  • Have performed security-focused code reviews to identify code level issues.
  • Experience in creating custom security tooling or scripts.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Preferred

  • Experience in the financial sector or another heavily audited industry.
  • Experience with cloud services, particularly AWS services like WAF, Cognito etc.
  • Experience working with Infrastructure as Code, Kubernetes and Containers.
  • Experience with auth mechanisms like Open ID Connect, OAuth and identity providers.
  • Experience in creating custom CI/CD pipeline jobs to carry out security related reviews or scans.

Additional Information

What’s in it for you to join MUFG Investor Services?

Take a look at our careers site and you’ll find everything you’d expect from a career with the fastest-growing business at one of the world’s largest financial groups. Now take another look. Because it’s how we defy expectations that really defines us. You’ll feel that difference in all kinds of ways. Our vibrant CULTURE. Connected team. Love of innovation, laser client focus, and next-level LEARNING & DEVELOPMENT.

So, why settle for the ordinary? Apply now for a Brilliantly Different career.

We thank all candidates for applying; however, only those proceeding to the interview stage will be contacted.

We are an equal opportunity employer.

Rank: Senior Associate

Employment Type: Permanent Full Time

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Application Security
SAST
SCA
DAST
Threat Modelling
Penetration Testing
Python
JavaScript
.NET
Java
REST API
GraphQL API
GitLab
GitHub
Docker
AWS

Location

London, England, United Kingdom

Sign up to applySee more jobs like this