Rodeo
ResourcesPartnersSign in

Cognism

Senior Application Security Engineer

London
Posted 2 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Senior Application Security Engineer

Who Are We

Cognism is the leading provider of European B2B data and sales intelligence. Ambitious businesses of every size use our platform to discover, connect, and engage with qualified decision-makers faster and close more deals. Headquartered in London with global offices, Cognism’s contact data and contextual signals are trusted by thousands of revenue teams to eliminate the guesswork from prospecting.


The Role

The Senior Application Security Engineer is a key member of Cognism’s Information Security Team, reporting into the Application & Infrastructure Security Manager. Your mission is to embed security by design across our engineering and product organization by integrating modern application security practices throughout the full development lifecycle. We focus on building secure, scalable, and resilient systems while enabling the business to innovate quickly and safely.

It is your role to drive a culture where the fastest path for our engineers is the securest path.

You will work closely with Product, Engineering, Architecture, and Data teams to understand risks within our platform, including risks introduced by AI-powered features, and ensure the right controls, guardrails, and security patterns are built into the product at its inception—all the while ensuring a balanced approach to the product experience that our thousands of large global enterprise customers use every day.

This role is ideal for a senior individual contributor (IC) who is technical, collaborative, and pragmatic, with the ability to influence engineering teams while driving hands-on improvements to Cognism’s secure Software Development Lifecycle (SDLC).


Key Responsibilities

Security by Design & Product Integration

  • Partner with Product, Web and Data Engineering teams from the ideation stage to ensure security requirements are considered early in feature and model design.
  • Translate product and application risks into actionable security controls, making recommendations repeatable to build guardrails and guidance that product, design, and engineering teams can apply as they scale and build the products they own.
  • Help shape security acceptance criteria and guide engineering teams during design reviews and backlog planning.

Application Risk Assessment & AI Security

  • Identify and assess application risks across Cognism’s SaaS platform, data processing pipelines, including emerging risks associated with AI/ML capabilities.
  • Contribute to AI feature reviews and participate in AI risk assessments to ensure responsible and secure use of models, balancing innovation with rigorous security controls.
  • Assess and pragmatically recommend mitigations for security risks in:
    • Data pipelines
    • Model-training workflows
    • Feature stores
    • ML systems Ensuring strong controls for data access, data lineage, model integrity, and protection of sensitive datasets.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Secure SDLC & DevSecOps Enablement

  • Partner with engineering and platform teams to embed security guardrails into our software development lifecycle and agile engineering workflows.
  • Partner with engineering teams to integrate and optimize security tooling into CI/CD pipelines, including:
    • SAST (Static Application Security Testing)
    • SCA (Supply Chain Attack Protection)
    • DAST (Dynamic Application Security Testing)
    • Container scanning
    • Infrastructure as Code (IaC) scanning
  • Drive automation and developer-friendly security processes that minimize friction and support rapid delivery.

Threat Modelling & Architecture Support

  • Conduct and facilitate a self-serve, risk-driven approach to pragmatic threat modelling sessions for new features, services, and AI components.
  • Conduct threat modelling for data architectures, including:
    • Ingestion
    • Transformation
    • Storage
    • Streaming
    • ML model deployment patterns Ensuring data confidentiality, integrity, and responsible use.
  • Provide hands-on application security guidance to engineering teams, helping them implement:
    • Secure APIs
    • Microservices
    • Data flows
    • Integrations
  • Maintain and expand Cognism’s:
    • Secure coding standards
    • Guidance
    • Reusable security patterns

Application Security Testing & Engineering

  • Perform hands-on security testing (manual and automated) for:
    • Web applications
    • Microservices
    • APIs
    • Cloud components
  • Plan, coordinate, and oversee:
    • Penetration tests
    • Red team exercises
    • Third-party security assessments Ensuring findings are addressed and tracked.
  • Validate findings, assist with prioritization, and partner with engineering teams on remediation strategies.

Collaboration, Education & Influence

  • Work directly with product squads as a trusted advisor and embedded security partner. Understand:
    • What other teams are working on
    • Business priorities
  • Partner with teams to recommend risk mitigations balancing:
    • Risk
    • Opportunity
    • Threat landscape
  • Deliver:
    • Security training
    • Workshops
    • Guidance To improve engineering teams’ security maturity.
  • Communicate security risks and trade-offs clearly and constructively to both technical and non-technical stakeholders.

Core Competencies

  • Strong technical depth in:
    • Application security
    • Cloud security
    • Secure development
  • Understanding of modern data stack components (e.g., data pipelines, feature stores) and the ability to collaborate effectively with data practitioners.
  • Deep understanding of communication protocols used for web development is a must-have.
  • Hands-on experience with web application development, specifically for backend development, is a must-have competency.
  • Risk-Based Prioritization: Ability to distinguish between theoretical security risks and actual business threats, demonstrating a "risk-driven" rather than "compliance-driven" mindset. Comfortable balancing security risk with product and commercial realities.
  • Contextual Communication: Capacity to translate complex technical vulnerabilities into business-impact stories that resonate with non-technical stakeholders and product owners.
  • Collaborative Conflict Resolution: Proven track record of:
    • Approaching engineering friction with transparency and pragmatism.
    • Balancing a firm stance on security with a deep care for the developer experience.
    • Acting as a pragmatic problem solver with a growth mindset and bias toward action.
  • Architectural Empathy: Ability to put yourself in the position of your engineers to build security guardrails that are repeatable and embedded into existing workflows—rather than added as hurdles.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Education & Experience

  • 5–10+ years of experience in:
    • Application Security
    • Product Security
    • Security Engineering roles
  • Strong experience securing:
    • Cloud-native SaaS platforms (AWS preferred)
    • Data pipelines
  • Hands-on experience with:
    • Secure coding
    • Application testing
    • CI/CD security automation
  • Experience working closely with:
    • Engineering teams
    • Product teams In agile environments.
  • Familiarity with security frameworks such as:
    • OWASP ASVS
    • OWASP Top 10
    • NIST
    • ISO 27001/27002
  • Experience evaluating and securing AI/ML-enabled features is a strong advantage.
  • Experience in SME or high-growth SaaS environments preferred.

Why Cognism

At Cognism, we’re not just building a company—we’re building an inclusive community of brilliant, diverse people who support, challenge, and inspire each other every day. If you’re looking for a place where your work truly makes an impact, this is the right spot!

Our values aren’t just words on a page—they guide how we work, how we treat each other, and how we grow together. They shape our culture, drive our success, and ensure that everyone feels valued, heard, and empowered to do their best work.

Here’s what we stand for:

🤝 We Own the Outcome Together. 🤓 We Deeply Understand Our Customers. 🏆 We Celebrate Impact Wherever It Comes From.

At Cognism, we are committed to fostering an inclusive, diverse, and supportive workplace. We welcome applications from individuals typically underrepresented in tech, so if this role excites you but you’re unsure if you meet every requirement, we encourage you to apply!

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Application Security
Cloud Security
Secure SDLC
DevSecOps
Threat Modelling
AI/ML Security
SAST
SCA
DAST
AWS
API Security
Container Scanning
IaC Scanning
Penetration Testing
Back-end Development
Risk Assessment

Location

London, England, United Kingdom

Sign up to applySee more jobs like this