Cognism
Senior Application Security Engineer

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Senior Application Security Engineer
Senior Application Security Engineer
Working at Cognism, the leading provider of European B2B data and sales intelligence, you’ll shape the security of a platform trusted by thousands of revenue teams globally.
About Cognism
Cognism is the leading provider of European B2B data and sales intelligence. Ambitious businesses of every size use our platform to discover, connect, and engage with qualified decision-makers faster and close more deals. Headquartered in London with global offices, Cognism’s contact data and contextual signals are trusted by thousands of revenue teams to eliminate the guesswork from prospecting.
The Role
As the Senior Application Security Engineer, you will be a key member of Cognism’s Information Security Team, reporting into the Application & Infrastructure Security Manager. Your mission is to:
- Embed security by design across our engineering and product organisation.
- Integrate modern application security practices throughout the full development lifecycle.
- Drive a culture where the fastest path for our engineers is the securest path.
You will work closely with Product, Engineering, Architecture, and Data teams to understand and mitigate risks within our platform, including those introduced by AI-powered features. You will ensure the right controls, guardrails, and security patterns are built into the product from the outset—while balancing commercial realities and maintaining excellent user experience.
This role is ideal for a senior individual contributor (IC) who is technical, collaborative, and pragmatic, with the ability to influence engineering teams while driving hands-on improvements to Cognism’s secure SDLC.
Key Responsibilities
Security by Design & Product Integration
- Partner with Product, Web, and Data Engineering teams from the idea phase to ensure security requirements are considered early.
- Translate product and application risks into actionable security controls, creating repeatable guardrails and guidance that teams can apply as they scale.
- Help shape security acceptance criteria and guide engineering teams during design reviews and backlog planning.
Application Risk Assessment & AI Security
- Identify and assess application risks across Cognism’s SaaS platform and data processing pipelines, including AI/ML-enabled capabilities.
- Contribute to AI feature reviews and participate in AI risk assessments, ensuring responsible and secure model use while enabling innovation.
- Assess and recommend pragmatic mitigations for risks in data pipelines, model-training workflows, feature stores, and ML systems, ensuring robust controls for:
- Data access
- Data lineage
- Model integrity
- Protection of sensitive datasets
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Secure SDLC & DevSecOps Enablement
- Partner with engineering and platform teams to embed security guardrails into the software development lifecycle and agile workflows.
- Collaborate on integrating and optimizing security tooling (SAST, SCA, DAST, container scanning, IaC scanning) into CI/CD pipelines.
- Drive automation and developer-friendly security processes that minimize friction and support fast delivery.
Threat Modelling & Architecture Support
- Conduct self-serve, risk-driven threat modelling sessions for:
- New features
- Services
- AI components
- Perform threat modelling for data architectures, including:
- Ingestion pipelines
- Transformation
- Storage
- Streaming
- ML model deployments
- Provide hands-on security guidance to teams, helping implement:
- Secure APIs
- Microservices
- Data flows
- Integrations
- Maintain and expand Cognism’s secure coding standards and reusable security patterns.
Application Security Testing & Engineering
- Perform hands-on security testing (manual and automated) for:
- Web applications
- Microservices
- APIs
- Cloud components
- Plan, coordinate, and oversee:
- Penetration tests
- Red team exercises
- Third-party security assessments
- Validate findings, assist with prioritization, and partner with engineering on remediation strategies.
Collaboration, Education & Influence
- Act as a trusted advisor and embedded security partner for product squads.
- Understand business priorities, recommend risk mitigations that balance risk and opportunity, while considering the threat landscape.
- Deliver security training, workshops, and guidance to improve engineering’s security maturity.
- Clearly communicate security risks and trade-offs to both technical and non-technical stakeholders.
Core Competencies
- Strong technical depth in:
- Application security
- Cloud security
- Secure development practices
- Advanced understanding of modern data stack components (data pipelines, feature stores) and collaboration with data practitioners.
- Essential knowledge of:
- Web protocols (HTTP, gRPC, OAuth, JWT, etc.)
- Secure backend development (Node.js, Python, Go, JVM)
- Risk-based prioritization: Ability to distinguish between theoretical security risks and actual business threats, demonstrating a risk-driven (vs. compliance-driven) mindset.
- Contextual communication: Translate complex vulnerabilities into impactful business stories for stakeholders.
- Collaborative conflict resolution: Track record of working through engineering challenges with transparency and pragmatism, pairing security ambitions with developer experience.
- Architectural empathy: Build repeatable, embedded security guardrails rather than adding costly hurdles, with users’ workflows in mind.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Education & Experience
- 5–10+ years of experience in:
- Application Security
- Product Security
- Security Engineering
- Strong experience in securing cloud-native SaaS platforms (preferably on AWS).
- Hands-on expertise with:
- Secure coding practices
- Application testing (manual and automated)
- CI/CD pipeline security automation
- Deep experience working closely with engineering and product teams in agile environments.
- Familiarity with:
- OWASP ASVS
- OWASP Top 10
- NIST
- ISO 27001
- Strong advantage: Experience with AI/ML security: evaluating and securing protected features.
- Preferred: Experience in SME or high-growth SaaS environments.
Why Cognism
At Cognism, we go beyond building a business—we build an inclusive, dynamic, and supportive community of brilliant minds.
To us, values aren’t just words—they shape our culture, empower our teams, and drive meaningful impact. Here’s exactly what we stand for:
🤝 We Own the Outcome Together 🤓 We Deeply Understand Our Customers 🏆 We Celebrate Impact From Every Team
Our workplace thrives on diversity, inclusion, and growth. If this role resonates with you (even if you’re not sure whether your experience perfectly fits the criteria), we encourage you to apply—you might bring value we haven’t expected!
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location