Application Security Engineer

About This Role

IC Markets Global is one of the most renowned Forex CFD provider, offering trading solutions for active day traders and scalpers as well as traders that are new to the forex market. IC Markets Global offers its clients cutting edge trading platforms, low latency connectivity and superior liquidity.

IC Markets Global is revolutionizing online forex trading. Traders are now able to gain access to pricing previously only available to investment banks and high net worth individuals.

Our management team have significant experience in the Forex, CFD and Equity markets in Asia, Europe and North America. It is this experience that has enabled us to select the best possible technology solutions and hand pick some of the best pricing providers available in the market.

Role Overview

The Application Security Engineer is responsible for embedding security into the software development lifecycle and protecting customer-facing and internal applications from vulnerabilities and abuse. The role combines secure SDLC ownership, security tooling, threat modeling, security testing and close cooperation with development, product and cloud/infrastructure teams. The focus is on building repeatable practices that allow development teams to deliver features quickly while maintaining a strong security posture.

Key Responsibilities

Secure SDLC Ownership

• Define and maintain the organisation’s secure software development lifecycle.
• Introduce security requirements at the earliest design and discovery stages.
• Establish security checkpoints in each phase of the lifecycle, from design and implementation to testing and deployment.
• Ensure product and engineering teams include clear security acceptance criteria in user stories and technical tasks.
• Work with engineering leaders to ensure security gates are predictable, measurable and aligned with delivery timelines. Code, Dependencies & Supply Chain Security
• Take operational ownership of automated application security tooling, including static code analysis, software composition analysis and dynamic testing.
• Integrate security tools into continuous integration and delivery pipelines with risk-based thresholds and build policies.
• Tune rules, policies and workflows to reduce false positives while keeping strong coverage on high-impact issues.
• Define and promote approaches for dependency and package management that encourage the use of centrally approved components.
• Coordinate upgrades or mitigation work when serious vulnerabilities are disclosed in frameworks, libraries or third-party components.

Threat Modeling & Design Reviews

• Lead structured threat modeling sessions for new applications, services and significant changes to existing products.
• Analyze application architectures, data flows and trust boundaries and document the main threats, required countermeasures and resulting engineering work.
• Perform security-focused design reviews for planned changes that impact sensitive data, business-critical flows or integration with external parties.
• Provide reusable design guidance for core security functions, including authentication, authorization, session management, input and output handling, and tenant isolation.

API & Web / Mobile Security

• Define and maintain application and API security standards, including identity and access patterns, token usage, session management, rate control and schema validation.
• Review API and web application designs for alignment with these standards and with recognized application security practices.
• Work with cloud and infrastructure security teams on the configuration of runtime protections around applications, including web application protection, API gateways and automated abuse and bot detection.
• Provide guidance for future mobile or desktop clients on secure storage, channel protection and resilience against reverse engineering and tampering.

Security Testing & Offensive Work

• Plan and coordinate internal and external application security testing activities, including penetration tests and focused assessments.
• Define the scope, objectives, environments and test data needs for these activities, and ensure that results are documented and understood by owners.
• Track remediation activities end-to-end, ensuring that fixes are implemented, verified and integrated back into secure design patterns and tooling.
• Perform targeted application security testing directly for higher-risk areas and new critical functionality.

Developer Enablement & Culture

• Create and maintain secure coding guidelines aligned with the organization’s main technologies and platforms, using industry recognized references.
• Deliver training and workshops for development and quality teams on practical application security topics, common vulnerability classes and recurring issues observed in the codebase.
• Support a community of security-minded engineers through a structured program in which representatives from delivery teams collaborate regularly with the security function on upcoming changes, issues and improvements.
• Contribute to documentation, knowledge bases and self-service guidance that help teams make secure decisions without heavy process overhead.

Collaboration & Metrics

• Work closely with cloud, infrastructure and observability teams on logging requirements for applications, including what to log, where to send it and how to protect log data.
• Define security-relevant runtime signals for applications and collaborate on rules and controls in surrounding protection layers.
• Establish and maintain application security metrics and dashboard views, covering secure SDLC adoption, issue trends, tool coverage, remediation throughput and other indicators useful to engineering and management stakeholders.
• Provide concise written and verbal reports on application security posture, significant risks and progress of improvement initiatives.

Requirements

Experience

• Professional experience in application security, product security or a closely related discipline, with significant interaction with software engineering teams.
• Practical background in at least one modern application stack and familiarity with common web and API architectures.
• Hands-on experience with secure SDLC practices, automated security testing, dependency management and remediation workflows.
• Experience with threat modeling, security design reviews and application security testing.

Skills & Competencies

• Strong understanding of common web, API and mobile security risks and relevant industry references and standards.
• Ability to read and reason about code in at least one of the main languages used internally and to give actionable guidance to development teams.
• Familiarity with security testing tools and platforms and with integrating them into engineering workflows.
• Strong communication skills, with the ability to translate complex security topics into clear, practical guidance for engineers and product stakeholders.

Education & Certifications

• Degree in Computer Science, Information Security, Engineering or a related discipline, or equivalent practical experience.
• Relevant security or application-focused certifications are considered an advantage.

Personal Attributes

• Strong sense of ownership for application security outcomes and a collaborative approach to working with product and engineering teams.
• Structured, analytical mindset with attention to detail and a focus on sustainable, scalable solutions.
• Interest in staying current with emerging application security threats, techniques and defensive practices.