Senior Application Security Engineer

American Express
Burgess Hill
13 Mar 2018
25 Mar 2018
Contract Type
Full Time

Don't just have a great idea, build it.

The Application Security Engineer will be responsible for end-to-end secure design, secure coding verification, and hardening application run-time environments from threats.

This position will work closely with other Site Security Engineers (SSEs) to architect and engineer security solutions with diverse components and integration points. This full-time position will report to the Director of EMEA Application Security, and encompass the below key duties:


  • Review pull requests and recommend secure coding controls
  • Design and write BDD-style security test case scenarios for test automation frameworks
  • Author and contribute to technical security architecture artifacts for application security and infrastructure domains that can be extended and reused across multiple platforms
  • Provide technical designs, solutions, and support to project teams
  • Drive adoption of centralized application security capabilities
  • Deliver proof-of-concept solution evaluations and recommendations of application security products
  • Develop and contribute to security tools and other capabilities as needed
  • Identify potential weaknesses in applications and infrastructure and design strategic solutions to reduce risks
  • Ensure application security architecture is consistent with industry and enterprise standards
  • Regularly interface with the business and other technology teams

Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.

Required skills:

  • University Degree in Computer Science or similar field of study; advanced degree preferred
  • Relevant professional certification preferred
  • Significant experience of application security architecture across domains including authentication, authorization, session management, input validation, parameter manipulation, cryptography, and logging
  • Hands-on secure application development in multiple programming languages such as Java, JavaScript, Go, and Python
  • Experience with threat modeling, DevOps, Secure SDLC and software security testing tools like SAST and DAST
  • Advanced information security knowledge with strong understanding of relevant supporting architecture domains (business, data, application, technical, integration, etc.)
  • Expertise in designing and implementing scalable solution architectures for a global enterprise

Why American Express?

Talk to our people and you'll find out what we're really all about. Open, creative, risk-taking, collaborative and innovative are just some of the expressions you'll hear. It's our culture that makes American Express an outstanding place to work, and a big part of why we regularly win best workplace awards all over the world including recognition amongst the World's Best Multinational Workplaces by Great Place to Work and Glassdoor's 2017 Best Places to Work. If you're ready to take on a challenge and make an impact, you owe it to yourself to launch or grow your career here.

To complete your application please click on the links below. However, if you require any assistance with the completion of this process - or need any reasonable adjustments to be made - then please contact the Recruitment Team on or (for Russia based candidates )

Schedule (Full-Time/Part-Time): Full-time