Job Description

Contractual hours

36.25

Basis

Full time

Job category/type

Central Functions

Date posted

23/10/2025

Job reference

REQ003217

Senior Application Security Engineer

Location:

Reading

Employment Type:

Permanent, Full Time

Grade:

Consultant

Hybrid

REQ003217

About XPS Group:

XPS Group is a prominent and growing UK consultancy and administration firm within the pensions and insurance sectors. As a FTSE 250 company with over 2000 employees, we leverage expertise alongside advanced technology to serve over 1,400 pension schemes and their sponsors. Our goal is to foster a workplace where diverse talents thrive.

About the Role:

XPS Cyber Security is an expanding team made up of internal cyber security engineers and cyber security operations analysts with an external 24/7 Security Operations Centre. The Senior Application Security Engineer role will be challenged with researching and implementing the latest technologies in the industry. This environment is highly technical and collaborative.



Reporting to the Cyber Security Engineering Manager, the Senior Application Security Engineer will perform daily security engineering tasks and assist with security hardening projects to protect XPS Group's IT infrastructure, networks and data. The ideal candidate will be a self-starter, with strong experience in web application security, vulnerability management, penetration testing and hardening IT systems. Experience working with cloud hosting providers, cloud migration, managing application testing and working with system owners/developers to improve application security is essential for this role.

Key Responsibilities:

Use expert security knowledge with a particular focus in application security testing, cloud security, vulnerability management and secure development processes to minimise risk. Promote best-practice, secure design principles, standards, and threat modelling into IT, projects and development teams. Identify and mitigate security risks early during change control and software development lifecycles (SDLC). Take ownership of day-to-day running of technical vulnerability management and embed a Risk-Based vulnerability programme. Support the implementation of security controls across XPS, with a particular focus in cloud environments (e.g. Azure inc. cloud native applications). Contribute to the selection, evaluation, and implementation of best-in-class application security tools and processes. Develop an understanding of the threats, risks, vulnerabilities and evolving attack vectors facing the business. Assist and advise on security training, be able to mentor and drive awareness programmes tailored to XPS needs. Assist the wider security team with timely security incident management, security training, and reviewing supplier/client information security questionnaires. Due to the changing nature of the business, the job holder may from time to time be required to undertake other activities of a similar nature that fall within their capabilities.

Your Profile:

Essential:

Experienced application security engineer with demonstrable detailed knowledge of security products, Web Application Firewalls, access control, AV, email and web security gateways, load-balancers, ACLs, TCP/IP, routing and switching. Knowledge of secure agile coding practices, security testing (SAST/DAST/SCA/Penetration testing), with strong understanding of common application security vulnerabilities (OWASP Top 10, CWE), and their remediation. Excellent written and spoken communication skills with ability to create, update and maintain documentation/network diagrams. Hands on experience with security testing tools such as static / dynamic analysis and penetration testing tools. Knowledge of current and future security initiatives e.g. OWASP standards, SASE, intelligence led penetration testing, zero-trust, threat centric security and risk-based vulnerability management. Be a security leader, with ability to work collaboratively with IT, wider teams, end users, and mentor IT/security colleagues on security principles where necessary. Has relevant experience and certification in security engineering e.g. CISSP, SANS GCIA, Comptia Security+ and/or CCNA/CCNP or equivalent qualifications. Detailed understanding of Security Infrastructure design, IT Security best practice and hardening standards. Detailed understanding of common IT protocols, infrastructure and systems e.g. Networks, Domain management and virtualised infrastructure. Willing to travel to other locations as and when required.

Qualifications:

Computer Science degree, or relevant experience.

Desirable:

Strong background in threat modelling. Knowledge of ISO27001, Cyber Essentials Plus and Cloud certification e.g. CSA STAR.

What We Offer:

Enjoy a competitive salary, annual discretionary bonus, and 25 days' holiday with buy/sell flexibility. Benefits include pension matching, healthcare plans, life assurance, and retailer discounts. We support our team with a flexible benefits scheme, employee assistance, and digital GP service. Participating in volunteering events is encouraged with paid volunteer days available. Referral bonuses are offered for introducing suitable candidates to XPS.

How to Apply:

Interested candidates should submit applications via Apply Now option or contact recruitment@xpsplc.com for more information. Join XPS Group and contribute to a dynamic and inclusive workplace.

Equal Opportunities Statement:

XPS Group is committed to diversity and equal opportunities. We welcome applications from all candidates, irrespective of sex, race, disability, sexual orientation, religion, or belief. As a Disability Confident employer, we ensure accessible and supportive work settings for all employees.

Eligibility:

Any employment offer made will be conditional upon you satisfying DBS Disclosure checks, Employment or educational references, Satisfactory credit checks and eligibility to work in the UK before an offer can be made. XPS Group is not able to provide sponsorship to employees.

Who Are We:

To find out more please visit: www.xpsgroup.com