About Jaja Jaja is a consumer finance business, launching its first product, a digital credit card, in 2018. Since then it has grown rapidly, completed the acquisition of a multi-£000m credit card portfolio and launched a significant partnership with the UK supermarket giant Asda. With backing from several major Private Equity funds, Jaja has an ambitious growth strategy that includes providing consumer finance in partnership with leading consumer brands, with a number of partnerships secured alongside an exciting pipeline of opportunities. Jaja is on a mission to redefine the consumer finance experience and liberate customers from needless complexity, wasted time, and frustration. Or as we say it, Make Simple. We will delight our customers – making the customer experience simpler, more enjoyable, more intelligent – treating customers fairly and giving them more control of their money. Role details Application Security Specialist As an Application Security Specialist, you will be responsible for ensuring the security of our Jaja’s software applications throughout their lifecycle. You will work closely with our development teams to identify and mitigate security risks, implement best practices, and establish robust security measures to protect our applications from potential threats. Key Accountabilities 1. Security Assessment: Conduct comprehensive security assessments of new and existing applications to identify vulnerabilities, security weaknesses, and potential risks. 2. Threat Modeling: Collaborate with development teams to perform threat modeling exercises, identifying potential security threats and implementing appropriate security controls to mitigate risks. 3. Code Review: Review application code to identify security flaws, coding errors, and vulnerabilities, providing guidance and recommendations for remediation. 4. Security Testing: Plan and execute security testing activities, including SAST/DAST/IAST, penetration testing, fuzz testing, and vulnerability scanning, to evaluate the effectiveness of security controls and identify weaknesses. 5. Security Compliance: Ensure that applications comply with relevant security standards, regulations, and industry best practices, such as OWASP Top 10, OWASP ASVS, MAVS, PCI DSS, and GDPR. 6. Security Architecture: Assist in designing and implementing secure application architectures, including authentication mechanisms, access controls, encryption, and secure communication protocols. 7. Incident Response: Collaborate with incident response teams to investigate security incidents, analyze root causes, and implement corrective actions to prevent recurrence. 8. Security Awareness: Promote security awareness among development teams through training sessions, workshops, and educational materials, fostering a culture of security awareness and responsibility. 9. Documentation: Maintain documentation related to application security, including security policies, procedures, and guidelines, ensuring accuracy and accessibility for relevant stakeholders. Essential skills and Experience Bachelor's degree in Computer Science, Information Security, or related field. Minimum 5 years’ experience in Application Security Experience with secure software development methodologies, such as Secure SDLC and DevSecOps. Understanding of IDEs, Code repositories & CI/CD Solutions Proven experience in application security assessment, penetration testing, and vulnerability management. Strong understanding of web application security concepts, including secure coding practices, authentication mechanisms, and common vulnerabilities (e.g., XSS, CSRF, SQL injection). Proficiency in security testing tools and techniques, such as Burp Suite, Sonarqube, Checkmarx, Veracode etc… Excellent analytical and problem-solving skills, with the ability to think critically and creatively to address complex security challenges. Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams and communicate technical concepts to non-technical stakeholders. Desirable skills and experience Knowledge of relevant regulatory requirements and compliance standards, such as GDPR, PCI DSS and ISO 27001. What's in it for you? The chance to make a real impact in a growing start-up on a mission to change the face of the consumer finance industry forever. Competitive salary Remote Hybrid working model Bonus scheme Annual Salary Review 4x life insurance cover Optional private health care Employee assistance program Annual staff get together 25 day holiday allowance plus UK bank holiday Pension Contributions Fair Processing Notification The personal information we have collected from you will be shared with Cifas who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by [https://www.cifas.org.uk/fpn].