Lead Application Security Tester/Source Code Reviewer A highly innovative security provider who are rapidly expanding their offensive security function, are currently looking for an experienced Lead Application Security Tester to join their NEW UK based team. As a lead, you will oversee a comprehensive security assessment of a cloud-native, microservices-based architecture. Your focus will be on web and mobile applications, cloud security testing, adversary emulation, and continuous security posture improvement. You will mentor junior team members and lead the development of security strategies and best practices. Due to the high level nature of the work, this is an On-Site position based in London Lead Application Security Tester Responsibilities: Leadership and Mentorship: Lead and mentor a team of penetration testers, providing guidance and support to ensure high-quality security assessments. Strategy Development: Develop and implement security testing strategies and best practices to enhance the organization’s security posture. Security Testing of Developer Workflows and Mobile Applications: Perform comprehensive security assessments on developer processes and mobile applications across iOS and Android platforms, identifying vulnerabilities and potential security threats. Source Code Review: Conduct detailed source code analysis to detect security flaws or weaknesses that could be exploited in software systems. Execution of Security Assessments and Reporting: Similar to Red Team operations, carry out thorough security assessments and compile detailed reports summarizing findings for review and remediation. Senior Application Security Tester Requirements: Location: Onsite at a Secure Facility, during standard business hours. Professional certifications such as GWAPT (GIAC Web Application Penetration Tester), OSCP (Offensive Security Certified Professional), CEH (Certified Ethical Hacker), or similar. 5-7 years of experience in application security testing and source code review with at least 2 years in a leadership role. Proficiency in multiple programming languages and understanding of secure coding practices. Strong analytical skills and attention to detail for identifying vulnerabilities. Testing Developer Flows and Mobile Apps: Conducts thorough security testing of developer workflows and mobile applications (for both iPhone and Android platforms), identifying security issues and vulnerabilities. Conducting Source Code Reviews: Performs in-depth source code reviews to identify security flaws or weaknesses that could be exploited in software applications. Executing Tests/Assessments and Drafting Reports: Executes detailed assessments and compiles findings into reports for further review and action. Experience with BurpSuite, Corellium, Checkmarx, Vercode, Plextrac, Cobaltstrike & more If interested in the position, please reach out to Matthew Dobree-Carey on LinkedIn, forward your resume to m.dobree-careyltharper.com or APPLY BELOW