Application Security Engineer

About the role

Why Choose Bottomline? Are you ready to transform the way businesses pay and get paid? Bottomline is a global leader in business payments and cash management, with over 35 years of experience and moving more than $16 trillion in payments annually. We're looking for passionate individuals to join our team and help drive impactful results for our customers. If you're dedicated to delighting customers and promoting growth and innovation - we want you on our team! As an Application Security Engineer, you will play a critical role in strengthening the organisation's application security posture by supporting our penetration testing and application code scanning programmes. This role is responsible for identifying vulnerabilities, analysing security patterns and behaviours, and contributing to the continuous improvement of secure development practices across the software lifecycle. You will work closely with Product, Engineering, and Security teams to proactively identify and reduce risk exposure, supporting our threat exposure management approach across all applications. The role requires strong technical expertise combined with the ability to communicate complex security risks clearly and effectively to both technical and non-technical stakeholders. Essential Functions and Responsibilities: Orchestrate application p enetration testing across web, API, and service-based architectures Support application security scanning tools (SAST, SCA, DAST) and CI/CD pipeline integration Analyse vulnerabilities to identify patterns, behaviours, and root causes, not just individual findings Support prioritisation and provide guidance for remediation based on risk and threat exposure Contribute to improving coverage, consistency, and reliability of application security testing Support multiple projects and initiatives in parallel Required Experience & Qualifications 3+ years' experience in Application Security, Penetration Testing, or Secure Code Scanning Hands-on experience with p enetration testing techniques and tools Experience with application security scanning platforms (SAST, SCA, DAST) Strong understanding of common vulnerability patterns (e.g. OWASP Top 10) Knowledge of modern environments (APIs, microservices, CI/CD pipelines ) Strong analytical, problem-solving, and communication skills Preferred Experience & Qualifications Experience with platforms such as Veracode , Burp Suite, OWASP ZAP, or similar Understanding of risk-based or threat exposure management models Experience working with development teams in secure coding practices Relevant certifications such as: OSCP, OSWE, GWAPT, GPEN, CEH, CSSLP, CISSP or CISM Note : This job description is not intended to be an exhaustive list of all duties, responsibilities, or qualifications associated with the position. We welcome talent at all career stages and are dedicated to understanding and supporting additional needs. We're proud to be an equal opportunity employer, committed to creating an inclusive and open environment for everyone.