Application Security Engineer

• Help engineers safely adopt AI tools and experiment with AI to automate security tasks like vulnerability triage and remediation.
• Implement and tune SAST/DAST/SCA tools across the SDLC, focusing on increasing fidelity and reducing noise.
• Embed modern vulnerability management practices within engineering teams and consult on triage.
• Partner with architects, product managers, and engineers to incorporate security early through threat modeling and secure-by-design principles.

This role helps secure the energy platform that accelerates the shift to clean, electrified energy, ensuring reliable and safe operations for millions of users.

• Deep security knowledge: strong familiarity with OWASP Top 10, API Security (REST/GraphQL), and secure SDLC practices.
• Developer mindset: comfortable working with TypeScript and Go, and understanding how to secure cloud-native environments.
• Automation experience: implemented security tools within CI/CD pipelines (e.g., GitHub Actions).
• Consultative approach: ability to explain complex security risks to non-security stakeholders and guide teams toward pragmatic solutions.

Salary: £63,000 - £93,000 per year. Benefits include pension scheme, discretionary bonus, private medical insurance, life assurance, climate action app, 26 days holiday plus flexible bank holidays, progressive leave policies (26 weeks full pay for new parents), personal learning and home office budgets, flexible working, and more.

Kaluza is the Energy Intelligence Platform that helps energy companies overcome challenges and accelerate the shift to a clean, electrified future by orchestrating millions of real-time decisions across homes, devices, markets, and grids.