Principal Applications Security Engineer

  • Job Reference: NB15300
  • Date Posted: 10 May 2022
  • Recruiter: Waters Corporation
  • Location: Wilmslow, Cheshire
  • Remote Working: 100% remote working possible
  • Salary: On Application
  • Sector: Engineering > Computer Engineering, Security, Technology and IT
  • Job Type: Remote
  • Work Hours: Full Time

Job Description

Waters are looking to bring on board a Principal Applications Security Engineer within our Cloud Platform team based in Wilmslow. This role can either be based on-site here in Wilmslow or fully remote.

As a Principal Applications Security Engineer you will be supporting application teams on a daily basis with security expertise and helping to reduce the security technical debt, act as SME for the relevant security tooling in the CI/CD pipeline and work with the team to improve our existing capabilities. You will be leading the remediation of software vulnerabilities and providing context to decision makers to help manage risks and make informed decisions.


As a Principal Applications Security Engineer within the Cloud platform, you would be part of the Waters Informatics group producing software that is used by people worldwide for specialist measurement and scientific analysis. Your main responsibilities would include:

  • Provide subject-matter expertise on detecting and resolving code security defects
  • Maintain, improve and implement security tooling in the CI/CD pipeline and develop secure coding best practices
  • Enable and support Security Champions and proactively identify knowledge gaps in development teams
  • Lead the adoption of secure by design software components by development teams
  • Participate in and support security feature reviews and threat modelling
  • Develop scripts and tooling to shift left common security tasks to DevSecOps
  • Develop automation and guidance to resolve common security problems
  • Assist product owners to make risk informed decisions on existing vulnerabilities
  • Help develop security training and guidance for development teams.


We would love to hear from you if you have:

  • Solid experience in an Application Security or DevSecOps role
  • Strong experience in a Software Engineering role
  • Deep knowledge of common security controls frameworks (CIS, NIST, OWASP) and application security best practices
  • Deep understanding of secure software development lifecycle and how to align security controls to different stages
  • Ability to discover and remediate common security issues above and beyond OWASP Top 10
  • Experience in various programming languages relevant to Waters and with a scripting language like Ruby or Python
  • Extensive experience with static and dynamic analysis and common security tooling


In return you will receive:

  • A plan for your personal development in your own area of specialism, pursuing this with the support of your manager to undertake the training and learning to progress.
  • Competitive salary
  • 25 days annual leave
  • Private health and dental insurance
  • Contributory based pension scheme
  • Subsidized membership of onsite gym
  • EAP (Employee Assistance Program)