Application Security Lead

Application Security Lead Engineering Prolific Prolific is not just another player in the AI space – we are the architects of the human data infrastructure that's reshaping the landscape of AI development. In a world where foundational AI technologies are increasingly commoditized, it's the quality and diversity of human-generated data that truly differentiates products and models. The role Security at Prolific isn't an afterthought, it's foundational to how we build. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale, the security of our platform and the code that powers it is critical. We handle participant data, researcher credentials, payment flows, and API integrations, and we need someone to own how we protect all of it at the application layer. As Application Security Lead, you'll own Prolific's application security strategy and be the most senior security engineering voice in the organisation. You'll define and drive our Secure Software Development Lifecycle (SSDLC), set the standard for how security is embedded into engineering, and get hands-on with code review, threat modelling, and security testing when it matters. You'll also manage our Senior Application Security Engineer and continue to own our compliance programme alongside these responsibilities. This is a player-coach role. You won't just set strategy, you'll be in the code, leading by example, and building the security culture that scales with Prolific. You'll need deep engineering experience to earn the trust of our engineering teams, and deep application security experience to know where the real risks are. You'll report to the Head of Engineering/Platform and work cross-functionally with product engineering, platform, data, TechOps, and legal teams. As we scale, there's a clear path for this role to grow into leading a broader security function. What you’ll bring to the role Several years of experience in software engineering, you’ve built and shipped production systems at scale Several years in application security (testing, code review, threat modelling, vuln management) Expert knowledge of OWASP Top 10 (Web API) and modern attack paths (e.g. auth flaws, SSRF, injection, business logic, supply chain) Strong understanding of modern architectures (microservices, APIs, event-driven systems) Python for security tooling and automation (Django a strong plus) Hands-on testing experience (e.g. Burp Suite) and manual assessment of apps/APIs Experience building and scaling SSDLCs, including CI/CD tooling (SAST, SCA, DAST, secrets) Experience leading threat modelling and security design reviews Strong engineering partnership skills, you influence through trust Experience with ISO 27001 / SOC 2 and translating controls into real engineering practices Clear communicator across technical and non-technical audiences Nice to haves.. Experience mentoring or managing security engineers Experience with Django, Vue.js, MongoDB, GCP Security champions or bug bounty programmes Supply chain or infrastructure security (e.g. Terraform, Kubernetes) Hands-on certifications (OSCP, GWAPT, BSCP, CISSP) Experience building AppSec in a scaling company What you’ll be doing in the role You’ll own and evolve Prolific’s application security strategy end-to-end, from hands-on testing and threat modelling to scaling secure development practices across engineering. You’ll act as the go-to expert for application security, partnering with engineering leadership to balance risk and velocity, while building the tooling, processes, and culture needed to embed security into how we ship. This includes mentoring an AppSec engineer, leading high-impact security reviews, owning vulnerability management, and ensuring our platform stays ahead of modern threats. Why Prolific is a great place to work We've built a unique platform that connects researchers and companies with a global pool of participants, enabling the col ... (truncated, view full listing at source)