Application Security Specialist

We’re Kingfisher, A team made up of over 74,000 passionate people who bring Kingfisher - and all our other brands: B&Q, Screwfix, Brico Depot, Castorama and Koctas to life. Guided by our purpose Better Homes. Better Lives. For Everyone. We believe a better world starts with better homes, and we work every day to make that a reality. Join us and help shape the future of home improvement. 

We have a brand new opportunity for an Application Security Specialist to join our Security Operations team. This senior position will play a key role in driving improvements to and safeguarding Kingfisher’s digital platforms, by embedding security into every stage of development. This role ensures our web, mobile, and API applications remain resilient against evolving threats, supporting Kingfisher’s purpose of making home improvement accessible and secure for everyone. 

This role will be based at our Kingfisher Head Office in Paddington, with an expectation of 12 days a month in the office. 

• Own and optimise Kingfisher’s application security tools and services to maximise value. 

• Lead operational oversight of application security testing across web, mobile, and API platforms. 

• Drive the bug bounty programme and manage relationships with vendors and researchers. 

• Coordinate penetration testing activities and partner with application owners to remediate findings. 

• Integrate security into CI/CD pipelines and champion automation of security testing. 

• Provide actionable metrics, KPIs, and insights to improve application security posture. 

• Stay ahead of emerging threats and lead continuous improvement initiatives for application security.

This role will suit a strong communicator with excellent analytical and problem-solving skills, with a passion for application security and ability to bring a high level of energy, enthusiasm and creativity. In addition, from a technical point of view we are looking for: 

• Proven experience in application security or software development within complex technology environments. 

• Strong knowledge of secure coding practices and hands-on experience with SAST, DAST, and related tooling. 

• Practical experience integrating security into CI/CD pipelines in DevSecOps settings. 

• Familiarity with common attack vectors (e.g., OWASP Top 10) and mitigation techniques. 

• Experience with threat modelling and API security. 

How We Work 
We believe in flexibility and balance. Our hybrid model blends home working for focus with time spent connecting and collaborating - whether in our offices or at offsite locations. On average, around 60% of your time will involve in-person collaboration. 

We value the perspectives new team members bring and encourage you to apply - even if you don’t meet 100% of the requirements. 

What We Offer 
An inclusive environment where your potential is limited only by your imagination. We encourage new ideas, support experimentation, and strive to create a workplace where everyone can be their best self. Find out more about Diversity & Inclusion at Kingfisher here.   

We also offer a competitive benefits package and plenty of opportunities to stretch and grow your career. Scroll down below to find out more about our benefits. 

Diversity & Inclusion 
Our customers come from all walks of life - and so do we. We’re committed to ensuring all colleagues, future colleagues, and applicants are treated equally, regardless of age, gender, marital or civil partnership status, ethnicity, culture, religion, belief, political opinion, disability, gender identity, gender expression, or sexual orientation. 

Interested? Great, apply now and help us to Power the Possible. 

#LI-KO1