Application Security Technical Lead

At Pearson we are the worlds learning company with over 24000 employees across 70 countries. Our mission is to combine world-class educational content and assessment powered by services and technology to enable more effective teaching and personalised learning at scale. We believe that wherever learning flourishes so do people.

In this exciting and fast-paced role you will lead the design implementation and continuous improvement of Pearsons global Application Security program with a strong focus on technical enablement and automation. As an Application Security Technical Lead youll operate at the intersection of security engineering DevSecOps and cloud-native development helping secure a diverse portfolio of hundreds of applications built across AWS Azure and GCP.

Youll work closely with engineering DevOps SRE and product teams to embed security into every stage of our CI/CD pipelines ensuring that security is scalable automated and aligned with Pearsons rapid adoption of AI-driven technologies.

What Youll Do:

• Design and lead our technical application security strategy focusing on automation cloud-native security and secure software development.
• Manage the local application security team and align them with the broader goals of the global Application Security organization.
• Drive adoption and integration of SAST DAST SCA IaC security container scanning RASP and secret scanning tools.
• Build and enhance automation pipelines that support real-time vulnerability detection and remediation across our development lifecycle.
• Lead the Developer Security Champion program engaging and mentoring engineers across the business to create a security-first culture.
• Collaborate with DevOps and SRE teams to design secure scalable cloud infrastructure and application deployment models.
• Translate security requirements into actionable tooling architecture and secure coding practices.
• Support security initiatives related to AI/ML-driven development model security and responsible use of AI in software.
• Continuously evolve AppSec KPIs and metrics to track risk compliance and team effectiveness.

What You Bring:

• Significant hands-on experience (7 years) in application security software engineering or DevSecOps.
• Solid development background ideally in Java and JavaScript.
• Proven experience implementing and managing AppSec tooling (SAST DAST SCA IaC RASP secrets detection).
• Deep knowledge of cloud environments (Azure AWS GCP) and cloud-native security principles.
• Strong background in building and securing infrastructure using Infrastructure as Code (e.g. Terraform ARM).
• Experience supporting and securing modern application architectures including containers and microservices.
• Familiarity with OWASP Top 10 threat modeling and secure design patterns.
• Exceptional communication and cross-functional collaboration skills; youre comfortable working across Dev Ops and Security organizations.
• Experience mentoring or managing a team and running security champion initiatives is a big plus.
• Industry certifications (e.g. OSWE GSSP CISSP CSSLP) are desirable.