Submitting more applications increases your chances of landing a job.

Here’s how busy the average job seeker was last month:

Opportunities viewed

Applications submitted

Keep exploring and applying to maximize your chances!

Looking for employers with a proven track record of hiring women?

Click here to explore opportunities now!
We Value Your Feedback

You are invited to participate in a survey designed to help researchers understand how best to match workers to the types of jobs they are searching for

Would You Be Likely to Participate?

If selected, we will contact you via email with further instructions and details about your participation.

You will receive a $7 payout for answering the survey.


User unblocked successfully
NATHAN FLYNN, Senior Application Security Consultant

NATHAN FLYNN

Senior Application Security Consultant·Tesco Mobile

Great Britain (UK)

Diploma, Electronic And Electrical Engineering

Work experience

Total years of experience: 16 years, 5 months

Senior Application Security Consultant

January 2026 - Present

Tesco Mobile

London, United Kingdom Hybrid

January 2026 - Present

• BISO Advisory & Stakeholder Engagement: Serving as the business-aligned security
advisor, translating application risk into commercial and regulatory impact for senior
leadership, and representing the security function at business unit level to drive risk
informed decision making.
• Technical AppSec Consulting & AI Security: Working directly with engineering teams
to assess application security posture, conduct threat modelling and security design
reviews, and provide hands-on technical guidance on vulnerability remediation and secure
coding practices across the mobile platform. Embedding AI-powered defensive tooling into
the Secure SDLC, including defence against emerging AI-driven threat vectors across the
mobile platform.
• Security Governance & Compliance Oversight: Leading application security
assurance activities including control gap assessments, audit evidence management, and
regulatory compliance verification, ensuring the mobile platform meets industry security
standards and internal policy requirements.

Company industry:
Telecommunications
Job role:
Information Technology

Principal Application Security Consultant

January 2026 - Present

Tesco Mobile

London, United Kingdom Hybrid

January 2026 - Present

• AppSec Transformation & BISO Advisory: Spearheading the strategic transformation
of the enterprise software security program while serving as the primary BISO-aligned
advisor to the Senior Leadership Team, successfully translating complex application risks
into commercial strategy and board-level risk decisions.
• Strategic Architecture & Threat Governance: Directing the Technical Design Authority
(TDA) and secure-by-design frameworks across the mobile platform, establishing advanced
threat modelling patterns to eliminate structural vulnerabilities before production.
• Frontier AI & Tech Advisory Strategy: Architecting the corporate advisory strategy and
governance frameworks for securely integrating AI-powered defensive capabilities into the
engineering ecosystem, ensuring cutting-edge technical transformation stays aligned with
enterprise compliance mandates.

Company industry:
Telecommunications

Senior Application Security Lead

May 2022 - January 2026

Maersk

London, United Kingdom Remote

May 2022 - January 2026

• Security Architecture & Governance: Directed the Technical Design Authority (TDA)
for global projects, utilising STRIDE Threat Modelling to mitigate architectural flaws and
conducting post-build verification to ensure production environments met rigorous
security benchmarks.
• Engineering Strategy & DevSecOps: Orchestrated the global integration of
SAST/DAST/SCA tooling and Secure SDLC practices across web development streams,
providing code-level guidance to optimize vulnerability triage and remediation.
• Technical Governance & Audit Liaison: Served as the primary technical subject
matter expert for security audits, conducting architectural gap assessments and verifying
that technical controls within applications aligned with corporate security requirements.
• Risk Management & Stakeholder Influence: Partnered with global vendors and C
suite leadership to align remediation priorities with Enterprise Risk Appetite, ensuring all
regulatory requirements were met through data-driven security reporting.
• Security Culture & Performance: Co-chaired the Security Champions board to
institutionalize OWASP Top 10 standards across engineering teams, developing
automated KPI dashboards to track and improve MTTR and scan coverage.

Company industry:
Shipping

Senior Application Security Consultant

October 2021 - January 2022

GBG Plc

United Kingdom Remote

October 2021 - January 2022

• NIST Framework Governance: Conducted comprehensive technical gap analysis
against the NIST CSF, identifying architectural deficiencies and producing a strategic
remediation roadmap.
• Secure SDLC Architecture: Authored the enterprise Secure SDLC Framework,
integrating STRIDE threat modelling and automated security gates into design and build
phases aligned to OWASP Top 10 and ISO 27001.
• Assurance Verification: Evaluated enterprise AppSec toolsets and managed third-party
testing to verify the resilience of external-facing web products and api end-points.

Company industry:
Software Development

Lead AppSec Architect / Engineer

December 2017 - October 2021

TJX Europe

London, United Kingdom

December 2017 - October 2021

• Compliance & Regulatory Validation: Verified that application-layer defences (WAF,
API security and encryption) were correctly implemented according to PCI DSS, GDPR
and SOX specifications.
• Technical Audit Leadership: Directed global compliance programs and acted as the
primary technical liaison for external auditors, providing evidence of control
effectiveness for annual audit certifications.
• Security Architecture: Led the Technical Design Authority for global retail platforms,
using security standards and threat modelling, with the focus on preventing logic flaws
in high-transaction web environments.
• Engineering Oversight & Remediation: Directed engineering teams in the hands-on
remediation of high-risk vulnerabilities; provided specific secure coding patterns to
reduce the attack surface.
• Assurance Testing & Incident Response: Managed third-party penetration testing
engagements and provided application-level expertise during security incidents to
investigate root causes and implement mitigations.

Company industry:
Retail & Wholesale

Lead AppSec Architect / Engineer

December 2017 - October 2021

TJX Europe - TKMaxx,

London, United Kingdom Hybrid

December 2017 - October 2021

• Compliance & Regulatory Validation: Verified that application-layer defences (WAF,
API security and encryption) were correctly implemented according to PCI DSS, GDPR
and SOX specifications.
• Technical Audit Leadership: Directed global compliance programs and acted as the
primary technical liaison for external auditors, providing evidence of control
effectiveness for annual audit certifications.
• Security Architecture: Led the Technical Design Authority for global retail platforms,
using security standards and threat modelling, with the focus on preventing logic flaws
in high-transaction web environments.
• Engineering Oversight & Remediation: Directed engineering teams in the hands-on
remediation of high-risk vulnerabilities; provided specific secure coding patterns to
reduce the attack surface.
• Assurance Testing & Incident Response: Managed third-party penetration testing
engagements and provided application-level expertise during security incidents to
investigate root causes and implement mitigations.

Company industry:
Retail & Wholesale

Senior Software Engineer

January 2009 - January 2017

AB Communications, ShopTo.net

London, United Kingdom

January 2009 - January 2017

• Enterprise Delivery: Designed and delivered high-availability web platforms and e
commerce solutions for Sony, Microsoft, Nintendo and EA — including the Sony
PlayStation Digital Store for ShopTo.net.
• Security & Compliance: Introduced application security practices, integrated
payment APIs (SagePay, PayPal) and ensured PCI DSS compliance across client-facing
platforms.

Company industry:
Retail & Wholesale

Education

uxbridge college

May 2005

May 2005

Diploma, Electronic And Electrical Engineering

United Kingdom

Skills

APPLICATION DEVELOPMENT
Intermediate
APPLICATION DEVELOPMENT
Intermediate
APPLICATION SECURITY
Intermediate
APPLICATION SECURITY
Intermediate
COMPLIANCE REQUIREMENTS
Intermediate
COMPLIANCE REQUIREMENTS
Intermediate
CONSULTING
Intermediate
CONSULTING
Intermediate
DIGITAL TRANSFORMATION
Intermediate
DIGITAL TRANSFORMATION
Intermediate
ENTERPRISE SECURITY
Intermediate
ENTERPRISE SECURITY
Intermediate
RISK MANAGEMENT
Intermediate
RISK MANAGEMENT
Intermediate
SOFTWARE DEVELOPMENT LIFE CYCLE
Intermediate
SOFTWARE DEVELOPMENT LIFE CYCLE
Intermediate
SOFTWARE ENGINEERING
Intermediate
SOFTWARE ENGINEERING
Intermediate
TECHNICAL DESIGN
Intermediate
TECHNICAL DESIGN
Intermediate

Languages

English

Native Speaker