Senior Cyber Security Analyst – Application Security / DevSecOps / Secure Design/SAST, DAST – London Contract (12 Months, Hybrid 8 Days onsite per month, remote rest). Inside of IR35 – must use umbrella. £600 per day.
We are supporting a leading international organisation in the search for a Senior Cyber Security Analyst to join a high‑performing security engineering and assurance team. This role is ideal for a consultant with a strong background in Application Security, DevSecOps, Secure SDLC, Threat Modelling, and Cloud Security, who can work closely with engineering teams to embed security into modern software delivery environments. The successful consultant will operate across cloud‑native platforms, CI/CD pipelines, APIs, containers, and microservices architectures, helping drive secure‑by‑design principles across enterprise‑scale platforms.
Key Responsibilities
* Perform security risk assessments, secure design reviews, and threat modelling exercises for applications, APIs, and cloud platforms
* Define and implement secure‑by‑design principles across software engineering and DevOps teams
* Embed security controls into CI/CD pipelines using modern DevSecOps practices
* Lead and support SAST, DAST, SCA, and container security integration activities
* Conduct application and infrastructure security assessments aligned to OWASP, NIST, and industry best practices
* Work closely with development teams to triage vulnerabilities and support remediation activities
* Define security requirements for modern application architectures including APIs, Microservices, Kubernetes/Containers, Cloud‑native platforms
* Support secure architecture reviews across AWS and/or Azure environments
* Collaborate with stakeholders across Security, Engineering, DevOps, Risk, and Architecture teams
* Support vulnerability management, security governance, and secure delivery processes
Required Skills & Experience
* Application Security & Secure SDLC
* OWASP Top 10 / ASVS
* Secure coding practices
* Threat modelling (STRIDE / MITRE ATT&CK)
* Security architecture and design reviews
* Vulnerability management and remediation
* Secure Software Development Lifecycle (SSDLC)
* DevSecOps & CI/CD
* Security integration of security tooling into CI/CD pipelines
* Experience with: GitHub, GitLab, Jenkins, Azure DevOps
* Hands‑on experience with: SAST, DAST, SCA, Secrets scanning, Container security, Cloud & Platform Security, AWS and/or Azure security, Kubernetes / Docker / container security, API security, IAM / Identity Federation / SSO, WAF and cloud‑native security tooling, Infrastructure‑as‑Code security (Terraform / Checkov / tfsec)
* Security tooling experience with: SonarQube, Checkmarx, Veracode, Fortify, OWASP ZAP, Burp Suite, Snyk, Aqua, Wiz, Prisma Cloud, Defender for Cloud, Sentinel
Ideal Background
* 8–15+ years in Cyber Security
* Strong focus on Application Security and DevSecOps
* Experience working closely with engineering and platform teams
* Strong stakeholder engagement and communication skills
* Experience within regulated or enterprise environments (Financial services, government, or large‑scale enterprise) highly desirable
* Certifications desirable: CISSP, SABSA, GIAC, ISO 27001, Cloud security certifications (AWS / Azure)
Rates depend on experience and client requirements.
#J-18808-Ljbffr