Overview
This range is provided by Investigo. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Job Title: Security Analyst / Security Consultant
Location: Remote (actually remote. No “mandatory culture days”)
Salary: £55,000 + 10% Bonus and Benefits
Let’s skip the corporate fluff.
This is a Security Analyst / Consultant role for someone who gets it.
Someone who knows that “secure by design” isn\'t just something you write in a Confluence doc. Someone who knows risk isn’t always a red RAG status - and can explain the difference between a real issue and a theoretical one.
We\'re building secure products across a complex cloud environment (yes, both Azure and AWS). You’ll be the person making sure what we build isn’t just functional - but secure, sustainable, and risk-aware.
What you’ll actually be doing:
* Embedding yourself in engineering teams, making sure security is considered before, during and after development - not after someone clicks deploy.
* Leading the charge on application security - from secure coding principles to automated AppSec testing in CI/CD pipelines.
* Running (or helping run) threat modelling sessions and ensuring they\'re more than just drawing spiders on whiteboards.
* Working with devs and testers to embed security controls early in the lifecycle.
* Bringing DevSecOps principles into play - not just sprinkling tools into pipelines and calling it a day.
* Providing end-to-end security assurance of cloud-based products - containers, APIs, apps, infrastructure.
* Translating technical risk into business language that makes sense to non-technical decision-makers.
* Partnering with security testers to ensure ethical hacking, code reviews, infrastructure scans, and app assessments are done properly - not tick-box-style.
You should probably already know a bit about:
* Cloud security across Azure and AWS – IAM, storage, networking, serverless, containers, monitoring. Not expecting you to be a cloud architect, but you should know your way around.
* DevSecOps practices – secure pipelines, IaC security, dependency scanning, GitHub/Jenkins integrations.
* Application security – OWASP Top 10, SAST/DAST tooling, secrets management, API security.
* Threat modelling – Ideally STRIDE, or something better. And you can do it with a dev team, not just in theory.
* Vulnerability and risk management – and how to avoid both being reduced to spreadsheets.
* Frameworks like NIST, MITRE ATT&CK, Cyber Kill Chain, and compliance stuff like PCI-DSS.
* SIEMs, WAFs, DLPs, EDRs, and all the other acronym-heavy tools you’ve learned to assess critically.
You’ll do well here if:
* You speak fluent “tech” and “business”.
* You can spot a security gap without being a pain about it.
* You’re comfortable saying “no” - but you always explain why.
* You’re curious, self-driven, and allergic to box-ticking.
* You can back your views up with data, experience, or even just logic.
Letters & certs are nice (but not essential):
* Or you’ve just done the job long enough that you know your stuff without the need for badges.
Apply if that sounds like you.
If you\'re looking for a clipboard and a checklist, this isn\'t it.
#J-18808-Ljbffr