London - UK Only Please
Key Responsibilities
Support and enhance the organisation's application security testing programme, leveraging approved enterprise tools for SAST, SCA, DAST, API security assessment, and penetration testing activities.
Conduct manual analysis and security review activities across web, API, and internal applications to validate automated findings and uncover additional weaknesses.
Triage, verify, and risk‑rank vulnerabilities, partnering with engineering and application teams to ensure findings are accurately understood and remediation actions are practical and prioritised.
Monitor and drive remediation progress, tracking closure of vulnerabilities and supporting engineering teams with root‑cause analysis to reduce repeat issues.
Contribute to secure development practices, helping to maintain secure coding standards, patterns, and reusable security controls or guardrails.
Operate and optimise AppSec tooling within CI/CD workflows, supporting the organisation's DevSecOps journey and enabling early, automated detection of security issues.
Provide hands‑on guidance to developers, helping teams understand vulnerabilities, adopt secure patterns, and deliver applications that meet required security standards.
Maintain comprehensive application security metrics, dashboards, and reports, ensuring technical and non‑technical stakeholders have clear visibility of risk, progress, and governance alignment.
Performance Objectives
Effectively run the application security toolset (SAST, SCA, DAST, API testing) within established SDLC and CI/CD processes, ensuring vulnerabilities are accurately identified, triaged, and communicated to engineering teams.
Strengthen collaboration with development teams, providing high‑quality remediation guidance and driving a measurable reduction in recurring application security weaknesses.
Deliver clear, actionable AppSec reporting, maintaining dashboards and metrics that support governance, risk visibility, and informed decision‑making for technical and leadership stakeholders.
Skills and ExperienceSpecification
Essential
Hands‑on experience in Application Security, DevSecOps, or security engineering, preferably within a large or complex technical environment.
Practical experience deploying, tuning, and operating SAST, SCA, DAST, and API security tools as part of a structured AppSec programme.
Strong understanding of secure coding fundamentals and common software weaknesses, including the OWASP Top 10 and MITRE CWE Top 25.
Demonstrated experience triaging, validating, and prioritising vulnerabilities, working directly with software engineers to support remediation.
Ability to read and interpret code in at least one common programming language (e.g., C#, JavaScript, Python).
Knowledge of CI/CD pipelines and the integration of security tooling into developer workflows (e.g., GitHub Actions, Azure DevOps).
Strong understanding of authentication and authorisation, including OAuth, OIDC, SSO, and role‑based access control principles.
Experience producing and maintaining security metrics, dashboards, or reporting to support governance and visibility.
Desirable
Experience automating or contributing to DevSecOps tooling and pipelines, including scripting (e.g., Python, Bash).
Knowledge of software supply chain security, dependency management practices, and artefact repositories (e.g., Artifactory).
Exposure to cloud‑native and containerised environments, including AWS/Azure, Kubernetes, microservices, and API‑centric architectures.Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)