Application Security Specialist (DevOps)
Hybrid - Cambridge, UK (1 day a week in office)
We're looking for an experienced Application Security Specialist to join a growing cyber security team and play a key role in shaping a world-class application security programme.
What you'll be doing
* Guiding teams on security best practices, compliance, and secure coding.
* Collaborating with architects and developers to review designs and code for vulnerabilities.
* Embedding/improving threat modelling and secure development practices into the SDLC.
* Designing and integrating security testing plans.
* Performing and overseeing application security testing and driving remediation.
* Managing end-to-end vulnerability workflows, including bug bounty findings.
* Supporting incident response activities when needed.
* Monitoring and reporting on application security metrics, KPIs, and emerging threats.
* Automating processes for vulnerability detection and integrating tools into the pipeline.
Note: this position includes participation in an on-call rotation.
What we're looking for
* 3+ years in software engineering plus 2+ years in application security.
* Strong knowledge of OWASP, application vulnerabilities, and security testing techniques.
* Experience with secure web application development and Agile/DevOps methodologies.
* Familiarity with pen testing, bug bounty, or hacker community collaboration.
* Strong communication skills - able to influence stakeholders up to senior management.
* Self-starter with the ability to prioritise, work independently, and drive initiatives.
* Knowledge of wider IT and information security practices.
What's on offer
* Private healthcare (including dental).
* Pension contributions.
* Employee Assistance Programme & wellbeing support.
* Life insurance.
* Annual performance bonus.
* Enhanced family leave from day one.
* Flexible working hours.
* 25 days holiday + bank holidays (with buy/sell options)
#J-18808-Ljbffr