Role Details Role/Job Title: Sr Application Security Specialist Work Location: Norwich/London Mode of Working: Hybrid Hybrid Requirement: 3 days Duration of Assignment: 6 Months The Role Senior Application Security Specialist COE (Governance & Advisory) Your Responsibilities Own and drive the governance, guidance, and architectural messaging for Application Security (AppSec) across the organisation, ensuring consistent adoption of secure development practices. Define and maintain target-state AppSec governance frameworks, including policies, standards, and secure SDLC practices; assess current-state maturity and define transition states for teams and markets. Provide expert advisory across development, engineering, and product teams, ensuring AppSec requirements are integrated early and effectively into design and delivery workflows. Perform and lead application security assessments, threat modelling sessions, design reviews, and secure code review consultations. Partner with Security Product Owners and engineering teams to ensure AppSec tooling, processes, and services meet organisational needs and regulatory expectations. Support selection, evaluation, and procurement of AppSec technologies, contributing to tool strategy, capability uplift, and adoption across teams. Ensure AppSec best practices are understood and leveraged across the enterprise through coaching, documentation, and stakeholder engagement. Your Profile Essential Skills / Knowledge / Experience Extensive experience in Application Security within enterprise environments, ideally as part of a centralised Centre of Excellence or security governance function. Strong capability in developing and governing AppSec policies, standards, and secure SDLC frameworks. Expert knowledge across threat modelling, secure design, application risk assessment, and secure code review techniques. Hands-on understanding of DevSecOps practices, CI/CD pipeline security, and integrating security controls within modern development workflows. Ability to influence senior engineers, architects, and product leaders, ensuring secure-by-design principles are consistently applied. Experience producing AppSec maturity roadmaps, target-state models, and governance frameworks. Strong understanding of industry standards and frameworks (OWASP ASVS, OWASP SAMM, NIST, ISO 27034). Desirable Skills / Knowledge / Experience Experience implementing or advising on secure use of AI/ML applications, including secure patterns for Generative or Agentic AI. Background in secure architecture reviews for microservices, APIs, and cloud-native application stacks (AWS, Azure, or hybrid). Experience within regulated industries such as Financial Services or Insurance. Strong senior stakeholder communication skills, including the ability to articulate application risks and security requirements to executives.