Cyber Security Analyst -

<p><strong>Senior Cyber Security Analyst - Application Security / DevSecOps / Secure Design/ SAST, DAST - London</strong></p><ul><li><strong>Contract 12 Months Hybrid</strong></li><li><strong>8 Days onsite per month - the rest is remote working</strong></li><li><strong>Inside of IR35 must use umbrella</strong></li><li><strong>£600 per day</strong></li></ul><p>We are supporting a leading international organisation in the search for a <strong>Senior Cyber Security Analyst</strong> to join a high-performing security engineering and assurance team.</p><p>This role is ideal for a consultant with a strong background in <strong>Application Security, DevSecOps, Secure SDLC, Threat Modelling, and Cloud Security</strong>, who can work closely with engineering teams to embed security into modern software delivery environments.</p><p>The successful consultant will operate across cloud-native platforms, CI/CD pipelines, APIs, containers, and microservices architectures, helping drive secure-by-design principles across enterprise-scale platforms.</p><p><strong>Key Responsibilities</strong></p><ul><li>Perform <strong>security risk assessments</strong>, secure design reviews, and threat modelling exercises for applications, APIs, and cloud platforms</li><li>Define and implement <strong>secure-by-design</strong> principles across software engineering and DevOps teams</li><li>Embed security controls into CI/CD pipelines using modern <strong>DevSecOps</strong> practices</li><li>Lead and support <strong>SAST, DAST, SCA</strong>, and container security integration activities</li><li>Conduct application and infrastructure security assessments aligned to <strong>OWASP</strong>, <strong>NIST</strong>, and industry best practices</li><li>Work closely with development teams to triage vulnerabilities and support remediation activities</li><li>Define security requirements for modern application architectures including:</li><ul><li>APIs</li><li>Microservices</li><li>Kubernetes / Containers</li><li>Cloud-native platforms</li></ul><li>Support secure architecture reviews across AWS and/or Azure environments</li><li>Collaborate with stakeholders across Security, Engineering, DevOps, Risk, and Architecture teams</li><li>Support vulnerability management, security governance, and secure delivery processes</li></ul><p><strong>Required Skills & Experience</strong></p><p>We are looking for consultants with strong experience across several of the following areas:</p><p><strong>Application Security & Secure SDLC</strong></p><ul><li>OWASP Top 10 / ASVS</li><li>Secure coding practices</li><li>Threat modelling (STRIDE / MITRE ATT&CK)</li><li>Security architecture and design reviews</li><li>Vulnerability management and remediation</li><li>Secure Software Development Lifecycle (SSDLC)</li></ul><p><strong>DevSecOps & CI/CD Security</strong></p><ul><li>Integration of security tooling into CI/CD pipelines</li><li>Experience with:</li><ul><li>GitHub</li><li>GitLab</li><li>Jenkins</li><li>Azure DevOps</li></ul><li>Hands-on experience with:</li><ul><li>SAST</li><li>DAST</li><li>SCA</li><li>Secrets scanning</li><li>Container security</li></ul></ul><p><strong>Cloud & Platform Security</strong></p><ul><li>AWS and/or Azure security</li><li>Kubernetes / Docker / container security</li><li>API security</li><li>IAM / Identity Federation / SSO</li><li>WAF and cloud-native security tooling</li><li>Infrastructure-as-Code security (Terraform / Checkov / tfsec)</li></ul><p><strong>Security Tooling</strong></p><p>Experience with tools such as:</p><ul><li>SonarQube</li><li>Checkmarx</li><li>Veracode</li><li>Fortify</li><li>OWASP ZAP</li><li>Burp Suite</li><li>Snyk</li><li>Aqua</li><li>Wiz</li><li>Prisma Cloud</li><li>Defender for Cloud</li><li>Sentinel</li></ul><p><strong>Ideal Background</strong></p><ul><li>8-15+ years in Cyber Security</li><li>Strong focus on <strong>Application Security and DevSecOps</strong></li><li>Experience working closely with engineering and platform teams</li><li>Strong stakeholder engagement and communication skills</li><li>Experience within regulated or enterprise environments preferred</li><li>Financial services, government, or large-scale enterprise experience highly desirable</li></ul><p><strong>Certifications (desirable)</strong></p><ul><li>CISSP</li><li>SABSA</li><li>GIAC</li><li>ISO 27001</li><li>Cloud security certifications (AWS / Azure)</li></ul><p></p><p> Rates depend on experience and client requirements</p><img src="https://www.jobg8.com/Tracking.aspx?tnOcX87vYBtldea7lPjujNMCVPau2CRWp" width="0" height="0" />