Cyber Security Analyst -

Senior Cyber Security Analyst - Application Security/DevSecOps/Secure Design/SAST, DAST - London

• Contract | 12 Months | Hybrid
• 8 Days onsite per month - the rest is remote working
• Inside of IR35 must use umbrella
• £600 per day

We are supporting a leading international organisation in the search for a Senior Cyber Security Analyst to join a high-performing security engineering and assurance team.

This role is ideal for a consultant with a strong background in Application Security, DevSecOps, Secure SDLC, Threat Modelling, and Cloud Security, who can work closely with engineering teams to embed security into modern software delivery environments.

The successful consultant will operate across cloud-native platforms, CI/CD pipelines, APIs, containers, and microservices architectures, helping drive secure-by-design principles across enterprise-scale platforms.

Key Responsibilities

• Perform security risk assessments, secure design reviews, and threat modelling exercises for applications, APIs, and cloud platforms
• Define and implement secure-by-design principles across software engineering and DevOps teams
• Embed security controls into CI/CD pipelines using modern DevSecOps practices
• Lead and support SAST, DAST, SCA, and container security integration activities
• Conduct application and infrastructure security assessments aligned to OWASP, NIST, and industry best practices
• Work closely with development teams to triage vulnerabilities and support remediation activities
• Define security requirements for modern application architectures including:
• APIs
• Microservices
• Kubernetes/Containers
• Cloud-native platforms
• Support secure architecture reviews across AWS and/or Azure environments
• Collaborate with stakeholders across Security, Engineering, DevOps, Risk, and Architecture teams
• Support vulnerability management, security governance, and secure delivery processes

Required Skills & Experience

We are looking for consultants with strong experience across several of the following areas:

Application Security & Secure SDLC

• OWASP Top 10/ASVS
• Secure coding practices
• Threat modelling (STRIDE/MITRE ATT&CK)
• Security architecture and design reviews
• Vulnerability management and remediation
• Secure Software Development Lifecycle (SSDLC)

DevSecOps & CI/CD Security

• Integration of security tooling into CI/CD pipelines
• Experience with:
• GitHub
• GitLab
• Jenkins
• Azure DevOps
• Hands-on experience with:
• SAST
• DAST
• SCA
• Secrets scanning
• Container security

Cloud & Platform Security

• AWS and/or Azure security
• Kubernetes/Docker/container security
• API security
• IAM/Identity Federation/SSO
• WAF and cloud-native security tooling
• Infrastructure-as-Code security (Terraform/Checkov/tfsec)

Security Tooling

Experience with tools such as:

• SonarQube
• Checkmarx
• Veracode
• Fortify
• OWASP ZAP
• Burp Suite
• Snyk
• Aqua
• Wiz
• Prisma Cloud
• Defender for Cloud
• Sentinel

Ideal Background

• 8-15+ years in Cyber Security
• Strong focus on Application Security and DevSecOps
• Experience working closely with engineering and platform teams
• Strong stakeholder engagement and communication skills
• Experience within regulated or enterprise environments preferred
• Financial services, government, or large-scale enterprise experience highly desirable

Certifications (desirable)

• CISSP
• SABSA
• GIAC
• ISO 27001
• Cloud security certifications (AWS/Azure)

*Rates depend on experience and client requirements