Security Risk Analyst; Application Security & Pen Testing

Rate : £500-£550 Inside IR35 (negotiable)

Duration : 12 months initially

Location :
Ipswich 3 days per week, 2 days remote

Industry :
Global Financial Services

We are looking for an experienced Security Risk Analyst with strong expertise in application security, vulnerability management, and penetration testing. In this role, you will assess the security posture of enterprise applications, uncover risks, and deliver clear, actionable reports to senior leadership and the CISO. This is an analysis-focused position — no remediation required — ideal for someone with a hands-on security background who has transitioned into risk evaluation.

• Perform security diagnostics and vulnerability assessments across enterprise applications.
• Conduct penetration testing to identify weaknesses and security gaps.
• Deliver detailed risk reports, including impact and likelihood, to senior stakeholders and the CISO.
• Align risk assessments with standards such as NIST, ISO 27001, and CIS Controls.
• Support GRC initiatives, audits, and compliance reviews.
• Leverage experience in pen testing, vulnerability management, or incident response to contextualize threats.
• Collaborate with cross-functional teams while maintaining independent risk judgement.

• Strong background in security risk analysis, application security, or vulnerability management.
• Hands-on experience in penetration testing.
• Familiarity with tools such as Qualys, Tenable, Nexpose, Burp Suite, etc.
• Understanding of risk assessment methodologies and ability to communicate risk clearly.
• Experience working with CISOs or senior security leadership.
• Relevant certifications such as OSCP, CISSP, CISM, CRISC, CEH are highly valued.