Cyber Security Analyst

Senior Cyber Security Analyst – Application Security / Dev Sec Ops  / Secure Design/SAST, DAST – London Contract (12 Months, Hybrid 8 Days onsite per month, remote rest). Inside of IR35 – must use umbrella. £600 per day.

We are supporting a leading international organisation in the search for a Senior Cyber Security Analyst to join a high‑performing security engineering and assurance team. This role is ideal for a consultant with a strong background in Application Security, Dev Sec Ops , Secure SDLC, Threat Modelling, and Cloud Security, who can work closely with engineering teams to embed security into modern software delivery environments.

The successful consultant will operate across cloud‑native platforms, CI/CD pipelines, APIs, containers, and microservices architectures, helping drive secure‑by‑design principles across enterprise‑scale platforms.

• Perform security risk assessments, secure design reviews, and threat modelling exercises for applications, APIs, and cloud platforms
• Define and implement secure‑by‑design principles across software engineering and Dev Ops teams
• Embed security controls into CI/CD pipelines using modern Dev Sec Ops  practices
• Lead and support SAST, DAST, SCA, and container security integration activities
• Conduct application and infrastructure security assessments aligned to OWASP, NIST, and industry best practices
• Work closely with development teams to triage vulnerabilities and support remediation activities
• Define security requirements for modern application architectures including APIs, Microservices, Kubernetes/Containers, Cloud‑native platforms
• Support secure architecture reviews across AWS and/or Azure environments
• Collaborate with stakeholders across Security, Engineering, Dev Ops, Risk, and Architecture teams
• Support vulnerability management, security governance, and secure delivery processes

• Application Security & Secure SDLC
• OWASP Top 10 / ASVS
• Secure coding practices
• Threat modelling (STRIDE / MITRE ATT&CK)
• Security architecture and design reviews
• Vulnerability management and remediation
• Secure Software Development Lifecycle (SSDLC)
• Dev Sec Ops  & CI/CD
• Security integration of security tooling into CI/CD pipelines
• Experience with:
  Git Hub, Git Lab, Jenkins, Azure Dev Ops
• Hands‑on experience with: SAST, DAST, SCA, Secrets scanning, Container security, Cloud & Platform Security, AWS and/or Azure security, Kubernetes / Docker / container security, API security, IAM / Identity Federation / SSO, WAF and cloud‑native security tooling, Infrastructure‑as‑Code security (Terraform / Checkov / tfsec)
• Security tooling experience with:
  Sonar Qube, Checkmarx, Veracode, Fortify, OWASP ZAP, Burp Suite, Snyk, Aqua, Wiz, Prisma Cloud, Defender for Cloud, Sentinel

• 8–15+ years in Cyber Security
• Strong focus on Application Security and Dev Sec Ops
• Experience working closely with engineering and platform teams
• Strong stakeholder engagement and communication skills
• Experience with in regulated or enterprise environments (Financial services, government, or large‑scale enterprise) highly desirable
• Certifications desirable: CISSP, SABSA, GIAC, ISO 27001, Cloud security certifications (AWS / Azure)

Rates depend on experience and client requirements.