Security Consultant – DevSecOps​/Application Security

Job Title:
Security Consultant - Dev Sec Ops  / Application Security

Location:
Hybrid Manchester, UK (3days/week)

Duration: 6months+

520

GBP/day Inside IR35

We are looking for an experienced Security Consultant with strong Dev Sec Ops  and Application Security expertise. The ideal candidate should be comfortable working across secure software development, infrastructure security, and vulnerability management within modern CI/CD environments. CISSP certification is highly desirable, and additional security certifications would be an advantage.

The candidate should have hands‑on knowledge in at least one or more of the following areas:

• Computer Networking
• Application Security
• Penetration Testing
• Databases
• Linux and Windows Operating Systems

• Integrate security controls and best practices into SDLC and CI/CD pipelines.
• Support and manage SAST, SCA, IaC, and dependency scanning activities.
• Identify vulnerabilities and provide remediation guidance to development teams.
• Promote secure‑by‑design principles and Dev Sec Ops  culture across engineering teams.
• Collaborate with development, infrastructure, and security teams to improve overall application security posture.
• Conduct security reviews, risk assessments, and recommend mitigation strategies.
• Support secure coding practices and application security best practices.
• Assist in implementing and improving Dev Sec Ops  processes and automation.

• Strong understanding of Dev Sec Ops  implementation and Secure SDLC practices.
• Experience with Static Application Security Testing (SAST) and Software Composition Analysis (SCA) tools.
• Knowledge of Infrastructure-as-Code (IaC) security and dependency scanning.
• Hands‑on experience with vulnerability management and remediation support.
• Good understanding of application security principles and secure‑by‑design concepts.
• Familiarity with CI/CD pipelines and security automation.
• Experience working with Linux and Windows environments.
• Understanding of networking and security fundamentals.
• CISSP certification preferred.
• Additional certifications such as CEH, OSCP, CISM, Security+, or AWS/Azure Security certifications are beneficial.
• Exposure to cryptography concepts and penetration testing methodologies.
• Experience with cloud security and container security tools is a plus.

• Strong communication and stakeholder management skills.
• Ability to work collaboratively with developers and engineering teams.
• Problem‑solving mindset with strong analytical skills.
• Ability to explain technical security concepts to non‑technical stakeholders.