Cyber Security Consultant

Collaborate closely with cloud, platform, IAM and infrastructure teams to enforce aligned security guardrails across multicloud estates. Required technical and professional expertise * Proven hands-on experience in DevSecOps and application security engineering. * Strong understanding of secure coding, common appsec vulnerabilities, and remediation guidance. * Practical experience with SAST/DAST tooling (any vendor). * Ability to run or contribute to threat modelling efforts (e.g., STRIDE, attack path analysis). * Working knowledge of API, container and microservices security. * Experience configuring or working with WAF technologies. * Strong grasp of Secure SDLC, OWASP Top 10 and modern attack vectors. * Experience managing appsec vulnerabilities and advising developers on fixes. * Clear communication and consulting skills to influence engineering teams effectively. This role is subject to pre-employment screening in line with the UK Government's, As a DevSecOps Champion at CyberDefend, you will play a key role in helping clients embed security deeply and seamlessly into modern software delivery.

This is a hands-on engineering role where you'll work directly with development, cloud and platform teams to implement security controls, automate guardrails, and strengthen application resilience across hybrid and multicloud environments. You'll combine technical depth, practical DevSecOps experience, and strong advisory skills to enable organisations to build secure, high-velocity engineering pipelines.

Responsibilities

• Integrate security into every phase of the SDLC, ensuring secure-by-default development and deployment practices.
• Lead and facilitate threat modelling sessions, translating risks into clear technical requirements and design recommendations.
• Advise development teams on secure coding practices and mitigation strategies for common vulnerabilities (e.g., SQLi, XSS, SSRF, deserialization).
• Conduct and operationalise SAST/DAST/SCA scanning, triage findings, and guide developers through practical remediation.
• Strengthen API security through authentication, authorisation, schema validation and rate-limiting best practices.
• Implement and manage security controls for containers, Kubernetes and microservices, ensuring secure CI/CD deployment paths.
• Configure, tune and maintain WAF protections aligned to application risk profiles
• Manage application security vulnerabilities, ensuring accurate prioritisation, improved signal-to-noise, and actionable remediation plans.
• Champion DevSecOps culture by educating teams on OWASP Top 10, secure patterns, and modern application threats.
• Collaborate closely with cloud, platform, IAM and infrastructure teams to enforce aligned security guardrails across multicloud estates., 10, secure patterns, and modern application threats. * Collaborate closely with cloud, platform, IAM and infrastructure teams to enforce aligned security guardrails across multicloud estates. Required technical and professional expertise * Proven hands-on experience in DevSecOps and application security engineering. * Strong understanding of secure coding, common appsec vulnerabilities, and remediation guidance. * Practical experience with SAST/DAST tooling (any vendor). * Ability to run or contribute to threat modelling efforts (e.g., STRIDE, attack path analysis). * Working knowledge of API, container and microservices security. * Experience configuring or working with WAF technologies. * Strong grasp of Secure SDLC, OWASP Top 10 and modern attack vectors. * Experience managing appsec vulnerabilities and advising developers on fixes. * Clear communication and consulting skills to influence engineering teams effectively. This role is subject to, be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status. Cyber Security Consultant - DevSecOps Champion United Kingdom GBR None None London IBM Cyber Security Consultant - DevSecOps Champion Cyber Security Consultant - DevSecOps Champion

Baseline Personnel Security Standard (BPSS). An additional range of Personal Security Controls referred to as National Security Vetting (NVS) may apply, this could include meeting the eligibility requirements for The Security Check (SC) or Developed Vetting (DV). Preferred technical and professional experience * Experience implementing automated security guardrails for hybrid or multicloud application environments. * Familiarity with cloud IAM integration within CI/CD pipelines (e.g., workload identities, least-privilege automation). * Certifications such as CSSLP, CISSP, CCSP or relevant DevSecOps/AppSec credentials. * Experience with automation/orchestration tools (Terraform, Ansible, GitHub Actions, GitLab CI, Azure DevOps). * Hands-on experience with enterprise DevSecOps or CI/CD pipelines and secure infrastructure-as-code practices. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified, Required technical and professional expertise

• Proven hands-on experience in DevSecOps and application security engineering.
• Strong understanding of secure coding, common appsec vulnerabilities, and remediation guidance.
• Practical experience with SAST/DAST tooling (any vendor).
• Ability to run or contribute to threat modelling efforts (e.g., STRIDE, attack path analysis).
• Working knowledge of API, container and microservices security.
• Experience configuring or working with WAF technologies.
• Strong grasp of Secure SDLC, OWASP Top 10 and modern attack vectors.
• Experience managing appsec vulnerabilities and advising developers on fixes.
• Clear communication and consulting skills to influence engineering teams effectively.

This role is subject to pre-employment screening in line with the UK Government's Baseline Personnel Security Standard (BPSS). An additional range of Personal Security Controls referred to as National Security Vetting (NVS) may apply, this could include meeting the eligibility requirements for The Security Check (SC) or Developed Vetting (DV).

Preferred technical and professional experience

• Experience implementing automated security guardrails for hybrid or multicloud application environments.
• Familiarity with cloud IAM integration within CI/CD pipelines (e.g., workload identities, least-privilege automation).
• Certifications such as CSSLP, CISSP, CCSP or relevant DevSecOps/AppSec credentials.
• Experience with automation/orchestration tools (Terraform, Ansible, GitHub Actions, GitLab CI, Azure DevOps).
• Hands-on experience with enterprise DevSecOps or CI/CD pipelines and secure infrastructure-as-code practices., 1D751R-air-force 1D7X1-air-force 62E4-air-force 62E1R-air-force 62E3H-air-force 3D0X4-air-force 62E3T-air-force 62E3V-air-force 62E4N-air-force 1D751D-air-force 62EX-air-force 3D054-air-force 62E4R-air-force, pre-employment screening in line with the UK Government's Baseline Personnel Security Standard (BPSS). An additional range of Personal Security Controls referred to as National Security Vetting (NVS) may apply, this could include meeting the eligibility requirements for The Security Check (SC) or Developed Vetting (DV). Preferred technical and professional experience * Experience implementing automated security guardrails for hybrid or multicloud application environments. * Familiarity with cloud IAM integration within CI/CD pipelines (e.g., workload identities, least-privilege automation). * Certifications such as CSSLP, CISSP, CCSP or relevant DevSecOps/AppSec credentials. * Experience with automation/orchestration tools (Terraform, Ansible, GitHub Actions, GitLab CI, Azure DevOps). * Hands-on experience with enterprise DevSecOps or CI/CD pipelines and secure infrastructure-as-code practices. IBM is committed to creating a diverse environment and is proud to

Introduction At IBM CIC, we provide technical and industry expertise to a wide range of public and private sector clients in the UK. A career in IBM CIC means you'll have the opportunity to work with leading professionals across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. You will get the chance to deliver effective solutions, driving meaningful business change for our clients, using some of the latest technology platforms. Curiosity and a constant quest for knowledge serve as the foundation to success here. You'll be encouraged and supported to constantly reinvent yourself, focusing on skills in demand in an ever changing market. You'll be working with diverse teams, coming up with creative solutions which impact a wide network of clients, who may be at their site or one of our CIC or IBM locations. Our culture of evolution centres on long-term career growth and development opportunities in an environment that embraces your unique skills and experience. We offer: * Many training opportunities from classroom to e-learning, mentoring and coaching programs and the chance to gain industry recognized certifications * Regular and frequent promotion opportunities to ensure you can drive and develop your career with us * Feedback and checkpoints throughout the year * Diversity & Inclusion as an essential and authentic component of our culture through our policies and process as well as our Employee Champion teams and support networks * A culture where your ideas for growth and innovation are always welcome * Internal recognition programs for peer-to-peer appreciation as well as from manager to employees * Tools and policies to support your work-life balance from flexible working approaches, sabbatical programs, paid paternity leave, maternity leave and an innovative maternity returners scheme * More traditional benefits, such as 25 days holiday (in addition to public holidays), private medical, dental & optical cover, online shopping discounts, an Employee Assistance Program, life assurance and a group personal pension plan of an additional 5% of your base salary paid by us monthly to save for your future. Your role and responsibilities As a DevSecOps Champion at CyberDefend, you will play a key role in helping clients embed security deeply and seamlessly into modern software delivery. This is a hands-on engineering role where you'll work directly with development, cloud and platform teams to implement security controls, automate guardrails, and strengthen application resilience across hybrid and multicloud environments. You'll combine technical depth, practical DevSecOps experience, and strong advisory skills to enable organisations to build secure, high-velocity engineering pipelines. Responsibilities * Integrate security into every phase of the SDLC, ensuring secure-by-default development and deployment practices. *, * Many training opportunities from classroom to e-learning, mentoring and coaching programs and the chance to gain industry recognized certifications

• Regular and frequent promotion opportunities to ensure you can drive and develop your career with us
• Feedback and checkpoints throughout the year
• Diversity & Inclusion as an essential and authentic component of our culture through our policies and process as well as our Employee Champion teams and support networks
• A culture where your ideas for growth and innovation are always welcome
• Internal recognition programs for peer-to-peer appreciation as well as from manager to employees
• Tools and policies to support your work-life balance from flexible working approaches, sabbatical programs, paid paternity leave, maternity leave and an innovative maternity returners scheme
• More traditional benefits, such as 25 days holiday (in addition to public holidays), private medical, dental & optical cover, online shopping discounts, an Employee Assistance Program, life assurance and a group personal pension plan of an additional 5% of your base salary paid by us monthly to save for your future., Introduction At IBM CIC, we provide technical and industry expertise to a wide range of public and private sector clients in the UK. A career in IBM CIC means you'll have the opportunity to work with leading professionals across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. You will get the chance to deliver effective solutions, driving meaningful business change for our clients, using some of the latest technology platforms. Curiosity and a constant quest for knowledge serve as the foundation to success here. You'll be encouraged and supported to constantly reinvent yourself, focusing on skills in demand in an ever changing market. You'll be working with diverse teams, coming up with creative solutions which impact a wide network of clients, who may be at their site or one of our CIC or IBM locations. Our culture of evolution centres on long-term career growth and development opportunities in an environment that embraces your unique skills and experience. We offer: * Many training opportunities from classroom to e-learning, mentoring and coaching programs and the chance to gain industry recognized certifications * Regular and frequent promotion opportunities to ensure you can drive and develop your career with us * Feedback and checkpoints throughout the year * Diversity & Inclusion as an essential and authentic component of our culture through our policies and process as well as our Employee Champion teams and support networks * A culture where your ideas for growth and innovation are always welcome * Internal recognition programs for peer-to-peer appreciation as well as from manager to employees * Tools and policies to support your work-life balance from flexible working approaches, sabbatical programs, paid paternity leave, maternity leave and an innovative maternity returners scheme * More traditional benefits, such as 25 days holiday (in addition to public holidays), private medical, dental & optical cover, online shopping discounts, an Employee Assistance Program, life assurance and a group personal pension plan of an additional 5% of your base salary paid by us monthly to save for your future. Your role and responsibilities As a DevSecOps Champion at CyberDefend, you will play a key role in helping clients embed security deeply and seamlessly into modern software delivery. This is a hands-on engineering role where you'll work directly with development, cloud and platform teams to implement security controls, automate guardrails, and strengthen application resilience across hybrid and multicloud environments. You'll combine technical depth, practical DevSecOps experience, and strong advisory skills to enable organisations to build secure, high-velocity engineering pipelines. Responsibilities * Integrate security into every phase of the SDLC, ensuring

Lead and facilitate threat modelling sessions, translating risks into clear technical requirements and design recommendations. * Advise development teams on secure coding practices and mitigation strategies for common vulnerabilities (e.g., SQLi, XSS, SSRF, deserialization). * Conduct and operationalise SAST/DAST/SCA scanning, triage findings, and guide developers through practical remediation. * Strengthen API security through authentication, authorisation, schema validation and rate-limiting best practices. * Implement and manage security controls for containers, Kubernetes and microservices, ensuring secure CI/CD deployment paths. * Configure, tune and maintain WAF protections aligned to application risk profiles * Manage application security vulnerabilities, ensuring accurate prioritisation, improved signal-to-noise, and actionable remediation plans. * Champion DevSecOps culture by educating teams on OWASP Top 10, secure patterns, and modern application threats. *, At IBM CIC, we provide technical and industry expertise to a wide range of public and private sector clients in the UK. A career in IBM CIC means you'll have the opportunity to work with leading professionals across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. You will get the chance to deliver effective solutions, driving meaningful business change for our clients, using some of the latest technology platforms. Curiosity and a constant quest for knowledge serve as the foundation to success here. You'll be encouraged and supported to constantly reinvent yourself, focusing on skills in demand in an ever changing market. You'll be working with diverse teams, coming up with creative solutions which impact a wide network of clients, who may be at their site or one of our CIC or IBM locations. Our culture of evolution centres on long-term career growth and development opportunities in an environment that embraces your unique skills and experience., IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status. seo.joblisting.3727CDEC3CAD4677A4F24A3BC9A7BB50 False IBM 51.51509532163742::-0.11589239766081874::58278 51.51509532163742::-0.11589239766081874::58278 https://de.jobsyn.org/3727CDEC3CAD4677A4F24A3BC9A7BB5010 London, GBR London, GBR 62E4M-air-force 255S-army ISM-coast-guard 62E3I-air-force 26B-army 1D731B-air-force 1D711Z-air-force 62E1W-air-force 1D771D-air-force 1D711D-air-force 51R-army 62E1T-air-force 62E1H-air-force 62E3R-air-force 62E1P-air-force 62E4Q-air-force 62E1I-air-force 62E3M-air-force 1D771A-air-force 6694-marines 1D731A-air-force 1D751Z-air-force 1D731R-air-force 8K000-air-force 1D711A-air-force 62E1A-air-force 1D711K-air-force 62E1N-air-force 70D-army 1D771E-air-force 9891-navy 62E3C-air-force 62E4S-air-force 1D771R-air-force 62E1M-air-force 8858-marines 62E4T-air-force 3D034-air-force 62E4Y-air-force 2659-marines ET-coast-guard 1D731-air-force 62E1E-air-force 1D700-air-force 62E3P-air-force 62E3G-air-force 62E1G-air-force 255A-army 62E1C-air-force 3D100-air-force 9512-navy 1D731E-air-force 1D771-air-force 1D771Z-air-force 170D-army, 62E1Z-air-force 1D711R-air-force 62E4P-air-force 62E3Z-air-force 1D751B-air-force 62E3B-air-force 0679-marines ELC-coast-guard 62E3Y-air-force 1D731D-air-force 3D1X2-air-force 26A-army 1D771K-air-force 1D711-air-force 62E4W-air-force 1D751A-air-force 26Z-army 62E3E-air-force 2653-marines IT-navy 62EXC-air-force 1D791-air-force IS-coast-guard IT-coast-guard 62E3W-air-force 62E1V-air-force 3D190-air-force 3D074-air-force 1D751E-air-force 784-navy 1D711E-air-force 62E3Q-air-force 62E1F-air-force 62E3F-air-force 1D731K-air-force 62E3A-air-force 62E1S-air-force 62E4V-air-force 62E1B-air-force 1D771B-air-force 62E4Z-air-force 62E3S-air-force 002775-navy 1D711B-air-force 62E1Q-air-force 62E3N-air-force 3D014-air-force 184-navy 1721-marines 1D751-air-force 1D751K-air-force 62E1Y-air-force, secure-by-default development and deployment practices. * Lead and facilitate threat modelling sessions, translating risks into clear technical requirements and design recommendations. * Advise development teams on secure coding practices and mitigation strategies for common vulnerabilities (e.g., SQLi, XSS, SSRF, deserialization). * Conduct and operationalise SAST/DAST/SCA scanning, triage findings, and guide developers through practical remediation. * Strengthen API security through authentication, authorisation, schema validation and rate-limiting best practices. * Implement and manage security controls for containers, Kubernetes and microservices, ensuring secure CI/CD deployment paths. * Configure, tune and maintain WAF protections aligned to application risk profiles * Manage application security vulnerabilities, ensuring accurate prioritisation, improved signal-to-noise, and actionable remediation plans. * Champion DevSecOps culture by educating teams on OWASP Top