Lead Application Security Consultant

We are seeking a versatile and proactive Application Security Consultant to join a leading banking organisation currently undergoing a significant technology transformation programme. As we modernise our technology stack, maintaining trust, resilience and strong security foundations is critical.

In this role you will act as the security lead within an application delivery team, supporting secure software development across a complex hybrid environment that includes modern web technologies, microservices, Legacy platforms, and API-driven architectures.

This is not a traditional advisory role. You will be Embedded within delivery teams, working directly with engineers, product managers and technology leaders to solve real security challenges while enabling teams to deliver at pace.

The Role

A key focus will be helping uplift application security practices to ensure development teams can deliver secure and scalable software quickly. You will help operate and improve secure change processes while contributing to the evolution of the organisation's application security assurance model.

Your work will include developing and enhancing:

• Secure development practices
• Security metrics and reporting
• Security controls and assurance processes
• Automation within CI/CD pipelines
• Templates, tooling and workflows to support secure delivery, Security Integration within Delivery
• Act as the Embedded security lead within a technology delivery team
• Participate in agile ceremonies including stand-ups, planning sessions and technical working groups
• Work closely with developers and architects to integrate security into the software development life cycle

Application Security Assurance

• Support secure coding practices, threat modelling, and security testing across applications and APIs
• Assist in implementing and optimising automated security testing such as SAST and DAST

Risk & Control Assessments

• Conduct security reviews, risk assessments and control evaluations for new technology initiatives
• Support supplier security due diligence and privacy impact assessments where required
• Document risks and help teams define practical mitigation plans

Security Advisory

• Provide pragmatic security guidance aligned to industry best practice and regulatory expectations
• Support delivery teams in interpreting security policies and applying them in real-world scenarios

Stakeholder Engagement

• Build strong working relationships with developers, product owners, delivery managers and architects
• Promote a culture of shared security ownership across engineering and business teams

We are looking for someone who combines technical application security knowledge with strong collaboration skills and a pragmatic delivery mindset.

You may bring experience such as:

• Application security within modern development environments
• Integrating security controls into software development life cycles and CI/CD pipelines
• Security testing techniques including static and dynamic analysis
• Threat modelling and secure architecture practices
• Security risk assessments across applications, APIs and platforms
• Cloud or distributed system security concepts
• Working with development teams to embed security into engineering processes

Equally important:

• Strong communication skills with the ability to explain security risks clearly
• A collaborative approach to working with engineering teams
• A pragmatic mindset focused on enabling secure delivery
• Awareness of risk management practices within regulated environments