Cyber Security Analyst -

We are supporting a leading international organisation in the search for a Senior Cyber Security Analyst to join a high-performing security engineering and assurance team.

This role is ideal for a consultant with a strong background in Application Security, DevSecOps, Secure SDLC, Threat Modelling, and Cloud Security, who can work closely with engineering teams to embed security into modern software delivery environments.

The successful consultant will operate across cloud-native platforms, CI/CD pipelines, APIs, containers, and microservices architectures, helping drive secure-by-design principles across enterprise-scale platforms., * Perform security risk assessments, secure design reviews, and threat modelling exercises for applications, APIs, and cloud platforms

• Define and implement secure-by-design principles across software engineering and DevOps teams

• Embed security controls into CI/CD pipelines using modern DevSecOps practices

• Lead and support SAST, DAST, SCA, and container security integration activities

• Conduct application and infrastructure security assessments aligned to OWASP, NIST, and industry best practices

• Work closely with development teams to triage vulnerabilities and support remediation activities

• Define security requirements for modern application architectures including:

• APIs

• Microservices

• Kubernetes / Containers

• Cloud-native platforms

Support secure architecture reviews across AWS and/or Azure environments

Collaborate with stakeholders across Security, Engineering, DevOps, Risk, and Architecture teams

Support vulnerability management, security governance, and secure delivery processes, * SonarQube

• Checkmarx
• Veracode
• Fortify
• OWASP ZAP
• Burp Suite
• Snyk
• Aqua
• Wiz
• Prisma Cloud
• Defender for Cloud
• Sentinel

• OWASP Top 10 / ASVS
• Secure coding practices
• Threat modelling (STRIDE / MITRE ATT&CK)
• Security architecture and design reviews
• Vulnerability management and remediation
• Secure Software Development Lifecycle (SSDLC)

DevSecOps & CI/CD Security

• Integration of security tooling into CI/CD pipelines

• Experience with:

• GitHub

• GitLab

• Jenkins

• Azure DevOps

Hands-on experience with:

• SAST
• DAST
• SCA
• Secrets scanning
• Container security

Cloud & Platform Security

• AWS and/or Azure security
• Kubernetes / Docker / container security
• API security
• IAM / Identity Federation / SSO
• WAF and cloud-native security tooling
• Infrastructure-as-Code security (Terraform / Checkov / tfsec), * 8-15+ years in Cyber Security
• Strong focus on Application Security and DevSecOps
• Experience working closely with engineering and platform teams
• Strong stakeholder engagement and communication skills
• Experience within regulated or enterprise environments preferred
• Financial services, government, or large-scale enterprise experience highly desirable

Certifications (desirable)

• CISSP
• SABSA
• GIAC
• ISO 27001
• Cloud security certifications (AWS / Azure)

• Contract | 12 Months | Hybrid
• 8 Days onsite per month - the rest is remote working
• Inside of IR35 must use umbrella
• £600 per day