Application Security Analyst

4768954

View Saved Jobs

Save Job

Job type
Permanent
Location
London
Working Pattern
Full-time
Specialism
Cyber Security
Industry
Insurance
Pay
65000

Share Job

Application Security Analyst

London - UK Only

Key Responsibilities

Support and enhance the organisation’s application security testing programme, leveraging approved enterprise tools for SAST, SCA, DAST, API security assessment, and penetration testing activities.
Conduct manual analysis and security review activities across web, API, and internal applications to validate automated findings and uncover additional weaknesses.
Triage, verify, and risk ‑ rank vulnerabilities, partnering with engineering and application teams to ensure findings are accurately understood and remediation actions are practical and prioritised.
Monitor and drive remediation progress, tracking closure of vulnerabilities and supporting engineering teams with root ‑ cause analysis to reduce repeat issues.
Contribute to secure development practices, helping to maintain secure coding standards, patterns, and reusable security controls or guardrails.
Operate and optimise AppSec tooling within CI/CD workflows, supporting the organisation’s DevSecOps journey and enabling early, automated detection of security issues.
Provide hands ‑ on guidance to developers, helping teams understand vulnerabilities, adopt secure patterns, and deliver applications that meet required security standards.
Maintain comprehensive application security metrics, dashboards, and reports, ensuring technical and non ‑ technical stakeholders have clear visibility of risk, progress, and governance alignment.

Performance Objectives

Effectively run the application security toolset (SAST, SCA, DAST, API testing) within established SDLC and CI/CD processes, ensuring vulnerabilities are accurately identified, triaged, and communicated to engineering teams.
Strengthen collaboration with development teams, providing high ‑ quality remediation guidance and driving a measurable reduction in recurring application security weaknesses.
Deliver clear, actionable AppSec reporting, maintaining dashboards and metrics that support governance, risk visibility, and informed decision ‑ making for technical and leadership stakeholders.

Skills and Experience Specification

Essential

Hands ‑ on experience in Application Security, DevSecOps, or security engineering, preferably within a large or complex technical environment.
Practical experience deploying, tuning, and operating SAST, SCA, DAST, and API security tools as part of a structured AppSec programme.
Strong understanding of secure coding fundamentals and common software weaknesses, including the OWASP Top 10 and MITRE CWE Top 25.
Demonstrated experience triaging, validating, and prioritising vulnerabilities, working directly with software engineers to support remediation.
Ability to read and interpret code in at least one common programming language (e.g., C#, JavaScript, Python).
Knowledge of CI/CD pipelines and the integration of security tooling into developer workflows (e.g., GitHub Actions, Azure DevOps).
Strong understanding of authentication and authorisation, including OAuth, OIDC, SSO, and role ‑ based access control principles.
Experience producing and maintaining security metrics, dashboards, or reporting to support governance and visibility.

Desirable

Experience automating or contributing to DevSecOps tooling and pipelines, including scripting (e.g., Python, Bash).
Knowledge of software supply chain security, dependency management practices, and artefact repositories (e.g., Artifactory).
Exposure to cloud ‑ native and containerised environments, including AWS/Azure, Kubernetes, microservices, and API ‑ centric architectures.

Apply through LinkedIn

Talk to James Francis, the specialist consultant managing this position

Located in London-City, 5th Floor, 107 Cheapside, Telephone 02034650094

Click here to access our Privacy Policy, which provides detailed information on how we use and protect your personal information, and your rights in relation to this.