Job type
PermanentLocation
LondonWorking Pattern
Full-timeSpecialism
Cyber SecurityIndustry
InsurancePay
65000
Application Security Analyst
London - UK Only
Key Responsibilities
Key Responsibilities
- Support and enhance the organisation’s application security testing programme, leveraging approved enterprise tools for SAST, SCA, DAST, API security assessment, and penetration testing activities.
- Conduct manual analysis and security review activities across web, API, and internal applications to validate automated findings and uncover additional weaknesses.
- Triage, verify, and risk ‑ rank vulnerabilities, partnering with engineering and application teams to ensure findings are accurately understood and remediation actions are practical and prioritised.
- Monitor and drive remediation progress, tracking closure of vulnerabilities and supporting engineering teams with root ‑ cause analysis to reduce repeat issues.
- Contribute to secure development practices, helping to maintain secure coding standards, patterns, and reusable security controls or guardrails.
- Operate and optimise AppSec tooling within CI/CD workflows, supporting the organisation’s DevSecOps journey and enabling early, automated detection of security issues.
- Provide hands ‑ on guidance to developers, helping teams understand vulnerabilities, adopt secure patterns, and deliver applications that meet required security standards.
- Maintain comprehensive application security metrics, dashboards, and reports, ensuring technical and non ‑ technical stakeholders have clear visibility of risk, progress, and governance alignment.
Performance Objectives
- Effectively run the application security toolset (SAST, SCA, DAST, API testing) within established SDLC and CI/CD processes, ensuring vulnerabilities are accurately identified, triaged, and communicated to engineering teams.
- Strengthen collaboration with development teams, providing high ‑ quality remediation guidance and driving a measurable reduction in recurring application security weaknesses.
- Deliver clear, actionable AppSec reporting, maintaining dashboards and metrics that support governance, risk visibility, and informed decision ‑ making for technical and leadership stakeholders.
Skills and Experience Specification
Essential
- Hands ‑ on experience in Application Security, DevSecOps, or security engineering, preferably within a large or complex technical environment.
- Practical experience deploying, tuning, and operating SAST, SCA, DAST, and API security tools as part of a structured AppSec programme.
- Strong understanding of secure coding fundamentals and common software weaknesses, including the OWASP Top 10 and MITRE CWE Top 25.
- Demonstrated experience triaging, validating, and prioritising vulnerabilities, working directly with software engineers to support remediation.
- Ability to read and interpret code in at least one common programming language (e.g., C#, JavaScript, Python).
- Knowledge of CI/CD pipelines and the integration of security tooling into developer workflows (e.g., GitHub Actions, Azure DevOps).
- Strong understanding of authentication and authorisation, including OAuth, OIDC, SSO, and role ‑ based access control principles.
- Experience producing and maintaining security metrics, dashboards, or reporting to support governance and visibility.
Desirable
- Experience automating or contributing to DevSecOps tooling and pipelines, including scripting (e.g., Python, Bash).
- Knowledge of software supply chain security, dependency management practices, and artefact repositories (e.g., Artifactory).
- Exposure to cloud ‑ native and containerised environments, including AWS/Azure, Kubernetes, microservices, and API ‑ centric architectures.
