Cyber Security Analyst, DevSecOps

Together, we’re working to welcome millions more passengers, while ensuring aviation can continue to be a force for good by leading global efforts in sustainability. At Heathrow, you can be part of this – providing solutions that make every journey better for millions each year. That means ensuring we meet the changing needs of the passengers, colleagues and partners who use our airport to work, travel, trade, shop, eat, explore and connect. Our Solutions team covers project management, process improvement, business change, technology, cyber defence, masterplanning, infrastructure and procurement. It brings together people with the skills to deliver prestigious and often large-scale projects, from transforming terminals to making big reductions in our carbon emissions.

The Cyber Security Analyst – Secure Development is responsible for embedding secure‑by‑design and security‑by‑default principles across Heathrow’s entire software development lifecycle (SDLC). Working as part of the Cyber Security Team and reporting to the Lead Architect, Cyber Applications & AI, the role provides expert security advisory, assessment and automation capabilities to ensure security is built into code and development processes from inception rather than treated as a follow‑on activity. The role plays a key part in fostering a collaborative DevSecOps culture, enabling development teams to deliver high‑quality, secure software while maintaining pace and innovation in a complex, safety‑ and security‑critical environment.

Your role will involve:

• Secure Development & SDLC Integration: Embed secure development practices across all stages of the SDLC, from design and build through to deployment and maintenance. Ensure security requirements, patterns and controls are incorporated early into application and platform design. Promote and enable secure‑by‑design and security‑by‑default principles across the development community.
• Advisory & Assessment: Provide hands‑on security advisory support to software engineering teams, architects and product owners. Conduct security design reviews, code assessments and threat modelling activities. Assess development pipelines, tooling and environments to identify security weaknesses and improvement opportunities.
• Monitoring & Detection: Monitor development environments, repositories and pipelines for poor security practices, exposed secrets, credentials and misconfigurations. Support the identification, triage and remediation of security findings in collaboration with development teams.
• Security Automation & Tooling: Design, implement and maintain automated security checks within CI/CD pipelines, including static, dynamic and dependency scanning. Enable consistent and scalable security controls through automation, reducing manual overhead and improving developer experience. Work with platform and tooling teams to integrate security capabilities into development ecosystems.
• Collaboration & Culture: Foster a collaborative, trust‑based relationship between the Cyber Security team and the development community. Act as a security champion, influencing ways of working and promoting security awareness and ownership within engineering teams. Build strong working relationships with internal and external colleagues, partners and suppliers.
• Continuous Improvement: Stay current with emerging threats, secure coding techniques and DevSecOps best practices. Contribute to the evolution of secure development standards, patterns and guidance. Support continuous improvement of Heathrow’s application security maturity.

These Skills Are Essential:

• Minimum 3 years’ relevant technical experience in Cyber Security, application security, secure development or DevSecOps.
• Practical experience working within software development environments and modern SDLC practices.
• Proven experience working collaboratively within multi-disciplinary teams.
• Strong understanding of application security principles and common vulnerabilities (e.g., OWASP Top 10).
• Experience embedding security into SDLC and CI/CD pipelines.
• Ability to assess code, architectures and development practices from a security perspective.
• Familiarity with security tooling such as SAST, DAST, dependency scanning and secrets detection.
• Strong stakeholder engagement and relationship‑building skills.
• Ability to communicate security concepts clearly and pragmatically to technical and non‑technical audiences.
• Collaborative mindset with a focus on enablement rather than control.

Heathrow is an amazing backdrop to a career filled with unique opportunities. Every day, you’ll discover a world full of fresh possibilities and end the day buzzing with stories to tell, as you encounter people from all cultures, nationalities and experiences. A world full of pride for what we do and no end of exciting career prospects to explore. It brings out the best in all of us. And inspires everyone to deliver on our ambitious plans. Together, we’re working to welcome millions more passengers while ensuring aviation can continue to be a force for good by leading global efforts in sustainability. Join us on that journey and we’ll help you achieve your ambitions too. Supporting you to learn, encouraging you to be yourself, backing you to achieve more than you might ever have imagined. Because there’s no place like Heathrow.

Our rewards: We offer competitive salaries and excellent benefits that will support you now and in the future. As well as performance‑based annual bonuses and our longer‑term Share in Success Bonus plans, we also offer generous annual leave allowances and market‑leading pensions. With family friendly policies, access to private health insurance and a wide range of wellbeing tools, we’ll support you to be at your best inside and outside work. And of course, we’ll provide varied learning and development opportunities too. Here you’ll find everything you need for a fulfilling career journey that can take you in exciting directions.

Working Location: Our Hybrid working approach offers the opportunity for colleagues in some roles to work from home for an average of two days a week, providing the flexibility to work in an agile way whilst ensuring we deliver for the operational needs of Heathrow. Working arrangements vary from team to team and will be confirmed during the recruitment process. You’ll need to be based in the UK and within a commutable distance to Heathrow.

Sustainable Travel to work: Heathrow’s Sustainable Travel Guide sets out easy and sustainable travel options that everyone can access.

Equal Opportunities: As an equal opportunities employer, we encourage applications from all. We believe that diverse talent makes us stronger – not least because we welcome passengers from all corners of the globe, every single day. Heathrow is an accessible place to work. With five diversity networks, we champion inclusivity and celebrate individuality.