Senior Cyber Security Analyst (OWASP / SAST /DAST ) in London

We are looking for a Cyber Security Analyst specialising in Application Security and Secure Architecture to join a high-performing security team responsible for protecting large-scale enterprise platforms. This role focuses on embedding security into application design and development, performing security risk assessments, and ensuring that modern applications and platforms are built following secure-by-design principles. You will work closely with software engineers, architects, DevOps teams and security engineers to ensure security is integrated throughout the technology lifecycle.

Key Responsibilities

• Application Security & Secure SDLC – Perform application security assessments across modern enterprise platforms, review application architecture and ensure alignment with secure-by-design principles, embed security into the software development lifecycle (SDLC), support development teams in implementing secure coding practices aligned with OWASP guidelines.
• Security Testing & DevSecOps – Define and review security testing activities including SAST, DAST and software composition analysis (SCA), work with engineering teams to integrate security scanning into CI/CD pipelines, analyse vulnerability scan results and support remediation of application security issues.
• Threat Modelling & Security Risk Assessments – Conduct threat modelling exercises using frameworks such as STRIDE or MITRE ATT&CK, identify potential security threats, vulnerabilities and attack scenarios within applications and supporting infrastructure, perform structured security risk assessments and provide remediation recommendations.
• Security Architecture & Secure Design – Review application and platform architectures to ensure appropriate security controls are implemented, translate high-level security policies into technical security requirements for development teams, work with architects to ensure applications are built following secure architecture patterns.
• Security Advisory – Provide security expertise to engineering teams, project managers and technology leaders, support security decision-making during application design and implementation, contribute to security best practices, standards and guidelines.

Key Technical Skills

• Strong experience in application security and secure software development including Secure Software Development Lifecycle (SSDLC) OWASP Top 10 and secure coding practices
• Application security testing (SAST / DAST / SCA)
• Threat modelling methodologies (STRIDE, MITRE ATT&CK)
• Vulnerability management and remediation
• Secure architecture and design reviews
• DevSecOps and CI/CD security integration
• API security and modern application architectures

Experience with Tools

• SAST / DAST platforms
• Code scanning tools
• CI/CD pipelines (GitHub, GitLab, Jenkins etc.)
• Container security platforms
• Cloud security tooling

Technology Environment

• Cloud platforms (AWS, Azure or GCP)
• Containerised platforms (Docker / Kubernetes)
• Microservices architectures
• REST APIs and modern application frameworks
• Identity and access management solutions

Ideal Candidate Background

• 7-12+ years experience in cyber security, strong focus on application security, experience working closely with software engineering teams, experience performing security architecture reviews, experience in DevSecOps environments, strong communication skills and ability to explain security risks clearly.

Certifications (Optional)

• Relevant certifications may include: CISSP, OSCP, CSSLP, GIAC, Security+ or similar.

What Makes This Role Interesting

You will work in a highly technical security environment, collaborating directly with engineers and architects to secure modern platforms at scale. This role offers the opportunity to influence secure architecture, application security practices and DevSecOps adoption across complex enterprise systems.