Associate Director - Application Security in City of Westminster

Associate Director - Application Security in City of Westminster

City of Westminster Full-Time 60000 - 80000 £ / year (est.) No working from home possible
S&P Global Inc.

At a Glance

  • Tasks: Design and implement application security controls in CI/CD pipelines for secure software delivery.
  • Company: Join a forward-thinking tech company focused on innovative security solutions.
  • Benefits: Competitive salary, health coverage, flexible time off, and continuous learning opportunities.
  • Other info: Dynamic work environment with excellent career growth and family-friendly perks.
  • Why this job: Make a real impact by securing cutting-edge applications and AI technologies.
  • Qualifications: Experience in DevSecOps and strong understanding of application security concepts required.

The predicted salary is between 60000 - 80000 £ per year.

Job Overview

This role involves designing, implementing, and operating application security controls integrated into CI/CD pipelines to ensure secure software delivery by default.

Responsibilities

  • Embed automated App Sec checks across code, dependencies, builds, and deployment workflows aligned with shift‑left principles.
  • Define and maintain secure CI/CD reference architectures and patterns for enterprise cloud‑native applications.
  • Partner with engineering teams to integrate security seamlessly into developer workflows, minimizing friction and manual intervention.
  • Develop reusable pipeline templates, policy controls, and automation to scale App Sec and Dev Sec Ops practices across teams.
  • Secure pipeline infrastructure and credentials, protecting against build manipulation, secret leakage, and provenance risks.
  • Integrate CI/CD security findings with broader application and cloud security monitoring workflows.
  • Investigate and respond to application and pipeline‑related security findings, partnering with Security Operations as required.
  • Contribute to cloud security posture by aligning pipeline and application controls with cloud security best practices.
  • Embed security controls for AI/ML and Gen AI workloads within CI/CD pipelines and developer workflows.
  • Define and enforce secure usage patterns for LLMs and AI services, including prompt handling, data protection, and model access controls.
  • Implement safeguards against AI‑specific threats, including prompt injection, model poisoning, data leakage, and insecure model outputs.
  • Integrate AI security scanning and validation into build pipelines, ensuring safe model usage and dependency integrity.
  • Collaborate with engineering teams to establish secure‑by‑design AI application architectures.
  • Ensure compliance with enterprise Responsible AI policies (data privacy, bias management, model governance).
  • Secure AI‑related secrets, tokens, and API access used in pipelines and applications.
  • Monitor and respond to security risks introduced by AI/ML components, including third‑party models and APIs.
  • Contribute to AI risk governance, auditability, and traceability across the SDLC.
  • Stay current on emerging AI security threats, vulnerabilities, and regulatory expectations.
  • Author documentation, standards, and training to drive developer adoption of secure CI/CD and App Sec practices.
  • Continuously evaluate emerging application security and software supply chain threats and improve controls accordingly.

Qualifications

  • Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or equivalent experience.
  • 3–6 years of experience in Dev Sec Ops, Application Security, or Platform Security roles.
  • Strong hands‑on experience securing CI/CD pipelines using Git Hub, Jenkins, and Azure Dev Ops.
  • Solid understanding of application security concepts (secure coding, dependency risk, pipeline hardening, secrets management).
  • Foundational understanding of AI/ML and Generative AI concepts, including LLMs and model lifecycle.
  • Knowledge of AI/ML security risks such as prompt injection, data poisoning, model evasion, and data leakage.
  • Experience integrating AI or ML components into applications or pipelines (preferred hands‑on exposure).
  • Familiarity with Responsible AI principles and AI governance frameworks.
  • Experience implementing shift‑left App Sec controls in modern SDLCs.
  • Experience working in cloud environments (Azure, AWS, or GCP).
  • Proficiency with scripting or programming languages (Python, Go, Java, etc.).
  • Familiarity with containerized build and deployment models.
  • Strong understanding of software supply chain security risks.
  • Experience with policy‑as‑code and automated security governance.
  • Knowledge of Kubernetes, container security, and cloud‑native application architectures.
  • Experience integrating App Sec signals into enterprise security platforms.

Salary and Benefits

Base salary range: $125,000 to $165,000 (final base salary based on geographic location, experience, skill set, training, licenses, and certifications).

  • Health & Wellness: Health‑care coverage designed for the mind and body.
  • Flexible Downtime: Generous time off to keep you energized.
  • Continuous Learning: Access a wealth of resources to grow your career and learn new skills.
  • Invest in Your Future: Competitive pay, retirement planning, a continuing education program with a company‑matched student‑loan contribution, and financial wellness programs.
  • Family Friendly Perks: Benefits for partners and children, including best‑in‑class family benefits.
  • Beyond the Basics: Retail discounts and referral incentive awards.
  • #J-18808-Ljbffr
S&P Global Inc.

Contact Details:

S&P Global Inc. Recruitment Team

We think you need these skills to ace Associate Director - Application Security in City of Westminster

Application Security
CI/CD Pipeline Security
DevSecOps Practices
Secure Coding
Secrets Management
AI/ML Security Risks
Shift-Left AppSec Controls