At a Glance
- Tasks: Join a top-tier team to secure applications and cloud platforms with innovative security practices.
- Company: Leading international organisation focused on cutting-edge cyber security solutions.
- Benefits: Competitive daily rate, hybrid working model, and opportunities for professional growth.
- Other info: Collaborative environment with a focus on secure design and threat modelling.
- Why this job: Make a real impact in securing modern software delivery environments and cloud-native platforms.
- Qualifications: 8-15+ years in Cyber Security with strong Application Security and DevSecOps experience.
We are supporting a leading international organisation in the search for a Senior Cyber Security Analyst to join a high-performing security engineering and assurance team. This role is ideal for a consultant with a strong background in Application Security, DevSecOps, Secure SDLC, Threat Modelling, and Cloud Security, who can work closely with engineering teams to embed security into modern software delivery environments. The successful consultant will operate across cloud-native platforms, CI/CD pipelines, APIs, containers, and microservices architectures, helping drive secure‑by‑design principles across enterprise‑scale platforms.
Key Responsibilities
- Perform security risk assessments, secure design reviews, and threat modelling exercises for applications, APIs, and cloud platforms.
- Define and implement secure‑by‑design principles across software engineering and DevOps teams.
- Embed security controls into CI/CD pipelines using modern DevSecOps practices.
- Lead and support SAST, DAST, SCA, and container security integration activities.
- Conduct application and infrastructure security assessments aligned to OWASP, NIST, and industry best practices.
- Work closely with development teams to triage vulnerabilities and support remediation activities.
- Define security requirements for modern application architectures including: APIs, Microservices, Kubernetes / Containers, Cloud‑native platforms.
- Support secure architecture reviews across AWS and/or Azure environments.
- Collaborate with stakeholders across Security, Engineering, DevOps, Risk, and Architecture teams.
- Support vulnerability management, security governance, and secure delivery processes.
Required Skills & Experience
We are looking for consultants with strong experience across several of the following areas:
- Application Security & Secure SDLC
- OWASP Top 10 / ASVS
- Secure coding practices
- Threat modelling (STRIDE / MITRE ATT&CK)
- Security architecture and design reviews
- Vulnerability management and remediation
- Secure Software Development Lifecycle (SSDLC)
- DevSecOps & CI/CD Security
- Integration of security tooling into CI/CD pipelines
- Experience with: GitHub, GitLab, Jenkins, Azure DevOps
- Hands‑on experience with: SAST, DAST, SCA, Secrets scanning, Container security
- Cloud & Platform Security
- AWS and/or Azure security
- Kubernetes / Docker / container security
- API security
- IAM / Identity Federation / SSO
- WAF and cloud‑native security tooling
- Infrastructure‑as‑Code security (Terraform / Checkov / tfsec)
- Security Tooling
- SonarQube, Checkmarx, Veracode, Fortify, OWASP ZAP, Burp Suite, Snyk, Aqua, Wiz, Prisma Cloud Defender for Cloud, Sentinel
Ideal Background
- 8‑15+ years in Cyber Security
- Strong focus on Application Security and DevSecOps
- Experience working closely with engineering and platform teams
- Strong stakeholder engagement and communication skills
- Experience within regulated or enterprise environments preferred
- Financial services, government, or large‑scale enterprise experience highly desirable
Certifications (desirable)
- CISSP
- SABSA
- GIAC
- ISO 27001
- Cloud security certifications (AWS / Azure)
Cyber Security Analyst - employer: Xpand Group
Join a leading international organisation as a Senior Cyber Security Analyst in London, where you will be part of a high-performing security engineering and assurance team. Enjoy a hybrid working model that promotes work-life balance, alongside competitive daily rates and opportunities for professional growth in a dynamic environment focused on secure software delivery. With a strong emphasis on collaboration and innovation, this role offers the chance to make a meaningful impact in the field of cyber security while working with cutting-edge technologies.
StudySmarter Expert Advice🤫
We think this is how you could land Cyber Security Analyst -
✨Network Like a Pro
Get out there and connect with people in the industry! Attend meetups, webinars, or even local events. The more you engage with others, the better your chances of landing that dream role.
✨Show Off Your Skills
Don’t just talk about your experience; demonstrate it! Create a portfolio showcasing your projects, especially those related to Application Security and DevSecOps. This will give potential employers a clear view of what you can bring to the table.
✨Ace the Interview
Prepare for common interview questions but also be ready for technical challenges. Brush up on your knowledge of SAST, DAST, and secure coding practices. Show them you’re not just a candidate, but the right fit for their team!
✨Apply Through Us!
We’ve got your back! Check out our website for the latest job openings and apply directly. It’s a great way to get noticed and streamline your application process.
We think you need these skills to ace Cyber Security Analyst -
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the role of Senior Cyber Security Analyst. Highlight your experience in Application Security, DevSecOps, and any relevant tools you've used. We want to see how your skills match what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about cyber security and how your background makes you a perfect fit for our team. Keep it concise but impactful – we love a good story!
Showcase Relevant Projects:If you've worked on projects that align with the responsibilities listed in the job description, make sure to mention them. We want to see your hands-on experience with SAST, DAST, and secure design principles. It’s all about demonstrating your expertise!
Apply Through Our Website:We encourage you to apply through our website for a smoother application process. It helps us keep track of your application and ensures you don’t miss out on any important updates. Plus, it’s super easy!
How to prepare for a job interview at Xpand Group
✨Know Your Stuff
Make sure you brush up on your knowledge of Application Security, DevSecOps, and Secure SDLC. Be ready to discuss specific tools like SAST, DAST, and how they fit into CI/CD pipelines. The more you can demonstrate your expertise, the better!
✨Showcase Your Experience
Prepare to share concrete examples from your past roles where you've successfully implemented secure design principles or conducted threat modelling. Use the STAR method (Situation, Task, Action, Result) to structure your answers and make them impactful.
✨Engage with the Team
Since this role involves collaboration with various teams, be prepared to discuss how you've worked with engineering and DevOps teams in the past. Highlight your communication skills and how you’ve managed stakeholder engagement effectively.
✨Ask Smart Questions
At the end of the interview, don’t forget to ask insightful questions about their security practices, team dynamics, or upcoming projects. This shows your genuine interest in the role and helps you assess if it’s the right fit for you.
