Key skills
CloudJavaScriptPythonSDLCSQLC#CCI/CDCommunicationSnykOWASP
About this role
Role Overview
- Collaborate with development teams to create and maintain application threat models (e.g., STRIDE, DREAD).
- Identify and document application-specific risks; propose effective countermeasures.
- Integrate and operate application vulnerability scanning tools (e.g., Sonar Cloud, Snyk, OWASP ZAP, Burp Suite, Tenable WAS) within CI/CD pipelines.
- Interpret vulnerability reports, prioritise remediation based on risk, and track resolution with development teams.
- Promote awareness of common application vulnerabilities (e.g., SQL injection, XSS, CSRF) and mitigation strategies (OWASP Top 10, ASVS, MASVS).
- Support development teams in adopting secure coding standards, including static analysis tools, code reviews, and automated linting.
- Plan, execute, and manage Static, Dynamic, Mobile, and Interactive Application Security Testing (SAST, DAST, MAST, IAST).
- Embed security testing into CI/CD pipelines for continuous, automated validation.
- Simulate real-world attack scenarios to identify weaknesses in application logic and implementation.
- Develop and maintain scripts, tools, and processes to automate application security testing.
- Produce clear, actionable security testing reports for technical and non-technical stakeholders.
- Maintain comprehensive documentation of testing methodologies, findings, and remediation guidance.
- Work closely with software engineers, QA, and product teams to embed security best practices.
- Deliver training and awareness sessions on application security testing techniques and secure development.
Requirements
- 3-5+ years of hands-on experience in application security testing
- Strong knowledge of SAST, DAST, MAST, and IAST tools and methodologies.
- Familiarity with secure SDLC and Application DevSecOps practices.
- Experience integrating application security testing into CI/CD pipelines.
- Good understanding of common application vulnerabilities and mitigation strategies (OWASP Top 10, ASVS, MASVS).
- Proficiency in at least one programming or scripting language (e.g., Python, JavaScript, C#).
- Strong analytical, problem-solving, and troubleshooting skills.
- Excellent communication and teamwork abilities.
- Experience in producing clear, concise technical documentation and security reports.
- Commitment to continuous learning and keeping up with evolving application security threats and technologies.
Nice to have:
- CREST Certified Web Application Tester
- Bachelor’s degree in Software Engineering
Tech Stack
- Cloud
- JavaScript
- Python
- SDLC
- SQL
Benefits
- Company Bonus Scheme
- Matched pension contributions up to 8.5%
- 26 days annual leave + 2 Life Days (and bank holidays)
- Single Private Health Cover
- Complimentary Private Medical
- Income Protection
- Flexible Benefits – EV Scheme, Money Coach, Will Writing, Mortgage Advice, Dental and Eye Care Schemes.
- Enhanced Family Leave (Maternity, Paternity, Adoption)
- Wellness Allowance £500
- Employee Assistance Programme
- Discounted Health Assessments
- Volunteering Days
- Matched Funding