Cyber Security Engineer

Summary: The Cyber Security Engineer will join the Application Security Team to enhance security automation within delivery pipelines and conduct security tests on digital services. The role involves penetration testing, vulnerability assessments, and collaboration with developers to ensure secure coding practices. The successful candidate will also provide expertise in cloud security and maintain security assurance throughout the software development lifecycle. This position is hybrid, requiring 2-3 days on-site work per week.

Key Responsibilities:

• Perform penetration testing and vulnerability assessments of web applications, APIs, and cloud infrastructure.
• Evaluate the automated security tooling into CI/CD pipelines (SAST, DAST, dependency checking, IaC etc), and make necessary recommendations.
• Collaborate with developers to remediate identified vulnerabilities and ensure secure code practices.
• Provide expert input on cloud security (AWS, Azure, or GCP) and DevSecOps tooling.
• Assist in maintaining security assurance across the SDLC in line with MoJ and NCSC guidelines.

Key Skills:

• Penetration testing, ethical hacking, or vulnerability assessments.
• Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc.).
• DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub Advanced Security, IaC scanning, etc.).
• Secure Cloud Infrastructure, specifically AWS and Azure.
• Scripting and automation using Python and Bash.
• Certifications: OSCP or CREST / TIGER Scheme.
• Strong communication skills and the ability to explain security issues to technical and non-technical stakeholders.

Salary (Rate): £700

City: London

Country: United Kingdom

Working Arrangements: hybrid

IR35 Status: inside IR35

Seniority Level: Mid-Level

Industry: IT