Senior Cyber Security Analyst (OWASP/SAST/DAST)
Posted 3 days ago by Salt
Negotiable
Inside
Undetermined
London, UK
Summary: The Senior Cyber Security Analyst role focuses on application security and secure architecture within a high-performing security team for a banking client. The position involves embedding security into application design and development, conducting security risk assessments, and ensuring compliance with secure-by-design principles. The analyst will collaborate with various teams to integrate security throughout the technology life cycle. This role offers the opportunity to influence security practices across complex enterprise systems.
Key Responsibilities:
- Perform application security assessments across modern enterprise platforms.
- Review application architecture and ensure alignment with secure-by-design principles.
- Embed security into the software development life cycle (SDLC).
- Support development teams in implementing secure coding practices aligned with OWASP guidelines.
- Define and review security testing activities including SAST, DAST and software composition analysis (SCA).
- Work with engineering teams to integrate security scanning into CI/CD pipelines.
- Analyse vulnerability scan results and support remediation of application security issues.
- Conduct threat modelling exercises using frameworks such as STRIDE or MITRE ATT&CK.
- Identify potential security threats, vulnerabilities and attack scenarios within applications and supporting infrastructure.
- Perform structured security risk assessments and provide remediation recommendations.
- Review application and platform architectures to ensure appropriate security controls are implemented.
- Translate high-level security policies into technical security requirements for development teams.
- Work with architects to ensure applications are built following secure architecture patterns.
- Provide security expertise to engineering teams, project managers and technology leaders.
- Support security decision-making during application design and implementation.
- Contribute to security best practices, standards and guidelines.
Key Skills:
- Strong experience in application security and secure software development including Secure Software Development Lifecycle (SSDLC).
- OWASP Top 10 and secure coding practices.
- Application security testing (SAST/DAST/SCA).
- Threat modelling methodologies (STRIDE, MITRE ATT&CK).
- Vulnerability management and remediation.
- Secure architecture and design reviews.
- DevSecOps and CI/CD security integration.
- API security and modern application architectures.
- Experience with SAST/DAST platforms, code scanning tools, CI/CD pipelines (GitHub, GitLab, Jenkins etc.), container security platforms, and cloud security tooling.
- Exposure to modern technology environments including cloud platforms (AWS, Azure or GCP), containerised platforms (Docker/Kubernetes), microservices architectures, REST APIs and modern application frameworks, and identity and access management solutions.
- 7-12+ years experience in cyber security with a strong focus on application security.
- Experience working closely with software engineering teams and performing security architecture reviews.
- Experience in DevSecOps environments.
- Strong communication skills and ability to explain security risks clearly.
- Relevant certifications may include CISSP, OSCP, CSSLP, GIAC, Security+ or similar.
Salary (Rate): £800 daily
City: London
Country: UK
Working Arrangements: undetermined
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
Detailed Description From Employer:
Senior Cyber Security Analyst (OWASP/SAST/DAST - Banking Client
Application Security | Secure Design | Threat Modelling | DevSecOps
Locations: London | Paris | Brussels | Amsterdam
Rate: Flexible
Duration: 12 months
We are looking for a Cyber Security Analyst specialising in Application Security and Secure Architecture to join a high-performing security team responsible for protecting large-scale enterprise platforms.
This role focuses on embedding security into application design and development, performing security risk assessments, and ensuring that modern applications and platforms are built following secure-by-design principles.
You will work closely with software engineers, architects, DevOps teams and security engineers to ensure security is integrated throughout the technology life cycle.
Key Responsibilities
Application Security & Secure SDLC
- Perform application security assessments across modern enterprise platforms.
- Review application architecture and ensure alignment with secure-by-design principles.
- Embed security into the software development life cycle (SDLC).
- Support development teams in implementing secure coding practices aligned with OWASP guidelines.
Security Testing & DevSecOps
- Define and review security testing activities including SAST, DAST and software composition analysis (SCA).
- Work with engineering teams to integrate security scanning into CI/CD pipelines.
- Analyse vulnerability scan results and support remediation of application security issues.
Threat Modelling & Security Risk Assessments
- Conduct threat modelling exercises using frameworks such as STRIDE or MITRE ATT&CK.
- Identify potential security threats, vulnerabilities and attack scenarios within applications and supporting infrastructure.
- Perform structured security risk assessments and provide remediation recommendations.
Security Architecture & Secure Design
- Review application and platform architectures to ensure appropriate security controls are implemented.
- Translate high-level security policies into technical security requirements for development teams.
- Work with architects to ensure applications are built following secure architecture patterns.
Security Advisory
- Provide security expertise to engineering teams, project managers and technology leaders.
- Support security decision-making during application design and implementation.
- Contribute to security best practices, standards and guidelines.
Key Technical Skills
Strong experience in application security and secure software development including:
- Secure Software Development Lifecycle (SSDLC)
- OWASP Top 10 and secure coding practices
- Application security testing (SAST/DAST/SCA)
- Threat modelling methodologies (STRIDE, MITRE ATT&CK)
- Vulnerability management and remediation
- Secure architecture and design reviews
- DevSecOps and CI/CD security integration
- API security and modern application architectures
Experience with tools such as:
- SAST/DAST platforms
- Code scanning tools
- CI/CD pipelines (GitHub, GitLab, Jenkins etc.)
- Container security platforms
- Cloud security tooling
Technology Environment
Exposure to modern technology environments including:
- Cloud platforms (AWS, Azure or GCP)
- Containerised platforms (Docker/Kubernetes)
- Microservices architectures
- REST APIs and modern application frameworks
- Identity and access management solutions
Ideal Candidate Background
- 7-12+ years experience in cyber security
- Strong focus on application security
- Experience working closely with software engineering teams
- Experience performing security architecture reviews
- Experience in DevSecOps environments
- Strong communication skills and ability to explain security risks clearly
Certifications (Optional)
Relevant certifications may include:
- CISSP
- OSCP
- CSSLP
- GIAC
- Security+ or similar
What Makes This Role Interesting
You will work in a highly technical security environment, collaborating directly with engineers and architects to secure modern platforms at scale.
This role offers the opportunity to influence secure architecture, application security practices and DevSecOps adoption across complex enterprise systems.
Please do send across to me the most up to date CV to (see below)
*Rates depend on experience and client requirements