Application Security Analyst

City of London
1 week ago
Create job alert

London - UK Only Please

Key Responsibilities

Support and enhance the organisation's application security testing programme, leveraging approved enterprise tools for SAST, SCA, DAST, API security assessment, and penetration testing activities.
Conduct manual analysis and security review activities across web, API, and internal applications to validate automated findings and uncover additional weaknesses.
Triage, verify, and risk‑rank vulnerabilities, partnering with engineering and application teams to ensure findings are accurately understood and remediation actions are practical and prioritised.
Monitor and drive remediation progress, tracking closure of vulnerabilities and supporting engineering teams with root‑cause analysis to reduce repeat issues.
Contribute to secure development practices, helping to maintain secure coding standards, patterns, and reusable security controls or guardrails.
Operate and optimise AppSec tooling within CI/CD workflows, supporting the organisation's DevSecOps journey and enabling early, automated detection of security issues.
Provide hands‑on guidance to developers, helping teams understand vulnerabilities, adopt secure patterns, and deliver applications that meet required security standards.
Maintain comprehensive application security metrics, dashboards, and reports, ensuring technical and non‑technical stakeholders have clear visibility of risk, progress, and governance alignment.
Performance Objectives

Effectively run the application security toolset (SAST, SCA, DAST, API testing) within established SDLC and CI/CD processes, ensuring vulnerabilities are accurately identified, triaged, and communicated to engineering teams.
Strengthen collaboration with development teams, providing high‑quality remediation guidance and driving a measurable reduction in recurring application security weaknesses.
Deliver clear, actionable AppSec reporting, maintaining dashboards and metrics that support governance, risk visibility, and informed decision‑making for technical and leadership stakeholders.
Skills and ExperienceSpecification
Essential

Hands‑on experience in Application Security, DevSecOps, or security engineering, preferably within a large or complex technical environment.
Practical experience deploying, tuning, and operating SAST, SCA, DAST, and API security tools as part of a structured AppSec programme.
Strong understanding of secure coding fundamentals and common software weaknesses, including the OWASP Top 10 and MITRE CWE Top 25.
Demonstrated experience triaging, validating, and prioritising vulnerabilities, working directly with software engineers to support remediation.
Ability to read and interpret code in at least one common programming language (e.g., C#, JavaScript, Python).
Knowledge of CI/CD pipelines and the integration of security tooling into developer workflows (e.g., GitHub Actions, Azure DevOps).
Strong understanding of authentication and authorisation, including OAuth, OIDC, SSO, and role‑based access control principles.
Experience producing and maintaining security metrics, dashboards, or reporting to support governance and visibility.
Desirable

Experience automating or contributing to DevSecOps tooling and pipelines, including scripting (e.g., Python, Bash).
Knowledge of software supply chain security, dependency management practices, and artefact repositories (e.g., Artifactory).
Exposure to cloud‑native and containerised environments, including AWS/Azure, Kubernetes, microservices, and API‑centric architectures.Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)

Related Jobs

View all jobs

Application Security Architect

Graduate Consultant

Application Support Analyst

SAP ABAP FIORI DevOps Engineer

Salesforce Developer

Senior IT Security Specialist

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Careers

How Many Cloud Computing Tools Do You Need to Know to Get a Cloud Job?

If you are aiming for a role in cloud computing, it can feel like the skills list never ends. One job advert asks for AWS, Terraform and Kubernetes. Another mentions Azure DevOps, PowerShell and ARM templates. A third throws in Docker, Python, Linux, CI/CD, monitoring tools and security frameworks. It is no surprise that many cloud job seekers feel overwhelmed before they even apply. Here is the reality most cloud hiring managers agree on: they are not hiring you because you know every cloud tool. They are hiring you because you understand cloud concepts, can design reliable systems, manage costs, keep things secure and support real workloads. Tools matter, but only when they support outcomes. So how many cloud computing tools do you actually need to know to get a job? For most roles, the answer is far fewer than you think. This article explains what employers really expect, which tools are essential, which are role-specific, and how to focus your learning so you look capable and employable rather than scattered.

Jobs

What Hiring Managers Look for First in Cloud Computing Job Applications (UK Guide)

anding a job in cloud computing can be highly competitive — especially in the UK market where demand far outpaces supply in many segments. Whether you’re aiming for roles in Cloud Engineering, DevOps, Site Reliability, Cloud Architecture, Security, Data/Analytics, or Platform Operations, hiring managers screen applications quickly and with specific priorities in mind. Hiring managers don’t read every detail at first; they scan for critical signals in the first 10–20 seconds. These early signals determine whether your CV gets read more closely, whether your LinkedIn profile gets clicked, and whether you’re invited to interview. This guide breaks down, in practical terms, exactly what hiring managers look for first in cloud computing applications — and what you should emphasise in your CV, cover letter and portfolio to stand out on www.cloudcomputingjobs.co.uk .

Education

The Skills Gap in Cloud Computing Jobs: What Universities Aren’t Teaching

Cloud computing underpins almost every modern digital service. From financial systems and healthcare platforms to AI, e-commerce, government infrastructure and cybersecurity, the cloud is now the default operating environment for UK organisations. Demand for cloud professionals has grown rapidly, with roles spanning architecture, engineering, security, DevOps, platform operations and cost optimisation. Salaries remain high, and vacancies remain stubbornly difficult to fill. Yet despite a growing number of graduates with computer science, IT and software engineering degrees, employers across the UK report a persistent problem: Too many candidates are not job-ready for real cloud computing roles. This is not a question of intelligence or motivation. It is a structural skills gap between what universities teach and what cloud jobs actually require. This article explores that gap in depth: what universities do well, what they consistently miss, why the gap exists, what employers genuinely want, and how jobseekers can bridge the divide to build sustainable careers in cloud computing.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.