Application Security Specialist (DevOps)

Hybrid - Cambridge, UK (1 day a week in office)

We're looking for an experienced Application Security Specialist to join a growing cyber security team and play a key role in shaping a world-class application security programme.

What you'll be doing

• Guiding teams on security best practices, compliance, and secure coding.
• Collaborating with architects and developers to review designs and code for vulnerabilities.
• Embedding/improving threat modelling and secure development practices into the SDLC.
• Designing and integrating security testing plans.
• Performing and overseeing application security testing and driving remediation.
• Managing end-to-end vulnerability workflows, including bug bounty findings.
• Supporting incident response activities when needed.
• Monitoring and reporting on application security metrics, KPIs, and emerging threats.
• Automating processes for vulnerability detection and integrating tools into the pipeline.

Note: this position includes participation in an on-call rotation.

What we're looking for

• 3+ years in software engineering plus 2+ years in application security.
• Strong knowledge of OWASP, application vulnerabilities, and security testing techniques.
• Experience with secure web application development and Agile/DevOps methodologies.
• Familiarity with pen testing, bug bounty, or hacker community collaboration.
• Strong communication skills - able to influence stakeholders up to senior management.
• Self-starter with the ability to prioritise, work independently, and drive initiatives.
• Knowledge of wider IT and information security practices.

What's on offer

• Private healthcare (including dental).
• Pension contributions.
• Employee Assistance Programme & wellbeing support.
• Life insurance.
• Annual performance bonus.
• Enhanced family leave from day one.
• Flexible working hours.
• 25 days holiday + bank holidays (with buy/sell options)