Information Security Specialist

Our client is a global, technology-led organisation operating at significant scale, with thousands of developers building entirely in-house systems that power a high-volume, always-on digital platform. Their Application Security team sits at the heart of this environment, working closely with engineering teams to ensure secure-by-design development across a complex, fast-moving estate.

The team is evolving rapidly, shifting away from manual, reactive security processes towards more automated, tooling-led and developer-focused approaches. This role offers the chance to work on genuinely challenging application security problems, with real autonomy to influence how security is embedded across the software lifecycle.

How you'll spend your day

You'll join a specialist Application Security team, focused on securing internally built web applications used across the business. Working closely with developers, you'll help identify vulnerabilities early, improve secure coding practices, and evolve the team's tooling and automation capabilities.

Key responsibilities include:

• Performing application security assessments and web application penetration testing
• Reviewing code to identify security vulnerabilities and advising developers on remediation
• Building, improving and maintaining security tooling for automated code review and DevSecOps workflows
• Supporting the transition from manual security processes to more automated, scalable solutions
• Working closely with development teams to embed security into CI/CD pipelines
• Providing clear, practical security guidance to a large, fast-moving developer community
• Contributing ideas to improve how application security is delivered across the organisation, Should we both wish to proceed, we will submit your details to the client and be in touch regarding the outcome and any further steps.

• Strong experience in application security, with a focus on web applications rather than infrastructure
• A development background or strong coding skills (e.g. Golang, Python, .NET) with the ability to review and understand code
• Hands-on experience with web application penetration testing tools (e.g. Burp Suite)
• Experience building or enhancing security automation tooling (DevSecOps)
• Solid knowledge of Linux, containers (Docker), and modern CI/CD platforms (GitLab / GitHub)
• The ability to communicate effectively with developers and influence secure coding practices
• A proactive, creative mindset and comfort working in a fast-paced, engineering-led environment

Desirable (but not essential):

• Certifications such as OSCP, OSWE or DevSecOps
• Experience transitioning security teams towards automation-first approaches, * Application Security
• Python
• .Net
• Golang
• CI/CD
• DevSecOps

• Performance-Based Bonus
• Annual bonus paid in two instalments (April & September), based on company and personal performance.
• Pension Scheme
• Employer-matched contributions of up to 7.5%.
• Hybrid Working
• Minimum 2 days per week in the office, with flexibility on which days.
• Flexible Working Hours
• 40-hour workweek with flexibility in how hours are structured.
• Generous Annual Leave
• 25 days holiday + your birthday off, plus bank holidays. Option to buy or sell up to 5 additional days.
• Free Gym Membership
• Available to all employees.
• No Visa Sponsorship Available for this role.