Application Security Team Lead

On site

Edinburgh, United Kingdom

Full Time

27-02-2025

Share this job:

Score my CV Apply

Job Specifications

About The Role
Reporting to the Cyber Security Technical Manager, you will lead a team of Application Security Specialists dedicated to embedding security across all stages of the application development lifecycle. In this role, you will oversee team activities, mentor team members, and work directly with digital product teams and stakeholders to enhance the organisation’s cyber resilience. Your leadership will ensure secure design, development, and delivery of applications aligned with business goals while adhering to best practices in application security.

This is a technical, hands-on role that involves managing the implementation of application security controls, performing security assessments, and supporting the design and deployment of secure application solutions.

About You
This role is ideal for someone who would describe themselves as being passionate about the cyber / technical security aspects of application development, protecting customer data and ensuring cyber resiliency.

The ideal candidate will have a background in hands-on secure software development or application security testing, or demonstrable experience of working with development teams on security-related topics. You will also be a strong communicator, able to influence teams and programme stakeholders at various levels. The candidate will also have an understanding around the concept of “shift left” with regards to secure development practices and tooling, giving teams access to early feedback on their work.
Knowledge of modern development practices and tools, including agile methodology, is vital.

The candidate will be familiar with technologies such as Java, Spring Boot, as well as React and Node.

Experience / knowledge of the OWASP top ten, OWASP application security verification standard and threat modelling are critical, as well as a good knowledge of utilising security tooling.

Minimum Criteria
Experience in a hands-on Cyber Security focused role, primarily in the application security domain. Alternatively, candidates with considerable experience in a hands-on application development role with a demonstratable level of cyber security knowledge and its application within a development environment would be considered.

About The Company
Motability Operations is a unique organisation, virtually one of a kind. We combine a strong sense of purpose with a real commercial edge to ensure we provide the best possible worry-free mobility solutions to over 800,000 customers and their families across the UK. Customers exchange their higher rate mobility allowance to lease a range of affordable vehicles (cars, wheelchair accessible vehicles, scooters, and powered wheelchairs) with insurance, maintenance and breakdown assistance included. We are the largest car fleet operator in the UK (purchasing around 10% of all the new cars sold in the UK) and work with a network of around 5,000 car dealers and all the major manufacturers. We pride ourselves on delivering outstanding customer service, achieving an independently verified customer satisfaction rating of 9.8 out of 10.

Our Values Are At The Heart Of Everything We Do. They Represent Ambition, And We Look For Our People To Live And Breathe Them Every Day
We find solutions
We drive change
We care

We operate hybrid working across the organisation where we split our time between working on-site at our offices, and at home, remotely within the UK. We believe hybrid working achieves a good work/life balance for our colleagues, allowing us to connect with each other, collaborate on important work, and perform together to deliver for our customers. It allows us to have the flexibility to work remotely up to 2-days per week whilst also using the great office spaces we have available.

As a Motability Operations team member, the benefits you can expect are:
Competitive reward package including an annual discretionary bonus
15% non-contributory pension (9% non-contributory pension during probation period)
28 days annual leave with option to purchase and sell days
Free fresh fruit and snacks in the office
1 day for volunteering
Funded Private Medical Insurance cover
Electric/Hybrid Car Salary Sacrifice Scheme and Cycle to Work Scheme
Life assurance at 4 times your basic salary to give you a peace of mind that your loved ones will receive some financial help
Funded health screening for over 50s
Voluntary benefits: charitable giving, critical illness insurance, dental insurance, health and cancer screenings for you and your partner, discounted gym memberships and season ticket loans
Employee Discount Scheme with an app to save on the go
Free access to healthcare apps such as Peppy, Unmind, Aviva Digital GP and volunteering app on Hand for all employees
Generous family leave policies

At Motability Operations, we believe in building a diverse workforce, where our people are empowered to attend work as their true selves, and we encourage people from all backgrounds to apply. We want to sustain a culture that nurtures, where employees are free to flourish and where they’re rewarded equally, regardless of race, nationality or ethnic origin, sexual orientation, age, disability, or gender.

We pride ourselves on being an inclusive employer and as such, all our offices provide first rate disability access. With our hybrid working environment, we do our best to accommodate part-time and flexible working requests where possible, building on our culture of trust, empowerment, and flexibility.

About the Company

We are Motability Operations, the organisation that delivers the Motability Scheme to over 800,000 disabled people across the UK. Our purpose is to deliver smart, sustainable solutions that advance our customers’ mobility in a fast-changing world. Since we were founded 45 years ago, we have grown to be the largest leasing company in the UK, providing over five million customers with affordable transport solutions which empower them to move around on their own terms. As well as leasing cars, wheelchair accessible vehicles, ... Know more

Related Jobs

Company Name: TieTalent
Job Title: Cyber Security Assurance Tester and IR Specialist
Job Description: About Six Degrees is a leading secure, integrated cloud services provider, where everyone is welcome. We believe success lies in harnessing a truly diverse and inclusive culture. Our business protects UK organisations with the goal of enabling them to operate effectively and securely in the cloud, by giving them secure platforms to innovate and grow. We support our customers on their digital transformation journey regardless of their maturity. Our vision is to be the UK’s number one provider of secure, integrated cloud services to the small to mid-size market. Our Cyber Security Assurance team are one of the most experienced and highly qualified teams of penetration testers in the UK. Also experts in forensics, the team is responsible for testing 1000’s of applications, systems, environments and devices every year. The team routinely research vulnerabilities, compile threat intelligence and assist clients in shoring-up their data security. The Internal Penetration Testing & Incident Response Specialist will be a key member of the Cyber Security Assurance team, responsible for proactively identifying, assessing, and mitigating security risks internally within the organisation. They will work under general supervision, handling both internal penetration testing activities and aiding incident response operations for both external clients as well as internal operations. The role requires a methodical and analytical approach to security testing, as well as the ability to act decisively in response to security incidents. They will act as a subject matter expert for internal penetration testing and threat response, applying appropriate tools, techniques, and methodologies in accordance with relevant standards and legislation. They will work on complex and non-routine testing scenarios, providing actionable insights to improve the organisation’s security posture. The role requires close collaboration with internal teams, supporting security investigations, incident handling, and threat mitigation efforts. The Cyber Security Assurance Tester and IR Specialist will need to have experience in running common penetration testing types and being able to manage complex incidents that may malware reversing, forensics and log analysis. You will need be certified with the following certificates such as Cyber Scheme Team Member, CREST Registered Tester, CREST (CPIA), Intrusion Analyst (CRIA), CREST Certified Incident Manager (CCIM) In the context of a broader security initiative, this role will serve as the internal component of the client-facing penetration testing team, reporting to senior management. Exceptional communication skills are crucial, as the individual will be responsible for producing clear and professional written reports, technical evaluations, and briefings for key stakeholders. Regular collaboration with internal teams will be necessary, necessitating the ability to convey technical findings in a manner that highlights their business implications. The individual will also focus on enhancing their knowledge in penetration testing, threat intelligence, and incident response, ensuring that testing methodologies and response strategies are in line with industry best practices. This position is ideal for a security professional who is proactive and adaptable, capable of integrating offensive security testing with swift responses to cyber threats within the organization. Our Benefits In return for the passion our people bring to everything they do, we want them to enjoy a range of benefits that enrich their lives. We are a Real Living Wage employer, and through our additional employee benefits we feel we’ve got something that will help everybody live their best life. We recognise the immense joy and significance of family leave for our employees, which is why Six Degrees provide an enhanced maternity and paternity leave package. We’re also keen to support people with flexible working, so everyone can have the personal time they need whilst still doing great work here at Six Degrees. We have some fantastic benefits on offer, with everyone being given Private Medical Insurance, Life Assurance, a matched pension scheme and 25 days holiday and as a happy birthday from Six Degrees, all employees get a day off for their Birthday. Throughout the business, our people have a causes and initiatives that they support and that is close to their heart. That’s why we give everyone the chance to volunteer one day year in addition to annual leave to make a difference. What is more, we also make a contribution to any additional benefits you may wish to choose. Every Six Degrees employee has instant access to private medical care is available, as well as mental health and employee wellbeing support 24/7. Whether it’s a wellness benefit, such as gym benefits, fitness programmes and genetics wellness testing to our life benefits with discounted rates on travel, critical illness and dental insurance. We also provide discounts on well-known brands, in restaurants, supermarkets, the list goes on! Our Recruitment Process At Six Degrees, we prioritise efficiency in our recruitment process, as we believe it is essential for you to connect with potential colleagues and have a positive candidate experience. Our team will thoroughly evaluate all applications, and if your qualifications align with our needs, our Talent Acquisition team will reach out to schedule a call. If all goes well, you will be invited to participate in an interview with your prospective line manager and team members, where you will discuss your suitability for the position and learn more about Six Degrees. For certain critical roles, we may conduct a second and final interview, which could include a task specific to the role. Following the completion of the assessment process, we look forward to welcoming you to the Six Degrees family Nice-to-have skills Penetration Testing City of London, England Work experience Pentester Security Analyst Languages English

London, United Kingdom

On site

Full Time

03-03-2025

Company Name: Tesco
Job Title: Principal Enterprise Security Architect
Job Description: What’s in it for you We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more! Annual bonus scheme of up to 45% of base salary Car Cash Allowance Holiday starting at 25 days plus a personal day (plus Bank holidays) Private medical insurance Retirement savings plan - save between 6% - 10% and Tesco will contribute 1.5 times this amount 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave About The Role Here at Tesco Cyber, we are seeking a highly skilled and experienced Enterprise Security Architect, who will be responsible for ensuring that all enterprise-built platforms and solutions align with our existing security framework and industry standards. This role requires a deep understanding of security principles, technologies, and best practices to protect our information assets and ensure compliance with regulatory requirements. The focus will be on collaborating with key stakeholders across various domains to enable our technology colleagues to work efficiently and manage their environments effectively. You will perform comprehensive risk assessments, develop strategies to mitigate threats, and ensure alignment with organizational security principles and best practices. You will be responsible for Design and implement robust security architectures for enterprise-wide capabilities, which our technology teams rely on regularly to operate their services and perform their day-to-day tasks efficiently, addressing identified threats and vulnerabilities. Conduct thorough risk assessments for new systems and existing environments, reviewing their designs and architectures to ensure they meet modern security requirements, identifying security risks, and recommending mitigation strategies. Influence and guide other teams to implement security solutions by collaborating across functions to integrate security principles and ensure systems align with business needs. Ensure all enterprise-built platforms align with our existing security framework and industry standards, while collaborating with other enabling and architecture teams to integrate security into all aspects of the organization's operations. Evaluate and enhance security processes to improve their efficiency and comprehensiveness. Continuously monitor and respond to emerging security trends and threats to workplace environments, virtualization technologies, and databases. Develop and maintain security architecture documentation, including policies, diagrams, and procedural guides. Act as an SME and advise on the security of the M365 platform, workplace solutions, and infrastructure control plane capabilities such as virtualization layers (VMWare). Lead and participate in internal technology initiatives to implement secure enterprise systems, ensuring alignment with security frameworks and organizational goals to enhance security posture. You will need Soft Skills Proven leadership experience as a technical individual contributor in complex organizations. Analytical mindset with a proactive approach to identifying and solving security challenges. Strong communication and interpersonal skills to articulate complex security concepts to diverse audiences. Ability to work collaboratively with cross-functional teams while managing multiple initiatives. Demonstrated curiosity and flexibility in applying knowledge and advice. Technical Skills Demonstrable experience and expertise in designing, implementing, and applying balanced controls from security frameworks such as NIST, CIS, ISO 27001, and MITRE. Expertise in security controls and best practices for cloud-based workplace environments. Proficiency in Microsoft 365 security, compliance capabilities, identity and access management, and threat protection, including Microsoft Defender, Microsoft Entra, and Microsoft Purview. Expertise with virtualization platforms, ideally on VMware security solutions, including VMware NSX, VMware Carbon Black Cloud, and Horizon. Familiarity with virtualization security best practices and endpoint security. Proficiency in securing databases (e.g., SQL, NoSQL), with a focus on encryption, authentication, and monitoring solutions. Proficiency in risk analysis, security controls management planning, and disaster recovery planning. Experience with security technologies such as firewalls, intrusion detection/prevention systems, and encryption. Qualifications & Experience Strong knowledge of security frameworks and standards (e.g., NIST, ISO 27001). Bachelor's degree in Computer Science, Information Technology, or a related field. Minimum of 10 years of experience in information security, with at least 5 years in a security architecture role. Professional certifications such as SABSA, CISSP, CISM, or TOGAF are highly desirable. Professional certifications in risk management such as CRISC are desirable.

Farringdon, United Kingdom

On site

Full Time

26-02-2025

Company Name: Morgan Stanley
Job Title: Lead Application Security Engineer - VP
Job Description: JR000996 Glasgow Morgan Stanley is looking for a motivated Engineering lead to join the Cybersecurity department, who will be charged with enabling security controls in the CI/CD pipelines by rolling out SAST, SCA or DAST tools with a significant impact to the development community and to the security posture of firm’s applications. In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Software Engineering Manager position at VP, P5 level, which is part of the job family responsible for developing and maintaining software solutions that support business needs. Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals. Interested in joining a team that's eager to create, innovate and make an impact on the world? Read on. What You’ll Do Work with a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications. Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes. Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc. With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines. Support security standards, create templates and patterns to increase the efficiency and adoption of security program. Work with our partners to implement, manage, and optimizing security measures within our GitHub repositories and pipelines to continuously improve code security and protect against vulnerabilities. These Skills Will Help You Succeed In This Role Bachelor’s degree with 10+ years of work experience in the IT field 3+ years software development experience using Python, Java or JavaScript 3+ years of cumulative experience across the following: OWASP Secure Coding Practices Common software and web application security vulnerabilities Application security scanning tools Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins) Even Better If You Have A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field Business acumen to support the implementation of SAST, DAST, SCA, Container Security, API Security and IaC tools across the enterprise Ability to perform code reviews with minimal assistance A self-starter, with a strong desire for learning new technologies and applying them to solve problems Expertise in monitoring, alerting, reporting, data analysis is desired. Experience with two or more of the application build environments like Jenkins, Gradle, Maven. Familiarity with public cloud services a plus Experience with two or more of the Secure SDLC tools like Github Advanced Security, Snyk, WhiteSource, Sonatype, X-Ray, Wiz. Experience with Threat Analysis. Experience with DevSecOps, Secure SDLC. DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus Experience with evaluation, integration and onboard of application security tools is a plus What You Can Expect From Morgan Stanley We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 85 years. At our foundation are five core values — putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back — that guide our more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find trusted colleagues, committed mentors and a culture that values diverse perspectives, individual intellect and cross-collaboration. We Firm is differentiated by the caliber of our diverse team. While our company culture and commitment to inclusion define our legacy and shape our future, helping to strengthen our business and bring value to clients around the world. Learn more about how we put this commitment to action: morganstanley.com/diversity. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. We're committed to bringing passion and customer focus to the business. Certified Persons Regulatory Requirements If t his role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks. Flexible work statement Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more. Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.

Glasgow, United Kingdom

On site

Full Time

26-02-2025

Company Name: Telefónica Tech
Job Title: Information Security Analyst – Level 3
Job Description: Company Description Telefónica Tech is a leading provider of innovative tech services for the B2B market with a worldwide presence and strategic hubs in Spain, Brazil, UK and Germany. The company helps leading brands and organisations across the UK and Ireland unlock the power of integrated technology for all businesses, bringing together in one place a unique combination of, the best people, with the best tech and the best platforms in a simplified manner, to make a real difference to every business, every day. We have an end-to-end portfolio of market leading services and develops integrated technology solutions to accelerate tech adoption through its two core divisions of Tech Cyber security & Cloud and Tech Intelligence of Things. The company has a diverse, highly trained and globally located talent pool of over 2000 employees and serves more than 5.5m customers every day with a service reach in 175 countries. Its dynamic partner ecosystem includes over 300 cutting edge businesses, as well as strategic agreements with all market leaders. Job Description This is a full-time role for a Level 3 Information Security Analyst to join a mature managed services Cyber team who manage the security posture of critical infrastructure and services under an ISO27001 and Cyber Essentials + certified managed service environment. You will be responsible for conducting Adversary Emulation which include penetration tests as well as red-teaming exercises for health care enterprises. This is a technical, hands-on role, and the successful candidate will be responsible for showcasing how an adversary can take advantage of vulnerable systems in an organization to get initial access to enterprise assets and then move laterally to widen the impact. They will also be responsible for providing very specific guidance to mitigate these security gaps/mis-configs/vulnerabilities. The successful candidate will be responsible for conducting Adversary emulation on various enterprise environments including but not limited to On-prem Infrastructure, Cloud, Web Apps, Non-Web Apps, IOT, Mobile Apps and Devices, Scada environments, etc. Skills & Experience: Extensive experience in conducting penetration tests for Applications, IT Infrastructure Services, Cloud, IOT, Scada, Network devices, Mobile Platforms, Hardware appliances, etc. Experience in planning and executing Whitebox, Blackbox, and Greybox penetration testing. Experience in planning and executing red teaming exercises including general reconnaissance, social engineering, breach simulations etc. Experience in conducting automated as well as manual penetration tests. Experience in conducting manual config reviews for Network devices, Servers, IOT devices, Applications etc. In depth understanding for general security principles. In depth understand of how security technologies like firewalls, EDR, SIEM, TVM operate in a coherent manner, and how to avoid unnecessary alerts while executing an Adversary Emulation exercise. Excellent communication, reporting, and presentation skills. Ability to plan, prioritise, be proactive and manage own workload. Understand up-to-date security threats and common exploits. Have an open attitude to sharing knowledge and information. Excellent analytical and problem-solving skills. Desire to learn new technologies. A motivated attitude to learn and challenge comfort zone. To keep up to date with the latest security and technology developments. Desirable Cyber security certification (e.g. OSCP, CRTO, OSCE, OSWP, etc). Scripting Experience. Additional Information Must have the right to live and work in the UK or Republic of Ireland. Due to our location, access to own transport is essential. Must meet Security Clearance requirements if this is a requirement of the role and any offer would be conditional upon the successful candidate passing BPSS which includes a criminal record check. We don’t believe hiring is a tick box exercise, so if you feel that you don’t match the job description 100%, but would still be a great fit for role, please get in touch.

Belfast, United Kingdom

On site

Full Time

26-02-2025