DevSecOps Consutlant

Job Title: Cyber Security - (DevSecOps Consultant)

Location: London / Hybrid - (Mainly remote with infrequent travel)

Employment: Contract

Duration : (3 months rolling contract)

Rate: 650/Day inside IR35

KEY RESPONSIBILITIES

Security by Design: Embed cloud, mobile and application security controls early across solution design, build and deployment.

Cloud Security Oversight: Review Azure configurations, network boundaries, identity setup and data protection measures for loyalty platforms.

Application & API Security: Conduct security reviews on web and mobile applications, focusing on authentication, authorisation, data handling and API exposure.

Risk & Threat Assessment: Identify, document and track security risks across the loyalty ecosystem, ensuring timely mitigation.

Tooling & Integration: Leverage Wiz, GHAS, Snyk and other InfoSec tools to drive vulnerability management and compliance validation.

Collaboration: Partner with Product Engineering, Security Architecture and DevOps to strengthen secure build pipelines, app release processes and incident readiness.

SKILLS

Proven expertise in cloud security (Azure preferred), including network segmentation, identity and key management.

Strong background in application and API security, including OWASP, SAST/DAST and CI/CD integration.

Knowledge of mobile application security principles (Android/iOS) and secure SDK/API usage.

Familiarity with security tools: Wiz (cloud posture), GitHub Advanced Security, Snyk, Semgrep, and Prisma.

Understanding of threat modelling, zero trust and secure software development lifecycle (SSDLC) practices.

Ability to articulate security risks clearly to engineering and product stakeholders.

Desirable: experience supporting customer-facing digital platforms or loyalty ecosystems.