Birmingham, West Midlands, West Midlands (County), United Kingdom
ARM
note - The selected candidate must be eligible for UK Security Clearance *** The Security Development and Test Director is responsible for overseeing the secure software development lifecycle, security testing, and DevSecOps practices at both strategic and operational levels. The role ensures the effectiveness of security practices in software development, manages security testing, drives operational maturity improvements, and oversees secure coding practices. … profitability analysis. o Monitor expenses and identify cost reduction opportunities. o Ensure profitability through forecasting and margin analysis. o Refine pricing models and maximise billable utilisation. * Secure Architecture and DevSecOps Integration o Define and govern secure architecture standards across development teams, ensuring alignment with enterprise security policies, regulatory requirements, and industry frameworks (e.g., NIST, OWASP, ISO 27001). o Lead … security scanners. o Establish architectural review boards and security design checkpoints to validate that new systems and applications meet defined security requirements before deployment. o Drive continuous improvement in DevSecOps maturity, using metrics and feedback loops to refine processes, reduce risk exposure, and accelerate secure delivery. o Collaborate with enterprise architects, engineering leads, and product owners to ensure security is More ❯
/Threat/Forensics or CSIRT backgrounds - very experienced with analysing security logs to quickly ascertain TP/FP conviction and the techniques to except Ideally some AppSec/DevSecOps or Ethical Hacking experience - with a good understanding of Web Application attacks and security; they must be familiar with the OWASP Top 10 If they have Security Engineering skills too … if we use in-house resource instead of 3rd party vendors. Providing WAF focused SME support and advice on Web & API based attack methodologies, evasions and mitigation techniques. Providing DevSecOps SME & pipeline build support for the automation works Monitor and review all tuning requests. Conduct detailed log analysis to identify false positives and optimize WAF rules for improved accuracy and More ❯
identify and reduce false positives, optimising rule sets for accuracy and performance. Provide SME-level guidance on web and API-based attack methodologies, evasion techniques, and mitigation strategies. Support DevSecOps pipeline integration for automated WAF efficacy testing. Maintain comprehensive documentation for tuning procedures, policies, and configurations. Stay ahead of emerging web security threats and trends to continuously enhance protection measures. … at least three major WAF vendors (eg, Akamai, F5, AWS, GCP). Familiarity with the OWASP Top 10 and modern web attack techniques. Desirable Skills/Experience Experience in DevSecOps practices and pipeline automation. Security engineering expertise alongside WAF specialism. Experience reverse-engineering exploits to develop mitigation rules. Strong cross-functional collaboration skills for integrating WAF solutions into existing security More ❯
