Application Security Lead - Up to £675 per day
9 months contract- Inside IR35
Fully Remote UK based
CBTR is working with a leading enterprise client to hire an experienced Application Security Lead to own and evolve their application security capability across the full software development lifecycle.
This is a senior, hands-on role focused on embedding secure-by-design principles, reducing risk exposure, and strengthening cyber resilience across modern, cloud and API-driven environments.
You’ll work at the intersection of security, engineering, and business teams, ensuring application risks are clearly understood, prioritised, and effectively managed.
Required Skills:
- Strong experience in Application Security, DevSecOps, or Secure Software Engineering
- Deep understanding of OWASP Top 10 and exploitation techniques
- Hands-on experience with SAST, DAST, and SCA tools
- Experience integrating security into CI/CD and SDLC
- Cloud experience (AWS and/or Azure)
- Ability to translate technical risk into clear business impact
- Strong stakeholder management and influencing skills
- Ability to communicate complex security concepts clearly and effectively
- Experience securing cloud-native or SaaS platforms
- Understanding of AI/ML security risks
- Familiarity with Terraform, or other IaC tooling
- Knowledge of frameworks such as NIST or ISO27001
- Knowledge of authentication and authorisation frameworks (OAuth2, OIDC, SAML, RBAC/ABAC)
- Experience in large-scale enterprise & regulated environments
Desirable Certifications:
- CISSP
- CEH
- OSCP / OSWE
- Security+