DevSecOps Pentester- Hybrid in London - Inside IR35 - 6 months

DevSecOps Pentester- Hybrid in London - Inside IR35 - 6 months

We are seeking an experienced DevSecOps & Application Security Consultant to join our team. This key role, based in London (2-3 days per week on-site), requires deep expertise in embedding security within CI/CD pipelines, cloud-native environments, and application development workflows. You will lead penetration testing and security assessments across code, containers, APIs, and infrastructure-as-code, while integrating automated security practices into DevOps processes to ensure continuous validation. As the subject matter expert on secure design, threat modelling, and remediation best practices, you will play a critical role in strengthening our security posture, enabling collaboration across development, operations, and security teams, and ensuring resilient digital delivery within the airline and transportation sector.

Key Responsibilities:

• Integrate security into DevOps workflows - embed automated security tools into CI/CD pipelines, IaC, and cloud-native environments.
• Conduct penetration testing and security assessments - manual and automated testing of web apps, APIs, containers, IaC, and cloud infrastructure.
• Identify, exploit, and report vulnerabilities - provide detailed findings with remediation guidance, from technical issues to executive summaries.
• Automate security processes - implement IaC automation, ServiceNow integrations, and automated AWS catalogues to improve efficiency.
• Threat modelling and secure design review - participate in sprint planning, agile ceremonies, and provide early-stage security insights.
• Remediation validation - re-test fixes, track issues through Jira workflows, and ensure vulnerabilities are fully resolved.

What You Will Ideally Bring:

• Application security expertise - strong grasp of OWASP Top 10, API security, and common web/app vulnerabilities.
• DevSecOps proficiency - integrating security into SDLC, CI/CD (Jenkins, GitLab, Ansible), and agile development.
• Penetration testing - hands-on manual pentesting of web apps, APIs, and CI/CD pipelines.
• Cloud platform security - AWS, Azure, GCP (IAM, misconfigurations, best practices).

Contract Details:

• Duration: 6 months (with view to extend)
• Day Rate: Up to £500 per day (Inside IR35)
• Location: London (2,3 days a week)
• Start Date: ASAP

DevSecOps Pentester- Hybrid in London - Inside IR35 - 6 months