Lead Application Security Engineer

Jobtrain
nationwide, uk
3 weeks ago
Applications closed

Related Jobs

View all jobs

Application Lead Security Engineer - Greenfield Project

Lead Software Security Engineer

Lead Security Engineer - Chase UK

Lead Security Engineer (Cloud Security & Compliance)

Application Security Engineer

Head of Cyber Security and Infrastructure, Part remote

Lead Application Security Engineer

Location:National*


Closing Date:2nd May 2025

Interviews:w/c 12th May


Grade:Grade 7

(MoJ candidates who are on a specialist grade, will be able to retain this grade on lateral transfer)


Salary:London: £61,201 - £78,225 (which may include an allowance of up to £17,024)

National: £56,532 - £73,450 (which may include an allowance of up to £16,918)


Working pattern: Full-time/Part-time/Flexible working


Contract Type:Permanent

Vacancy number: 5151


*We offer a hybrid working model, allowing for a balance between remote work and time spent in your local office. Office locations can be foundON THIS MAP

The Role

We’re recruiting for aLead Application Security Engineerhere atJustice Digital, to be part of our warm and collaborative Platforms and Architecture Cyber team.


This role aligns againstSenior Security Architectrole from the Government Digital and Data Framework


The cyber security of the digital services of the Ministry of Justice is vital to ensuring both trust in the justice system, as well as meeting our legal obligations, to protect sensitive information. The potential of a successful cyber attack is a departmental risk, and the allocation of effective and skilled effort to help reduce the risk is part of the mitigation presented to MoJ.


Part of achieving this requirement is through the delivery of Application Security (AppSec). Working in partnership with the development teams, AppSec work improves, and scales up security activities, helping teams design, build and automate security into their solutions, and finding new ways to reduce risk scores.


Providing this operational security improvement is a vital part of our collective work to mitigate existing security deficiencies in legacy and digital services, and to embed more effective security in our services for the future.


To help picture your life atMoJ Justice Digitalplease take a look at ourblogand ourDigital and Technology strategy 2025

Key Responsibilities:

You will be leading a small number of other AppSec Engineers, providing expert hands-on cyber security support to our development teams across the MoJ Justice Digital estate. You will be working to find better ways to defend and protect the development pipeline by building automation into processes and building in AWS and Azure native safeguards, where appropriate.


You will be working alongside cyber security consultants, and alerting them to areas of increased risk and new processes and techniques.


What you'll be doing:

  • Designing, developing and automating security tools and techniques to implement a secure software development lifecycle (SDLC),providing continuous assurance that systems are protected against common threats.
  • Implementing consistent DevSecOps best practices for the MoJ organisation.
  • Supporting and participating in workshops to raise awareness of security vulnerabilities and mitigations available to teams.
  • Help to address product security requirements by deploying homegrown and open source tools.
  • Coordinating with developers and product management to ensure these tools are fit for purpose.
  • Driving improvements in teams that ultimately improve outcomes in Secure by Design.
  • Collaborating with internal and external DevOps Teams to advocate software security practices and with Cloud Security and Security Architects in maintaining/extending Cloud Security patterns and use cases.
  • Communicating security findings to stakeholders in a clear and actionable fashion, focusing on real-world impact and with pragmatic options for resolution.
  • Maintaining good practice around code repo's (like Github), identifying and remediating weaknesses in Open Source libraries.
  • Working closely with platform teams to build centralised security reporting dashboards that provide security assurance across our applications.
  • Supporting threat modelling and security design reviews with engineering teams, providing subject matter expertise in resolving complex security problems.
  • Critiquing mitigations suggested from development teams on security issues.
  • Build the profile of the cyber security team through positive stakeholder interactions.
  • Utilise AppSec testing to build security confidence in products and services.


If this feels like an exciting challenge, something you are enthusiastic about, and want to join our team please read on and apply!

Benefits
  • 37 hours per week and flexible working options including working from home, working part-time, job sharing, or working compressed hours.
  • A £1k per person learning budget is in place to support all our people, with access to best in class conferences and seminars, accreditation with professional bodies, fully funded vocational programmes and e-learning platforms
  • Staff have 10% time to dedicate to develop & grow
  • Generouscivil service pensionbased on defined benefit scheme, with employer contributions of 28.97% from April 1st 2024 (Contribution Rates)
  • 25 days leave (plus bank holidays) and 1 privilege day usually taken around the Kings’ birthday. 5 additional days of leave once you have reached 5 years of service.
  • Compassionate maternity, adoption, and shared parental leave policies, with up to 26 weeks leave at full pay, 13 weeks with partial pay, and 13 weeks further leave. And maternity support/paternity leave at full pay for 2 weeks, too!
  • Wellbeing support including access to the Calm app.
  • Bike loans up to £2500 and secure bike parking (subject to availability and location)
  • Season ticket loans, childcare vouchers and eye-care vouchers.
  • 5 days volunteering paid leave.
  • Free membership to BCS, the Chartered Institute for IT.
  • Some offices may have a subsidised onsite Gym.
Person Specification

Essential

  • You have successfully established relationships with development teams based on collaboration, emotional intelligence, and pursuit of excellence.
  • You have experience of deploying techniques like SCA, SAST, DAST, IaC etc to the development pipeline.
  • You have knowledge of lightweight Threat Modelling techniques.
  • You have hands-on experience with CI/CD tools like Jenkins, Github Actions and CircleCI.
  • Understand how to secure public facing endpoints and APIs.
  • You have experience of modern development practices, cloud and container technologies such as Docker and Kubernetes.
  • Familiarity with microservice architecture and networking.
  • Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies.
  • Excellent knowledge of frameworks such as OWASP, MITRE, Cyber Killchain
  • You have experience with implementing secure software lifecycle practices within an agile engineering organisation.
  • You have an ability to create a positive security culture in development teams


Willingness to be assessed againstthe requirementsforSCclearance


The Civil Service is committed to attract, retain and invest in talent wherever it is found. To learn more please see theCivil Service People Planand theCivil Service D&I Strategy.

How to Apply

Candidates must submitCV and Cover Letter (500 words max),which describes how you meet the requirements set out in the Person Specification above.


In Justice Digital, we recruit using a combination of theGovernment Digital and Data Profession CapabilityandSuccess ProfilesFrameworks. We will assess your Experience, Technical Skills and the following Behaviours during the assessment process:

  • Communicating and Influencing


A diverse panel will review your application against the Person Specification above.


Successful candidates who meet the required standard will then be invited to a 1-hour/90 minute panel interview, which may include a task, held via video conference.


Should we receive a high volume of applications, a pre-sift based on “You have an ability to create a positive security culture in development teams” will be conducted before the sift. The panel will be conducting a sift on the following criteria from the Person Specification above:

  • You have experience of deploying techniques like SCA, SAST, DAST, IaC etc to the development pipeline.
  • You have experience of modern development practices, cloud (AWS/ Azure) and container technologies such as Docker and Kubernetes.
  • Excellent knowledge of frameworks such as OWASP, MITRE, Cyber Killchain

Candidates who do not demonstrate examples/details of their experience of the requirements stated under the Person Specification above in their Cover Letter will be rejected on this basis.


Should you be unsuccessful in the role that you have applied for but demonstrate the capability for a role at a lower level, we reserve the right to discuss this opportunity with you and offer you the position without needing a further application.


A reserve list may be held for up to 12 months, from which further appointments may be made.

Terms & Conditions

Please review ourTerms & Conditionswhich set out how we recruit and provide further information related to the role and salary arrangements.


If you have any questions, please feel free to contact




Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Portfolio Projects That Get You Hired for Cyber Security Jobs (With Real GitHub Examples)

With rising cyber threats and increasingly sophisticated attacks, cyber security has become a critical priority for organisations worldwide. From penetration testers (pentesters) and SOC analysts to cloud security engineers and threat intelligence specialists, the demand for skilled cyber security professionals continues to surge. But how do you stand out in a growing field? Alongside your CV, an impressive cyber security portfolio can be the distinguishing factor that convinces employers you’re the right fit. In this comprehensive guide, you’ll discover: Why a cyber security portfolio is essential for job seekers in this domain. How to align portfolio projects with different cyber security career paths. Real GitHub examples that demonstrate best practices in security-focused projects. Actionable project ideas you can start today, from penetration testing labs to blue-team detection pipelines. Best practices for organising your repos and presenting your work so hiring managers can instantly see your impact. When you’re ready to pursue your next opportunity, remember to upload your CV on CyberSecurityJobs.tech. Our specialised platform connects talented security professionals with employers who need your expertise—exactly what your portfolio will showcase.

Jobs Careers

Cyber Security Job Interview Warm‑Up: 30 Real Coding & System‑Design Questions

The need for skilled cyber security professionals has never been greater. As organisations rapidly digitise their operations and store increasing amounts of sensitive data online, cyber threats loom large—ranging from sophisticated ransomware attacks to insider threats and state‑sponsored espionage. Against this backdrop, cyber security jobs remain some of the most in‑demand and mission‑critical roles on the market. If you’re preparing for a cyber security interview, expect to be tested on a broad spectrum of topics—from secure coding and incident response to network security architecture and compliance standards. In many cases, companies also include problem‑solving exercises and system design scenarios to gauge how well you can apply theoretical knowledge to real‑world threats. To help you ace these assessments, we’ve compiled 30 real coding & system‑design questions you might encounter. Each reflects a key area of cyber security—whether it’s encryption and key management, threat modelling, or designing a zero‑trust network. Along the way, we’ll offer insights and best practices so you can stand out from the crowd. If you’re on the lookout for exciting cyber security roles in the UK, head to www.cybersecurityjobs.tech. There, you’ll discover a range of positions—covering everything from penetration testing and threat intelligence to compliance management and security operations. Let’s dive into the essentials of interview readiness.

Jobs

Negotiating Your Cybersecurity Job Offer: Equity, Bonuses & Perks Explained

How to Secure Compensation That Reflects Your Value in the UK’s High-Stakes Cybersecurity Sector Introduction As cyber threats grow more sophisticated and frequent, cybersecurity professionals have never been more in demand. From thwarting ransomware attacks to architecting secure cloud infrastructures, mid‑senior cybersecurity experts play a critical role in safeguarding a company’s data and reputation. Thanks to this growing reliance on cybersecurity, employers in the UK are going above and beyond simple salary offers to attract the top echelon of talent. Although base salary remains a key component of any job offer, the broader package—encompassing equity, bonuses, and perks—can often surpass what you’d gain from a small bump in monthly pay. For cybersecurity specialists working in areas such as threat intelligence, incident response, penetration testing, or compliance, the complexity and risk mitigation you bring to the table is massive. Knowing how to negotiate the entire package ensures you are duly rewarded for keeping an organisation’s data, assets, and operations safe. In this guide, we’ll delve into every aspect of negotiating a cybersecurity job offer. Whether you’re pivoting to a mid‑senior role or cementing your expertise at an established security consultancy, understanding the full range of compensation elements will help you secure an offer that acknowledges the criticality of what you do. Let’s explore equity options, performance bonuses, and the perks that matter most, so you can come out of your next job negotiation confident that you’re getting more than just a salary.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.