Application Security Lead/ 9 months Contract/ Fully Remote

Application Security Lead - Up to £675 per day
9 months contract- Inside IR35
Fully Remote UK based
CBTR is working with a leading enterprise client to hire an experienced Application Security Lead to own and evolve their application security capability across the full software development lifecycle.
This is a senior, hands-on role focused on embedding secure-by-design principles, reducing risk exposure, and strengthening cyber resilience across modern, cloud and API-driven environments.
You’ll work at the intersection of security, engineering, and business teams, ensuring application risks are clearly understood, prioritised, and effectively managed.
Required Skills:
Strong experience in Application Security, DevSecOps, or Secure Software Engineering

Deep understanding of OWASP Top 10 and exploitation techniques

Hands-on experience with SAST, DAST, and SCA tools

Experience integrating security into CI/CD and SDLC

Cloud experience (AWS and/or Azure)

Ability to translate technical risk into clear business impact

Strong stakeholder management and influencing skills

Ability to communicate complex security concepts clearly and effectively

Experience securing cloud-native or SaaS platforms

Understanding of AI/ML security risks

Familiarity with Terraform, or other IaC tooling

Knowledge of frameworks such as NIST or ISO27001

Knowledge of authentication and authorisation frameworks (OAuth2, OIDC, SAML, RBAC/ABAC)

Experience in large-scale enterprise & regulated environments

Desirable Certifications:
CISSP

CEH

OSCP / OSWE

Security+