Cyber Security Consultant (Data/Application Security)

TL;DR

Cyber Security Consultant (Data/Application Security): Guiding clients in securing applications and sensitive information across the full development and data lifecycle, leveraging practices like Threat Modelling, Secure SDLC, and DevSecOps. Focus on designing security guardrails for application modernization in multicloud environments, ensuring risks are minimized and business objectives are achieved securely.

Location: Must be a resident in the UK and have been living continuously in the UK for the last 2 years.

Company

hirify.global Consulting is hirify.global’s consulting and global professional services business, providing deep industry and technical expertise to public and private sector clients worldwide.

What you will do

• Provide advisory and technical expertise on application security across the Software Development Lifecycle (Design, Build, Deploy).
• Lead activities such as Threat Modelling, Secure SDLC integration, and DevSecOps practices.
• Implement security guardrails to support secure application modernization on multicloud platforms.
• Drive application vulnerability management, analyzing high-risk vulnerabilities and developing effective mitigation plans.
• Apply data protection techniques including encryption, masking, and anonymization.
• Advise clients on regulatory requirements (e.g., GDPR, HIPAA, CCPA) and align security programs to meet compliance obligations.

Requirements

• Strong experience in application security domains, including Threat Modelling, Secure SDLC, DevSecOps, and security testing.
• Knowledge of data protection methods: encryption (at rest/in transit), masking, anonymization.
• Hands-on experience with Data Loss Prevention (DLP) tools and strategies.
• Proficiency in database security controls, including access, auditing, and patch management.
• Familiarity with SIEM platforms for monitoring and analysis of data/application security events.
• Understanding of data classification principles and lifecycle management practices.
• Knowledge of privacy regulations (GDPR, HIPAA, CCPA) and security frameworks such as NIST, ISO 27001, and CIS Critical Security Controls.
• You must have the valid right to work in the UK.
• You must be a resident in the UK and have been living continuously in the UK for the last 2 years.
• You must be able to hold or gain a UK government security clearance.

Nice to have

• Experience embedding security guardrails in application modernization programs across hybrid/multicloud environments.
• Proficiency with automation tools and pipelines supporting DevSecOps practices.
• Certifications such as CSSLP, CISSP, CISM, CCSP, or equivalent.
• Strong consulting experience, with the ability to translate complex security challenges into actionable recommendations.
• Experience in designing and managing enterprise-wide data governance frameworks.

Culture & Benefits

• Many training opportunities from classroom to e-learning, mentoring, and coaching programs, with chances to gain industry-recognized certifications.
• Regular and frequent promotion opportunities to drive career development.
• A culture valuing Diversity & Inclusion, supported by policies, processes, and employee champion teams.
• Tools and policies to support work-life balance, including flexible working, sabbatical programs, and paid parental leave.
• Traditional benefits: 25 days holiday (in addition to public holidays), private medical, dental & optical cover.
• Group personal pension plan with an additional 5% of base salary paid monthly by the company.