Cyber Security Analyst, DevSecOps

The Cyber Security Analyst – Secure Development is responsible for embedding secure-by-design and security-by-default principles across Heathrow’s entire software development lifecycle (SDLC). Working as part of the Cyber Security Team and reporting to the Lead Architect, Cyber Applications & AI, the role provides expert security advisory, assessment and automation capabilities to ensure security is built into code and development processes from inception rather than treated as a follow-on activity.

The role plays a key part in fostering a collaborative DevSecOps culture, enabling development teams to deliver high-quality, secure software while maintaining pace and innovation in a complex, safety- and security-critical environment.

• Secure Development & SDLC Integration
  • Embed secure development practices across all stages of the SDLC, from design and build through to deployment and maintenance.
  • Ensure security requirements, patterns and controls are incorporated early into application and platform design.
  • Promote and enable secure-by-design and security-by-default principles across the development community.
• Advisory & Assessment
  • Provide hands-on security advisory support to software engineering teams, architects and product owners.
  • Conduct security design reviews, code assessments and threat modelling activities.
  • Assess development pipelines, tooling and environments to identify security weaknesses and improvement opportunities.
• Monitoring & Detection
  • Monitor development environments, repositories and pipelines for poor security practices, exposed secrets, credentials and misconfigurations.
  • Support the identification, triage and remediation of security findings in collaboration with development teams.
• Security Automation & Tooling
  • Design, implement and maintain automated security checks within CI/CD pipelines, including static, dynamic and dependency scanning.
  • Enable consistent and scalable security controls through automation, reducing manual overhead and improving developer experience.
  • Work with platform and tooling teams to integrate security capabilities into development ecosystems.
• Collaboration & Culture
  • Foster a collaborative, trust-based relationship between the Cyber Security team and the development community.
  • Act as a security champion, influencing ways of working and promoting security awareness and ownership within engineering teams.
  • Build strong working relationships with internal and external colleagues, partners and suppliers.
• Continuous Improvement
  • Stay current with emerging threats, secure coding techniques and DevSecOps best practices.
  • Contribute to the evolution of secure development standards, patterns and guidance.
  • Support continuous improvement of Heathrow’s application security maturity.

Experience

• Minimum 3 years’ relevant technical experience in Cyber Security, application security, secure development or DevSecOps.
• Practical experience working within software development environments and modern SDLC practices.
• Proven experience working collaboratively within multi-disciplinary teams.

Essential Skills

• Strong understanding of application security principles and common vulnerabilities (e.g., OWASP Top 10).
• Experience embedding security into SDLC and CI/CD pipelines.
• Ability to assess code, architectures and development practices from a security perspective.
• Familiarity with security tooling such as SAST, DAST, dependency scanning and secrets detection.
• Strong stakeholder engagement and relationship-building skills.
• Ability to communicate security concepts clearly and pragmatically to technical and non-technical audiences.
• Collaborative mindset with a focus on enablement rather than control.