Back to jobs
New

Senior Application Security Analyst

London, England, United Kingdom

Who we are:

For over 25 years, Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving, surveillance, eDiscovery, and analytics solutions. We securely capture and preserve the communications data of the world’s most highly regulated firms, giving them greater visibility and control over their information and ensuring compliance with stringent regulations.

Though we offer competitive compensation and benefits and all the other perks one would expect from an established company, we are not your typical technology company. Global Relay is a career-building company. A place for big ideas. New challenges. Groundbreaking innovation. It’s a place where you can genuinely make an impact – and be recognized for it.

We believe great businesses thrive on diversity, inclusion, and the contributions of all employees. To that end, we recruit candidates from different backgrounds and foster a work environment that encourages employees to collaborate and learn from each other, completely free of barriers.

Job Purpose

The Senior Application Security Specialist is a senior technical role leading advanced application security testing, complex vulnerability analysis and threat modelling across the Application & Product Security function. You will provide technical leadership, mentor analysts and specialists, act as a security point of contact for engineering, and contribute to security strategy and standards.

Scope & Autonomy

Leads testing workstreams and sets the technical approach for complex assessments; acts as an escalation point for L1/L2 and a security partner to engineering.

Duties and Responsibilities

  • Lead advanced security testing of critical applications and services, including deep-dive manual testing and targeted penetration tests across web, mobile and API surfaces.
  • Own threat modelling using structured frameworks (STRIDE, PASTA), producing threat models for new features and architecture changes.
  • Support and engage in the penetration testing programme.
  • Design security test strategies for new products and major changes.
  • Act as subject-matter expert and primary point of contact between engineering and the Application Security team.
  • Provide oversight of scanning-tool usage and KPIs in the CI/CD pipeline.
  • Own the overarching triage, escalation and evidence-quality framework across all scanning tools and testing streams, resolving the most complex or contested findings and setting the standard L1/L2 analysts and specialists are mentored against.
  • Track and report key security testing metrics (e.g. time-to-remediate, recurring defect patterns) to senior stakeholders.
  • Build and maintain advanced test cases, automation frameworks and custom tooling to improve coverage and efficiency.
  • Own the security release process, including remediation verification and closure standards.
  • Mentor and coach analysts and specialists; provide training material, playbooks and quality review of finding reports.
  • Act as an escalation point for L1/L2 security analysts.
  • Provide expert-level root-cause analysis and remediation guidance for the most complex or systemic security defects and set remediation standards developers and L1/L2 analysts follow across the programme.
  • Develop and maintain process documentation and testing standards.

Qualifications

  • 5–8 years' hands-on experience in application security testing.
  • Advanced knowledge of internet and network technologies.
  • Expert understanding of web and API technologies and common vulnerabilities (OWASP Top 10, API/LLM Top 10, Mobile Top 10).
  • Advanced mobile security testing (Android/iOS) — reverse engineering, runtime manipulation, Frida scripting, Objection.
  • Advanced knowledge of container orchestration and Kubernetes security, including cluster hardening, RBAC and workload isolation.
  • Advanced AI/LLM security assessment.
  • Expert understanding of security controls (access control, encryption, logging/monitoring, secure configuration) and how to assess their effectiveness at scale.
  • Strong offensive security skillset — manual web and API testing, authentication/authorisation bypass, session management, business-logic abuse and data-protection testing.
  • Advanced knowledge of threat remediation techniques specific to the programming languages in use at Global Relay.
  • Strong awareness of advanced persistent threats (APTs), threat actor tactics (e.g. MITRE ATT&CK) and emerging vulnerability classes, and ability to apply this awareness to test strategy design.
  • Ability to build and own automation: scripting test cases (Python, Bash), integrating with TestRail and Jira, building automated Burp Suite Pro scanning workflows in CI/CD, and working knowledge of supporting tools such as Postman and SonarQube.
  • Excellent communication skills; ability to influence technical and non-technical stakeholders.
  • Recognised advanced certifications preferred (e.g. OSCP, OSWE).

Global Relay is unable to offer visa sponsorship for this position. Candidates must have the right to work in the UK at the time of application.

 

What you can expect:

At Global Relay, there’s no ceiling to what you can achieve. It’s the land of opportunity for the energetic, the intelligent, the driven. You’ll receive the mentoring, coaching, and support you need to reach your career goals. You’ll be part of a culture that breeds creativity and rewards perseverance and hard work. And you’ll be working alongside smart, talented individuals from diverse backgrounds, with complementary knowledge and skills.

Global Relay is an equal-opportunity employer committed to diversity, equity, and inclusion.

We seek to ensure reasonable adjustments, accommodations, and personal time are tailored to meet the unique needs of every individual.

To learn more about our business, culture, and community involvement, visit www.globalrelay.com.

Create a Job Alert

Interested in building your career at Global Relay? Get future opportunities sent straight to your email.

Apply for this job

*

indicates a required field

Phone
Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf


Select...
Select...
Select...
Select...
Our company offers both hybrid and in-office work arrangements. Which statement most accurately reflects your preferred/required working environment? *
Select...
Select...
Upon submission of your application, the personal data contained in your application will be collected by Global Relay Communications Inc. (“Global Relay” or “Controller”), whose headquarters are located at 220 Cambie Street, 2nd Floor, Vancouver, BC, Canada, V6B 2M9. Global Relay can be contacted at (604) 484-6630. Global Relay’s data protection officer is Laurence Lafond, who can be contacted at privacy@globalrelay.net.
Your personal data will be processed for the purposes of managing Global Relay’s recruitment related activities. This includes organizing and conducting interviews, assessing your suitability for the role, organizing and conducting tests (as applicable) and evaluating the results of such tests, and other processing activities that Global Relay deems necessary in the recruitment and hiring process. This processing is permitted under Article 6(1)(f) of Regulation (EU) 2016/679 (GDPR) and Article 6(1)(f) of UK General Data Protection Regulation for the purpose of Global Relay’s legitimate interests, which include growing the business and recruiting and hiring personnel best suited for roles at Global Relay. Further information on our legitimate interests may be available upon request. If you are applying for a role in the UK and Global Relay processes personal data relating to criminal offences or convictions under Article 10 of GDPR and UK GDPR, Global Relay will do so on the condition of “consent” as permitted under Section 29 of Schedule 1 of the Data Protection Act, 2018 (c.12). Global Relay may utilize automated decision and profiling tools, such as Predictive Index, to assist in determining whether a candidate is suitable for a particular role. Failure by an applicant to provide personal data required by Global Relay for the recruitment and hiring process may result in the applicant being removed from consideration for the role.
Global Relay is headquartered in Canada. Accordingly, upon submission, your personal data will be transferred to Canada, which is considered by the European Commission to provide adequate protection for the collection of personal data from EU data subjects. Your personal data will be shared with Greenhouse Software, Inc., a cloud services provider located in the United States of America and engaged by Controller to help manage its recruitment and hiring process on Controller’s behalf, and may be shared with other third party service providers to the extent necessary for the assessment of candidates, to conduct tests for applicants or perform other due diligence necessary in the recruitment process (including, for example, credit checks or criminal offence checks). Where personal data is transferred to counties that are not considered to provide adequate protection by the European Commission (e.g. the United States), the transfer of your personal data to third parties in those countries will be transferred under additional safeguards permitted under GDPR, such as Standard Contractual Clauses.
If you are rejected from a role your personal data will be retained by Global Relay, by default, for 365 days from the completion of your submission for a particular role. Under the GDPR, you have the right to data portability, to request access to your personal data, to request that your personal data be rectified or erased, to request that processing of your personal data be restricted, and the right to object to processing. You also have the right lodge a complaint with an EU supervisory authority. To the extent that you have questions or concerns about your personal data, please reach out to privacy@globalrelay.net.

UK Diversity & Equality Survey

STRICTLY CONFIDENTIAL

Global Relay is committed to promoting equality, diversity and inclusion. To help ensure our processes are fair and accessible to everyone, we ask applicant to complete this voluntary monitoring form.

Global Relay’s policy is to ensure that no job applicant or employee receives less favourable treatment or is discriminated against under the Equality Act 2010. The protected characteristics under this act are (in no particular order): age, disability, gender reassignment, marriage and civil partnership, pregnancy or maternity, race, religion or belief, sex and sexual orientation.

Completing this form is voluntary. The information provided will be kept confidential. The information is going to be used to help us understand the diversity of our organisation.

None of the information you provide will be linked to your application.

Protecting your Data

Any information provided will be used only to help us monitor equality and diversity. It will be treated confidentially and reported in an anonymous, statistical format.

For more information about how we handle personal data and your rights, please refer to our Privacy Statement available on our website. 

Select...
Select...
Select...
Select...
Select...