Information Security Consultant managing security standards implementation at LUZA Group in Lisbon, Portugal. Handling analysis of risk and supporting audits while working in a hybrid model.
About the role
- Senior Cyber Security Consultant leading AppSec strategies and hands-on execution for software platforms. Focused on security engineering, vulnerability management, and compliance in the construction software industry.
Responsibilities
- Own the application security strategy and roadmap across products and platforms, aligned to business risk and compliance obligations (e.g., ISO 27001, NIST).
- Work with Group Architect to set and govern secure SDLC standards.
- Influence senior engineering leadership on security architecture decisions, backlog prioritization, and risk acceptance.
- Lead and mature SAST, DAST, SCA usage, with policy-as-code and pipeline gating where appropriate.
- Conduct lightweight threat modelling and design reviews for new features and critical services (APIs, microservices, containers, serverless).
- Guide and unblock remediation of complex vulnerabilities in first party code and third-party libraries, providing developer ready fixes and patterns.
- Direct and coordinate penetration testing (internal or partner-led); define scope, success criteria, and exec level reporting.
- Lead the response to zero-day events affecting our stack: assess exposure, coordinate mitigations, communication, and after-action reviews.
Requirements
- Proven background in software engineering (e.g., .NET, Java, JavaScript/TypeScript, Python) and secure coding practices.
- Strong experience operating and integrating SAST/DAST/SCA and AppSec controls into CI/CD.
- Understanding of modern architectures: APIs, microservices, containers (Docker/K8s), serverless, secrets management, identity and access.
- Hands-on with penetration testing methods and tooling (e.g., OWASP, Burp Suite, ZAP); able to set test charters and interpret results.
- Practical experience with vulnerability scanners and endpoint/cloud security platforms (Qualys/Tenable, Defender for Endpoint), plus asset/coverage hygiene.
- Skilled at triage and risk framing, mapping to business impact and SLAs.
- Experience securing workloads in AWS, Azure and/or GCP; multi-cloud exposure preferred.
- Relevant certs such as OSCP, GWAPT/GWEB, CSSLP, CISSP, CISM, or cloud security (e.g., AWS Security Specialty, AZ-500).
Benefits
- 25 days annual leave + public holidays, increasing with length of service.
- 4% matched pension.
- Income protection and life assurance.
- Access to our award-winning benefits platform.
- We take mental health seriously and have a dedicated EAP available 24/7.
- £100 allowance towards a fitness club.
- Dell discounts.
- Private Medical Insurance.
- Paid study leave + volunteering days.
- Car Scheme.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Senior Cybersecurity Analyst at Boeing performing advanced cybersecurity assessments and risk evaluations for third - party vendors. Focusing on automation, lean processes, and collaborating with key stakeholders across departments.
Cybersecurity Manager ensuring regulatory compliance in information security within the Mexican framework. Collaborating with technology teams to strengthen governance, risk, and control model.
CISA Auditor focusing on cloud security audits for a Zurich - based international bank. Ensuring cybersecurity and identifying vulnerabilities in IT systems with risk - oriented audits.
Cybersecurity Specialist managing compliance for DoD security transition to Zero Trust Architecture. Involves overseeing RMF activities and ensuring ATO deadlines are met in cloud environments.
Engineer II responsible for managing enterprise customer support in Security Engineering. Focused on troubleshooting and diagnosing security incidents in a hybrid work environment.
Guest Safety Agent at HRI Hospitality ensuring safety and hospitality for guests and managing outlet spaces. Maintaining a secure environment while engaging with guests and visitors in New Orleans.
Cybersecurity Architect for Saint Louis University developing and assessing security strategies and architecture. Ensuring secure IT services through effective security technologies and practices.
Senior Commercial Manager developing and executing Cyber Security strategies, managing client portfolios and leading complex negotiations in São Paulo.
Security Officer responsible for maintaining safety at WarHorse Casino. Enforcing policies, responding to incidents, and providing customer service to guests.