Global Relay logo

Senior Application Security Analyst

Global Relay
1 day ago
Full-time
On-site
London, England, United Kingdom
eDiscovery Analyst

Who we are:

For over 25 years, Global Relay has set the standard in enterprise information archiving with industry-leading cloud archiving, surveillance, eDiscovery, and analytics solutions. We securely capture and preserve the communications data of the world’s most highly regulated firms, giving them greater visibility and control over their information and ensuring compliance with stringent regulations.

Though we offer competitive compensation and benefits and all the other perks one would expect from an established company, we are not your typical technology company. Global Relay is a career-building company. A place for big ideas. New challenges. Groundbreaking innovation. It’s a place where you can genuinely make an impact – and be recognized for it.

We believe great businesses thrive on diversity, inclusion, and the contributions of all employees. To that end, we recruit candidates from different backgrounds and foster a work environment that encourages employees to collaborate and learn from each other, completely free of barriers.

Job Purpose

The Senior Application Security Specialist is a senior technical role leading advanced application security testing, complex vulnerability analysis and threat modelling across the Application & Product Security function. You will provide technical leadership, mentor analysts and specialists, act as a security point of contact for engineering, and contribute to security strategy and standards.

Scope & Autonomy

Leads testing workstreams and sets the technical approach for complex assessments; acts as an escalation point for L1/L2 and a security partner to engineering.

Duties and Responsibilities

  • Lead advanced security testing of critical applications and services, including deep-dive manual testing and targeted penetration tests across web, mobile and API surfaces.
  • Own threat modelling using structured frameworks (STRIDE, PASTA), producing threat models for new features and architecture changes.
  • Support and engage in the penetration testing programme.
  • Design security test strategies for new products and major changes.
  • Act as subject-matter expert and primary point of contact between engineering and the Application Security team.
  • Provide oversight of scanning-tool usage and KPIs in the CI/CD pipeline.
  • Own the overarching triage, escalation and evidence-quality framework across all scanning tools and testing streams, resolving the most complex or contested findings and setting the standard L1/L2 analysts and specialists are mentored against.
  • Track and report key security testing metrics (e.g. time-to-remediate, recurring defect patterns) to senior stakeholders.
  • Build and maintain advanced test cases, automation frameworks and custom tooling to improve coverage and efficiency.
  • Own the security release process, including remediation verification and closure standards.
  • Mentor and coach analysts and specialists; provide training material, playbooks and quality review of finding reports.
  • Act as an escalation point for L1/L2 security analysts.
  • Provide expert-level root-cause analysis and remediation guidance for the most complex or systemic security defects and set remediation standards developers and L1/L2 analysts follow across the programme.
  • Develop and maintain process documentation and testing standards.

Qualifications

  • 5–8 years' hands-on experience in application security testing.
  • Advanced knowledge of internet and network technologies.
  • Expert understanding of web and API technologies and common vulnerabilities (OWASP Top 10, API/LLM Top 10, Mobile Top 10).
  • Advanced mobile security testing (Android/iOS) — reverse engineering, runtime manipulation, Frida scripting, Objection.
  • Advanced knowledge of container orchestration and Kubernetes security, including cluster hardening, RBAC and workload isolation.
  • Advanced AI/LLM security assessment.
  • Expert understanding of security controls (access control, encryption, logging/monitoring, secure configuration) and how to assess their effectiveness at scale.
  • Strong offensive security skillset — manual web and API testing, authentication/authorisation bypass, session management, business-logic abuse and data-protection testing.
  • Advanced knowledge of threat remediation techniques specific to the programming languages in use at Global Relay.
  • Strong awareness of advanced persistent threats (APTs), threat actor tactics (e.g. MITRE ATT&CK) and emerging vulnerability classes, and ability to apply this awareness to test strategy design.
  • Ability to build and own automation: scripting test cases (Python, Bash), integrating with TestRail and Jira, building automated Burp Suite Pro scanning workflows in CI/CD, and working knowledge of supporting tools such as Postman and SonarQube.
  • Excellent communication skills; ability to influence technical and non-technical stakeholders.
  • Recognised advanced certifications preferred (e.g. OSCP, OSWE).

Global Relay is unable to offer visa sponsorship for this position. Candidates must have the right to work in the UK at the time of application.

 

What you can expect:

At Global Relay, there’s no ceiling to what you can achieve. It’s the land of opportunity for the energetic, the intelligent, the driven. You’ll receive the mentoring, coaching, and support you need to reach your career goals. You’ll be part of a culture that breeds creativity and rewards perseverance and hard work. And you’ll be working alongside smart, talented individuals from diverse backgrounds, with complementary knowledge and skills.

Global Relay is an equal-opportunity employer committed to diversity, equity, and inclusion.

We seek to ensure reasonable adjustments, accommodations, and personal time are tailored to meet the unique needs of every individual.

To learn more about our business, culture, and community involvement, visit www.globalrelay.com.