You will join a major digital transformation initiative focused on embedding secure development practices across a large public-sector environment. The goal is to move beyond compliance checklists and operationalize secure-by-design principles across development teams, delivery workflows and supplier projects. Your role combines application architecture, security expertise, process design and project leadership.

What you'll do

• Lead the definition and integration of secure development practices across teams, using frameworks such as OWASP SAMM and CyFun as the foundation.
• Analyse existing development workflows, identify required changes and document clear, pragmatic recommendations for secure design, coding, testing and deployment.
• Review technical designs and architectures, challenge risks and provide guidance on secure interfaces, integration patterns and infrastructure components.
• Introduce, configure and govern SCA, SAST and DAST tools within CI/CD pipelines, ensuring continuous and measurable security coverage.
• Coach development teams on SecDevOps principles and provide hands-on support for adopting secure coding, TDD/BDD and continuous security validation.
• Create application security dashboards, routines and governance mechanisms to track security maturity and guide improvement across projects.
• Produce a standard secure development directive and a security evaluation matrix that can be used for internal and external project assessment.
• Act as project lead for this secure development programme, contributing to planning, follow-up meetings, reporting and documentation.
• Prepare and deliver security training to technical and non-technical stakeholders when required.