Royal London

Royal London is seeking an Application Security Specialist to join our cyber testing team. The ideal candidate will have a strong application development background and engage with development teams to enhance application security throughout the SDLC. Responsibilities include collaborating with engineering teams, managing security tooling, and providing remediation guidance to mitigate vulnerabilities. We offer great benefits such as 28 days annual leave, private medical insurance, and an employer matching pension scheme of up to 14%.

About the role The Application Security Specialist, working in our cyber testing team, plays a key role in protecting Royal London's internally developed software by identifying, assessing and helping remediate application security risks early in the delivery lifecycle. This role is ideal if you come from an application development background and you're looking to build a rewarding career in cyber security and secure software engineering, with support from a collaborative team. You will partner closely with development teams, penetration testers and platform specialists to embed secure by design principles, interpret findings from application security tools, and turn them into clear, practical actions. Drawing on your development experience, you'll help translate security concepts into meaningful, risk based decisions-enabling teams to deliver with confidence and strengthening the organisation's overall cyber resilience. Responsibilities Collaborate with development and engineering teams to embed application security principles and guardrails across the software development lifecycle (SDLC). Operate, manage and interpret findings from application security tooling such as SAST, DAST and Software Composition Analysis (SCA), helping teams understand what matters most. Identify, analyse and prioritise application security vulnerabilities based on exploitability, business impact and exposure, so effort is focused where it will make the biggest difference. Provide clear, actionable remediation guidance and support teams through to closure, celebrating progress and improving outcomes over time. Conduct penetration testing using application level insight, ensuring coverage of the most exposed and critical attack paths. Support teams to assess application design and implementation risks through design reviews, code assisted reviews and threat informed testing. Contribute to the definition and continuous improvement of secure coding standards, application security policies and practical, developer friendly guidance. Help shift security earlier ('shift left') in delivery pipelines, reducing exploitable weaknesses before deployment and making secure delivery feel simpler. Produce concise, accurate security findings and risk summaries tailored to both technical and non technical stakeholders. Contribute to the wider Attack Surface Management function through consultation, constructive challenge, and continuous improvement. About you A strong background in application development, with hands on experience across the software development lifecycle. Experience working in Agile/Scrum environments, using development tooling such as GitHub, Azure DevOps, Jira or Confluence. Practical exposure to application security testing approaches and tools (e.g. SAST, DAST, SCA), with the ability to interpret results and explain them in a way that helps teams take action. Understanding of common application and web security vulnerabilities (e.g. OWASP Top 10) and how they show up in real world codebases. Understanding of core cyber security principles and how they apply to modern application architectures. Ability to translate technical security findings into clear, pragmatic risk and remediation guidance that supports developers in making good decisions. Comfortable collaborating with engineers and influencing secure outcomes through expertise, empathy and credibility. Demonstrable knowledge of penetration testing techniques and tooling, with a genuine interest in continuing to learn through collaboration, mentoring and cross training. Strong written and verbal communication skills, able to engage confidently and respectfully with both technical and non technical audiences. Experience working in large, complex or regulated environments (financial services is desirable but not essential). Curious mindset with a proactive approach to learning and self development, staying current with emerging application layer threats and sharing knowledge with others. Qualifications or certifications such as Security+, CEH, OSCP, OSWE or similar are beneficial, but not required-equivalent experience and a willingness to learn matter just as much. Benefits We've always been proud to reward employees by offering great workplace benefits such as 28 days annual leave in addition to bank holidays, an up to 14% employer matching pension scheme and private medical insurance.

"It feels good to have a career with real purpose." Working Style: Hybrid 50% home based / 50% office based We have a fantastic opportunity for a Solution Architect to join our Chief Operating Office team at Royal London. The Solution Architect contributes to strategy and technical design, operating models, reference architectures and delivery roadmaps across selected key domains for Royal London Group Architecture (or across multiple domains when deployed to our largest and most complex transformation programmes). This role will report into a Principal Architect and have responsibility specifically for the entirety of a technology domain architecture landscape or engage on a large programme role with responsibility for the End2End architecture including Service Resilience and Support Operating Model. The role contributes to the development of major technology strategies for the group, bringing specific technical competencies and knowledge to ensure these are properly reviewed through governing bodies and then used to inform executive committees and business leaders, underpinning major programme design governance. What you will bring to the role: Technical design experience and enterprise-wide architecture understanding Good knowledge of architecture frameworks, trends and initiatives Experience and knowledge of Pensions, particularly workplace pensions. End2End design of cost-effective, innovative, scalable and maintainable enterprise application solutions Knowledge of package-based solutions and enterprise application integrations In depth and current knowledge of one or more common application technology stacks (Java, Azure, Kubernetes, Kafka) Understanding of relevant technology trends Experience of infrastructure / application technologies within technology domain Understanding of operating and commercial models and processes that can wrap around technologies Experience of close working with third parties and suppliers Ability to communicate technical information clearly to all levels of the organisation Ability to think strategically and engage with technical detail to align with the overall strategy Experience developing presentations for, and presenting to, executive and senior-level committees Influencing and communication skills, with business and technical teams Good relationship and stakeholder management skills Commercial awareness and financial management skills If you think you would be a great fit for our team at Royal London but don't meet all the requirements of the role, please get in touch - your application will still be considered. We welcome applications from everyone, and we're particularly keen to hear from people who are underrepresented in technology and architecture roles. About Royal London We're the UK's largest mutual life, pensions and investment company, offering protection, long-term savings and asset management products and services. Our People Promise to our colleagues is that we will all work somewhere inclusive, responsible, enjoyable and fulfilling. This is underpinned by our Spirit of Royal London values; Empowered, Trustworthy, Collaborate, Achieve. We offer a wide range of benefits to support you at work and at home. For full details, please see Our Benefits. 28 days annual leave, plus bank holidays Up to 14% employer matching pension scheme Private medical insurance Inclusion, diversity and belonging We're an Inclusive employer. We celebrate and value different backgrounds and cultures across Royal London. Our diverse people and perspectives give us a range of skills which are recognised and respected - whatever their background.