Application Security Vulnerability Analyst (outside IR35) at Charles Alan Consulting, Remote, £450-£500 per day Outside IR35

Application Security Vulnerability Analyst (Outside IR35)

Location: remote
Contract: Initial 6 Months

We are supporting a large enterprise organisation seeking an experienced Application Security Vulnerability Analyst to help drive a critical remediation programme focused on improving application security posture.

This role will focus on reviewing and validating vulnerabilities identified through Dynamic Application Security Testing (DAST) and Software Composition Analysis (SCA) tools. The successful candidate will play a key role in separating genuine security risks from false positives, enabling engineering teams to focus their efforts on the most impactful remediation activities.

Key Responsibilities

• Assess vulnerabilities identified through DAST and SCA tooling.
• Develop and refine criteria for identifying and eliminating false positives.
• Perform risk assessments on reported vulnerabilities and provide remediation recommendations.
• Determine whether vulnerabilities exist within active or unused code paths.
• Identify duplicate findings that may be inflating vulnerability counts across applications and systems.
• Work closely with security, engineering and development teams to validate findings.
• Support vulnerability prioritisation based on risk, business impact and available remediation resources.
• Produce clear documentation and reporting to support remediation decision-making.

Required Experience

• Strong background in Application Security, Vulnerability Management or Secure Software Development.
• Hands-on experience working with DAST and SCA security tools.
• Understanding of common application security vulnerabilities, including OWASP Top 10 risks.
• Experience validating security findings and identifying false positives.
• Knowledge of software development lifecycles and modern application architectures.
• Ability to assess vulnerability severity, exploitability and business risk.
• Strong analytical and stakeholder management skills.

Desirable Experience

• Experience within large-scale enterprise environments.
• Knowledge of secure coding practices across modern programming languages.
• Familiarity with vulnerability management platforms and security governance processes.
• Relevant security certifications such as CISSP, CSSLP, GWAPT, OSCP or similar.

Pay: £450.00-£500.00 per day

Experience:

• Application Security, and Vulnerability Management: 1 year (required)
• working with DAST and/or SCA security tools: 1 year (required)
• assessing or remediating OWASP Top 10 vulnerabilities: 1 year (preferred)

Licence/Certification:

• CISSP (preferred)

Work authorisation:

• United Kingdom (required)

Work Location: Remote