Managed by Randstad Sourceright. For any questions please email:

Applications Security Manager (DevSecOps)

Location: Norwich, England, United Kingdom


Job Number: 1080

External Description:

Our Applications Security team in Aviva is growing – and we’re now looking for an Applications Security Manager to run a small team of experts delivering a range of relevant services, across our Aviva markets.

This opportunity will be ideally based in our Norwich office, but we are open-minded for the person to be based in one of Aviva’s main locations in London, Bristol, York or flexible home-working.

Embedding a DevSecOps approach is a key outcome of this role and an exciting focus for us as a business. You’ll be driving thought leadership internally and externally within the global developer community through improvements to culture, processes, tools and frameworks.

We see this as an outstanding and interesting role in this field due to the wide scope of Aviva’s products and the amount of influence the role holder will have – a position where you can really make it your own. 


What are the key responsibilities?

  • Embedding a DevSecOps approach within the global developer community
  • Leading the adoption of Secure Coding Principles and the Secure Development Lifecycle across Aviva markets
  • Leading the adoption and embedding of security tools such as SAST and DAST
  • Governing and overseeing application security assessments for web and mobile applications
  • Liaison with Security Culture & Awareness specialists to plan and deliver technical developer training
  • Deliver tailored presentations to developer community and senior leaders
  • Engagement with development teams to educate developers on common vulnerabilities and secure coding practices


What skills & experiences are required?

  • Team leadership skills with strong people and stakeholder management experience
  • In-depth knowledge of application security methodologies along governance processes and practices, including ISMS monitoring and control frameworks such as, ISO, ISF and COBIT, their relationships to other frameworks
  • Professional qualification in Information Security and/or Penetration Testing (e.g. relevant SANS or Offensive Security certifications)
  • Knowledge of software security standards such as NIST, OWASP etc.
  • Knowledge and experience of Secure Development Lifecycles and their application in an agile environment


What will you get for this role?

  • A salary of £70,000 to £90,000 depending on location, skills, experience and qualifications
  • Generous defined contribution pension scheme
  • Annual performance related bonus and pay review
  • Holiday allowance of 29 days plus bank holidays and the option to buy/sell up to 5 additional days
  • Up to 40% discount for some Aviva products through “My Aviva Extras” plus discounts for Friends and Family (some exclusions apply)
  • Excellent range of flexible benefits to include a matching share save scheme


Oh and by the way…

At Aviva we always ‘Care More’. It’s our thing. We’re all about our people – that’s you – so we can be pretty flexible. If you need to work from home some of the time, or change your hours so you can pick up your kids or care for someone in your family, we’re very open to that. We’ll even try to bend work around your further studies or hobbies where we can.

We care deeply about welcoming people no matter where they’re from, how old they are or what disability they have. We encourage applications from every age, race, ethnicity, disability, gender, gender identity, religion, culture, sexual orientation, national origin, marital status, pregnancy, maternity or caring responsibility. We want our employees to bring their whole self to work and that starts with you.

As part of that we interview every disabled applicant* that meets the minimum criteria for the job. Just send us an email once you’ve applied and we’ll make sure we interview you.

If you like the sound of all that, we’d love it if you could submit your application online. If you need an alternative method of applying, please give Dan Hopchet a call on: 0121 234 7625or ping them an email at:

*As defined in The Equality Act 2010*. By ‘minimum criteria’ we mean you must provide us with evidence which demonstrates that you generally meet the level of competence required and have the qualifications, skills or experience defined as essential to perform the role.

Job Number: R-88199

Community / Marketing Title: Applications Security Manager (DevSecOps)

Location: Norwich, England, United Kingdom