Senior Cyber Security Consultant

Who are we?

We are ranked as the UK’s #1 construction specific software player and our mission is simple; to provide market leading end-to-end software solutions to the construction and construction like industries across the entire build life cycle.

If you are looking to build an exceptional career with an award-winning company you’ve come to the right place. Our teams are based in the UK, Europe, and India, working on products that are used on a global scale. We have a clear and defined road map to deliver over the next 3 years, which is centred around a large-scale digital transformation as well as continuing our growth and expansion.

We embrace diversity and equality and want our employees to be comfortable bringing their whole selves to work. We are committed to building a team with a variety of backgrounds, skills and views. Creating a culture of Equality isn’t just the right thing to do, it improves every aspect of our business.

This is a senior, people focused role at the intersection of secure software engineering, application security, and enterprise cyber operations.  You will lead the strategy and hands-on execution for AppSec across a broad technology stack, partner with engineers to remediate complex vulnerabilities (first party code and third-party libraries), run and improve offensive security and vulnerability management practices, and ensure alignment with ISO 27001, CE+, SOC2 and internal standards. A core expectation is to coach and upskill teams, embedding security by design and accelerating safe delivery.‑focused role‑on execution‑party code and third‑party libraries), run and improve offensive security and vulnerability management practices, and ensure alignment with

• →

• Proven background in software engineering (e.g., .NET, Java, JavaScript/TypeScript, Python) and secure coding practices.

• Strong experience operating and integrating SAST/DAST/SCA and AppSec controls into CI/CD.

• Understanding of modern architectures: APIs, microservices, containers (Docker/K8s), serverless, secrets management, identity and access.

• Hands‑on with penetration testing methods and tooling (e.g., OWASP, Burp Suite, ZAP); able to set test charters and interpret results.

• Practical experience with vulnerability scanners and endpoint/cloud security platforms (Qualys/Tenable, Defender for Endpoint), plus asset/coverage hygiene.

• Skilled at triage and risk framing, mapping to business impact and SLAs.

• Experience securing workloads in AWS, Azure and/or GCP; multi‑cloud exposure preferred.

• Familiar with cloud‑native controls (e.g., identity, networking, container security, posture management).

• Experience in optimisation of perimeter security (WAF/API Security/Bot Protection).

• Working knowledge of ISO 27001, NIST controls, CE+, SOC2 and secure SDLC/DevSecOps practices.

• Comfortable producing metrics, KPIs/KRIs, and executive reporting.

• Relevant certs such as OSCP, GWAPT/GWEB, CSSLP, CISSP, CISM, or cloud security (e.g., AWS Security Specialty, AZ‑500).

• Evidence of building/running training programmes or Security Champions networks.

If you're looking to build an exceptional career with an award-winning company you’ve come to the right place. We believe everyone at Causeway has a vital role to play in our success. Causeway is fuelled by curiosity and is a place for people who beam with positivity and burn with ambition.

Our team is everything, so we’ll take good care of you. In fact, we give well-being the same priority as our other business goals. We’re strong advocates of work-life balance, offering hybrid working alongside the opportunity to work from modern, collaborative offices.

We are United. As part of a team, we’re better together.

We are Agile. Be the change, we’re on a journey.

We are Trusted. Do the right thing, we own this.

We are Driven. Get stuck in, we make it happen.