Security Development and Test Director

Security Development & Test Director
6 Months
Hybrid - Birmingham 2 days per week on site
-800 per day (Inside IR35)

We are currently recruiting for a dynamic Security Development and Test Director to join our growing Security team. This is a great opportunity for you to play a pivotal role in helping to shape our client''s transformation journeys.

*** Please note - The selected candidate must be eligible for UK Security Clearance ***

The Security Development and Test Director is responsible for overseeing the secure software development lifecycle, security testing, and DevSecOps practices at both strategic and operational levels. The role ensures the effectiveness of security practices in software development, manages security testing, drives operational maturity improvements, and oversees secure coding practices. Operating at SFIA Level 6, the role requires the initiation, definition, and oversight of high-impact security development and testing activities. The Director is responsible for aligning security initiatives with business objectives and ensuring the organisation''s resilience against evolving threats.

Using your background in managing complex development and testing programs, you will:
* Pre-Sales Support and Business Development
o Partner with sales and business development teams to define and articulate the value proposition of the security development and testing offerings.
o Represent the function in client engagements, pre-sales discussions, and technical assessments.
o Design and present tailored solutions based on customer-specific challenges and threat landscapes.
o Collaborate on statements of work (SOWs) and influence product roadmaps.
* Service Delivery Assurance
o Oversee performance and quality of services delivered, ensuring SLA and KPI compliance.
o Implement governance mechanisms and standardised methodologies.
o Act as the primary escalation point for complex engagements.
o Conduct regular client reviews to identify enhancement opportunities.
* Budget and Financial Management
o Develop and manage financial plans, including budgeting and profitability analysis.
o Monitor expenses and identify cost reduction opportunities.
o Ensure profitability through forecasting and margin analysis.
o Refine pricing models and maximise billable utilisation.
* Secure Architecture and DevSecOps Integration
o Define and govern secure architecture standards across development teams, ensuring alignment with enterprise security policies, regulatory requirements, and industry frameworks (e.g., NIST, OWASP, ISO 27001).
o Lead the strategic integration of security into DevOps pipelines, embedding security controls and automated testing into CI/CD workflows to enable secure-by-design delivery.
o Oversee the implementation and optimisation of security tooling, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and container security scanners.
o Establish architectural review boards and security design checkpoints to validate that new systems and applications meet defined security requirements before deployment.
o Drive continuous improvement in DevSecOps maturity, using metrics and feedback loops to refine processes, reduce risk exposure, and accelerate secure delivery.
o Collaborate with enterprise architects, engineering leads, and product owners to ensure security is embedded from ideation through to deployment and maintenance.
o Champion threat modelling and secure design practices, ensuring development teams proactively identify and mitigate risks during the design phase.
o Mentor and upskill engineering teams on secure coding, architectural risk assessment, and DevSecOps principles to build a culture of shared security ownership.

Key Performance Indicators (KPIs)
* Secure Architecture Compliance Rate: Percentage of projects that meet defined secure architecture standards and pass architecture review gates.
* DevSecOps Integration Maturity: Measured progress in embedding security controls into CI/CD pipelines, including automated testing, code scanning, and policy enforcement.
* Security Testing Coverage: Proportion of applications and systems that undergo static, dynamic, and interactive security testing before release.
* Vulnerability Remediation Velocity: Average time taken to remediate critical and high-severity vulnerabilities identified during development and testing phases.
* Toolchain Utilisation Effectiveness: Adoption and effective use of security tools (e.g., SAST, DAST, SCA) across development teams, measured by scan frequency and issue resolution rates.
* Training and Awareness Uptake: Percentage of development and QA staff completing secure coding and DevSecOps training programs.
* Audit and Compliance Pass Rate: Success rate in internal and external audits related to secure development practices and testing controls.
* Innovation and Automation Impact: Number of manual security testing processes replaced or enhanced through automation, contributing to faster and more reliable delivery

Experience required-

* Strong experience in secure software development and testing, including strong exposure to leadership based roles
* Proven success in managing large-scale secure development projects.
* Excellent communication and client relationship skills.
* Experience managing crisis situations and leading diverse teams.
* Strong English writing and verbal communication skills.
* Attention to detail and ability to build high-performing teams.
* Relevant certifications (e.g., CISSP, CISM, CSSLP, CEH).
* Valid right to work in the UK and eligibility for UK SC clearance

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission. Where the role is marked as Outside IR35 in the advertisement this is subject to receipt of a final Status Determination Statement from the end Client and may be subject to change.