Job Specifications
Introduction
Together, we’re working to welcome millions more passengers, while ensuring aviation can continue to be a force for good by leading global efforts in sustainability. At Heathrow, you can be part of this – providing solutions that make every journey better for millions each year. That means ensuring we meet the changing needs of the passengers, colleagues and partners who use our airport to work, travel, trade, shop, eat, explore and connect. Our Solutions team covers project management, process improvement, business change, technology, cyber defence, masterplanning, infrastructure and procurement. It brings together people with the skills to deliver prestigious and often large-scale projects, from transforming terminals to making big reductions in our carbon emissions.
Every day will test your skills and give you the opportunity to make your mark. You might be working with the technology and data that power our city within a city, driving vital commercial agreements with everyone from retailers to airlines, or improving the unique infrastructure that includes everything from 200 buildings to 250 HV substations. It’s a collaborative environment, where you can rely on the support of the experts around you as you take on projects you’ll both take pride in and feel passionate about.
Job Description
The Cyber Security Analyst – Linux Estate will be responsible for ensuring the secure configuration, design, and operation of the organisation’s Linux infrastructure. As a key member of the Cyber Security Team, the individual will work closely with Linux platform teams and broader IT stakeholders to embed secure-by-design principles into the Linux estate, ensuring alignment with cyber security best practices, regulatory compliance, and risk management strategies.
This role offers the opportunity to make a significant impact on the organisation's security posture across the extensive Linux estate.
Your role will involve
Secure Development & SDLC Integration - Embed secure development practices across all stages of the SDLC, from design and build through to deployment and maintenance. Ensure security requirements, patterns and controls are incorporated early into application and platform design. Promote and enable secure-by-design and security-by-default principles across the development community.
Advisory & Assessment - Provide hands-on security advisory support to software engineering teams, architects and product owners. Conduct security design reviews, code assessments and threat modelling activities. Assess development pipelines, tooling and environments to identify security weaknesses and improvement opportunities.
Monitoring & Detection - Monitor development environments, repositories and pipelines for poor security practices, exposed secrets, credentials and misconfigurations. Support the identification, triage and remediation of security findings in collaboration with development teams.
Security Automation & Tooling - Design, implement and maintain automated security checks within CI/CD pipelines, including static, dynamic and dependency scanning. Enable consistent and scalable security controls through automation, reducing manual overhead and improving developer experience. Work with platform and tooling teams to integrate security capabilities into development ecosystems.
Collaboration & Culture - Foster a collaborative, trust-based relationship between the Cyber Security team and the development community. Act as a security champion, influencing ways of working and promoting security awareness and ownership within engineering teams. Build strong working relationships with internal and external colleagues, partners and suppliers.
Continuous Improvement - Stay current with emerging threats, secure coding techniques and DevSecOps best practices. Contribute to the evolution of secure development standards, patterns and guidance. Support continuous improvement of Heathrow’s application security maturity.
These Skills Are Essential
Minimum 3 years’ relevant technical experience in Cyber Security, application security, secure development or DevSecOps.
Practical experience working within software development environments and modern SDLC practices.
Strong understanding of application security principles and common vulnerabilities (e.g., OWASP Top 10).
Experience embedding security into SDLC and CI/CD pipelines.
Familiarity with security tooling such as SAST, DAST, dependency scanning and secrets detection.
Strong stakeholder engagement and relationship-building skills.
Collaborative mindset with a focus on enablement rather than control.
Ideally, you will also have:
Experience working in DevSecOps or agile delivery environments.
Exposure to cloud-native development and platforms.
Knowledge of infrastructure-as-code and container security concepts.
Experience supporting secure development in regulated or critical national infrastructure environments.
About Us
There’s something so special ab