Security Development and Test Director
| Posting date: | 06 August 2025 |
|---|---|
| Salary: | Not specified |
| Additional salary information: | Competitive Salary Depending On Experience |
| Hours: | Full time |
| Closing date: | 05 September 2025 |
| Location: | Birmingham, West Midlands |
| Remote working: | Hybrid - work remotely up to 2 days per week |
| Company: | NTT Data |
| Job type: | Permanent |
| Job reference: |
Summary
The team you'll be working with:
Security Development and Test Director
We are currently recruiting for a dynamic Security Development and Test Director to join our growing Security team.
About Us
NTT DATA is one of the world’s largest Global Security services providers with over 7500 Security SMEs and Integration partner to many of the worlds most recognised Security Technology providers. We strive to hire exceptional, innovative, and passionate individuals who want to grow with us. In a constantly changing world, we work together with our people, clients and communities to enable them to fulfil their potential to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure.
This is a great opportunity for you to play a pivotal role in helping to shape our client’s transformation journeys.
What you'll be doing:
What you’ll be doing;
Using your background in managing complex development and testing programs, you will:
Pre-Sales Support and Business Development
Partner with sales and business development teams to define and articulate the value proposition of the security development and testing offerings.
Represent the function in client engagements, pre-sales discussions, and technical assessments.
Design and present tailored solutions based on customer-specific challenges and threat landscapes.
Collaborate on statements of work (SOWs) and influence product roadmaps.
Service Delivery Assurance
Oversee performance and quality of services delivered, ensuring SLA and KPI compliance.
Implement governance mechanisms and standardised methodologies.
Act as the primary escalation point for complex engagements.
Conduct regular client reviews to identify enhancement opportunities.
Budget and Financial Management
Develop and manage financial plans, including budgeting and profitability analysis.
Monitor expenses and identify cost reduction opportunities.
Ensure profitability through forecasting and margin analysis.
Refine pricing models and maximise billable utilisation.
Secure Architecture and DevSecOps Integration
Define and govern secure architecture standards across development teams, ensuring alignment with enterprise security policies, regulatory requirements, and industry frameworks (e.g., NIST, OWASP, ISO 27001).
Lead the strategic integration of security into DevOps pipelines, embedding security controls and automated testing into CI/CD workflows to enable secure-by-design delivery.
Oversee the implementation and optimisation of security tooling, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and container security scanners.
Establish architectural review boards and security design checkpoints to validate that new systems and applications meet defined security requirements before deployment.
Drive continuous improvement in DevSecOps maturity, using metrics and feedback loops to refine processes, reduce risk exposure, and accelerate secure delivery.
Collaborate with enterprise architects, engineering leads, and product owners to ensure security is embedded from ideation through to deployment and maintenance.
Champion threat modelling and secure design practices, ensuring development teams proactively identify and mitigate risks during the design phase.
Mentor and upskill engineering teams on secure coding, architectural risk assessment, and DevSecOps principles to build a culture of shared security ownership.
Key Performance Indicators (KPIs)
Secure Architecture Compliance Rate: Percentage of projects that meet defined secure architecture standards and pass architecture review gates.
DevSecOps Integration Maturity: Measured progress in embedding security controls into CI/CD pipelines, including automated testing, code scanning, and policy enforcement.
Security Testing Coverage: Proportion of applications and systems that undergo static, dynamic, and interactive security testing before release.
Vulnerability Remediation Velocity: Average time taken to remediate critical and high-severity vulnerabilities identified during development and testing phases.
Toolchain Utilisation Effectiveness: Adoption and effective use of security tools (e.g., SAST, DAST, SCA) across development teams, measured by scan frequency and issue resolution rates.
Training and Awareness Uptake: Percentage of development and QA staff completing secure coding and DevSecOps training programs.
Audit and Compliance Pass Rate: Success rate in internal and external audits related to secure development practices and testing controls.
Innovation and Automation Impact: Number of manual security testing processes replaced or enhanced through automation, contributing to faster and more reliable delivery
What experience you'll bring:
What you’ll bring;
It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security service delivery management and have evidence of experience in a number of the following fields of expertise:
10+ years in secure software development and testing, 5+ in leadership.
Proven success in managing large-scale secure development projects.
Excellent communication and client relationship skills.
Experience managing crisis situations and leading diverse teams.
Strong English writing and verbal communication skills.
Attention to detail and ability to build high-performing teams.
Relevant certifications (e.g., CISSP, CISM, CSSLP, CEH).
Valid right to work in the UK and eligibility for UK SC clearance
Security Development and Test Director
We are currently recruiting for a dynamic Security Development and Test Director to join our growing Security team.
About Us
NTT DATA is one of the world’s largest Global Security services providers with over 7500 Security SMEs and Integration partner to many of the worlds most recognised Security Technology providers. We strive to hire exceptional, innovative, and passionate individuals who want to grow with us. In a constantly changing world, we work together with our people, clients and communities to enable them to fulfil their potential to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure.
This is a great opportunity for you to play a pivotal role in helping to shape our client’s transformation journeys.
What you'll be doing:
What you’ll be doing;
Using your background in managing complex development and testing programs, you will:
Pre-Sales Support and Business Development
Partner with sales and business development teams to define and articulate the value proposition of the security development and testing offerings.
Represent the function in client engagements, pre-sales discussions, and technical assessments.
Design and present tailored solutions based on customer-specific challenges and threat landscapes.
Collaborate on statements of work (SOWs) and influence product roadmaps.
Service Delivery Assurance
Oversee performance and quality of services delivered, ensuring SLA and KPI compliance.
Implement governance mechanisms and standardised methodologies.
Act as the primary escalation point for complex engagements.
Conduct regular client reviews to identify enhancement opportunities.
Budget and Financial Management
Develop and manage financial plans, including budgeting and profitability analysis.
Monitor expenses and identify cost reduction opportunities.
Ensure profitability through forecasting and margin analysis.
Refine pricing models and maximise billable utilisation.
Secure Architecture and DevSecOps Integration
Define and govern secure architecture standards across development teams, ensuring alignment with enterprise security policies, regulatory requirements, and industry frameworks (e.g., NIST, OWASP, ISO 27001).
Lead the strategic integration of security into DevOps pipelines, embedding security controls and automated testing into CI/CD workflows to enable secure-by-design delivery.
Oversee the implementation and optimisation of security tooling, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and container security scanners.
Establish architectural review boards and security design checkpoints to validate that new systems and applications meet defined security requirements before deployment.
Drive continuous improvement in DevSecOps maturity, using metrics and feedback loops to refine processes, reduce risk exposure, and accelerate secure delivery.
Collaborate with enterprise architects, engineering leads, and product owners to ensure security is embedded from ideation through to deployment and maintenance.
Champion threat modelling and secure design practices, ensuring development teams proactively identify and mitigate risks during the design phase.
Mentor and upskill engineering teams on secure coding, architectural risk assessment, and DevSecOps principles to build a culture of shared security ownership.
Key Performance Indicators (KPIs)
Secure Architecture Compliance Rate: Percentage of projects that meet defined secure architecture standards and pass architecture review gates.
DevSecOps Integration Maturity: Measured progress in embedding security controls into CI/CD pipelines, including automated testing, code scanning, and policy enforcement.
Security Testing Coverage: Proportion of applications and systems that undergo static, dynamic, and interactive security testing before release.
Vulnerability Remediation Velocity: Average time taken to remediate critical and high-severity vulnerabilities identified during development and testing phases.
Toolchain Utilisation Effectiveness: Adoption and effective use of security tools (e.g., SAST, DAST, SCA) across development teams, measured by scan frequency and issue resolution rates.
Training and Awareness Uptake: Percentage of development and QA staff completing secure coding and DevSecOps training programs.
Audit and Compliance Pass Rate: Success rate in internal and external audits related to secure development practices and testing controls.
Innovation and Automation Impact: Number of manual security testing processes replaced or enhanced through automation, contributing to faster and more reliable delivery
What experience you'll bring:
What you’ll bring;
It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security service delivery management and have evidence of experience in a number of the following fields of expertise:
10+ years in secure software development and testing, 5+ in leadership.
Proven success in managing large-scale secure development projects.
Excellent communication and client relationship skills.
Experience managing crisis situations and leading diverse teams.
Strong English writing and verbal communication skills.
Attention to detail and ability to build high-performing teams.
Relevant certifications (e.g., CISSP, CISM, CSSLP, CEH).
Valid right to work in the UK and eligibility for UK SC clearance
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.