13 of 13 OWASP Jobs in Edinburgh

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

application security Experience working with large-scale multi-cloud, multi-account architecture CISSP, CISM, AWS Solutions Architect Professional, Azure Solutions Architect, or equivalent certification, is preferred Thorough understanding of OWASP Top 10 and Secure Development Expertise in automating security tools and integrations, including simple scripting Experience with application security tools (SAST, DAST, IAST and SCA) Strong technical knowledge of development More ❯

firewalls, IPS, DDoS, WAF, DLP, DNS, NAC, NSPM, and architectures like SASE and Zero Trust. Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security. Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. More ❯

with public/private cloud environments ( Openshift, Rancher, K8s, AWS, GCP, Azure, etc. ) In-depth knowledge of security principles, compliance regulations, and change management. Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Proven expertise in architectural threat modeling and conducting secure design reviews. In-depth knowledge of common web application vulnerabilities … i.e. OWASP Top 10 or SANS top 25). Familiarity with automated dynamic scanners, fuzzers, and proxy tools. An analytical mind for problem solving, abstract thought, and offensive security tactics. Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences Exposure to advanced AI and Large More ❯

code reviews and promoting best practice in relation to coding standards. Creating solutions that are scalable and improve performance, are based on secure coding guidelines which prevent common vulnerabilities (OWASP) and are HIPAA and HiTrust compliant. Understanding and planning for evolutionary paths. Managing risk identification and risk mitigation strategies associated with the architecture. You Will Bring An in-depth understanding More ❯

working with just 1 day/week in the office Projects that span both UK and US markets Exposure to best-in-class tools and frameworks (MITRE ATT&CK, OWASP) Supportive culture with a learning mindset and room to grow Involvement in the full security lifecycle from audits to implementation Opportunity to shape how cloud security evolves in a global More ❯

report. Key Responsibilities Perform static code analysis and security audit of a web application. Identify potential vulnerabilities in logic, data handling, authentication, and access control. Assess the application against OWASP Top 10 and other secure coding standards. Review third-party dependencies for known issues. Produce a professional security report with risk ratings, findings, and recommendations. Required Skills & Experience 4+ years … understanding of secure coding practices in web frameworks (e.g., JavaScript, Python, PHP, Node.js). Familiarity with tools like Snyk, Checkmarx, Veracode, or Burp Suite (passive scanning). Knowledge of OWASP, CWE, and general secure software development principles. Strong technical writing and communication skills. Preferred certifications: OSCP, CSSLP, GWAPT, CEH, or equivalent. Deliverables One formal written report including: Executive summary for More ❯

release processes Tech environment: Must-have: Test & Reporting: qTest, Jira, Xray, Allure, Confluence CI/CD & Build: Jenkins, GitLab CI/CD pipelines, Git, Gradle Tooling: NeoLoad, JMeter, BlazeMeter, OWASP ZAP, SonarQube, Burp Suite, Nmap, Lighthouse Automation: Selenium, Playwright, Serenity BDD, Cucumber, Postman, REST Assured Nice to have: AI/ML QA tools: TestGPT, Testim All our roles are UK More ❯

within other areas of the bank, ensuring security is well presented and clearly articulated. What you'll bring • Knowledge of Regulatory Standards: Understanding of relevant security frameworks and standards OWASP ASVS, ISO/IEC 30111:2019, NIST etc. • Experience working with application security scanning methods such as SAST, DAST, SCA, Secrets detection & Dependency scanning. • Experience working in a cross-functional … team and leading on security initiatives. • Strong understanding of application security vulnerabilities (OWASP Top Ten, MITRE to 25 CWE’s etc) and secure coding practices. • Strong ability to communicate security issues to non-technical stakeholders. • Knowledge of driving vulnerability management strategy, policy, controls, services, compliance. What we offer in return • Hybrid and flexible working arrangements to support a healthy work More ❯

. Key Responsibilities Perform static code analysis and security audit of a web application. Identify potential vulnerabilities in logic, data handling, authentication, and access control. Assess the application against OWASP Top 10 and other secure coding standards. Review third-party dependencies for known issues. Produce a professional security report with risk ratings, findings, and recommendations. Required Skills & Experience 4+ years … in Application Security , AppSec consulting , or Secure Code Review roles. Familiarity with tools like Snyk , Checkmarx , Veracode , or Burp Suite (passive scanning) . Knowledge of OWASP , CWE , and general secure software development principles. Strong technical writing and communication skills. Preferred certifications: OSCP , CSSLP , GWAPT , CEH , or equivalent. Executive summary for non-technical stakeholders. Technical breakdown of findings with severity and More ❯

for AppSec within the org, and represent the team and function at leadership level Take accountability for helping the org “shift left” Desirable experience they would be interested in: OWASP Red teaming/Offensive security Coding/Scripting SSDLC Details: Salary: Up to £100,000 Location: 2x a week in Edinburgh Benefits: Generous benefits package! If this sounds like something More ❯

with proven experience leading teams. Secondary Expertise: Knowledge and experience in network security, including firewalls, micro-segmentation, DDoS protection, WAF, and NAC. Familiarity with open-source frameworks such as OWASP, CVSS, etc. Experience with security products like Qualys, AlgoSec, Fortinet, Guardicore, Akamai, and Forescout. Salary: Up to £80,000 Basic Salary + 10% bonus + 4k car 13% pension Location More ❯