1 to 25 of 238 OWASP Jobs in London

tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and guide teams on secure development practices. Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in … on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development More ❯

tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and guide teams on secure development practices. Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in … on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development More ❯

tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and guide teams on secure development practices. Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in … on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development More ❯

tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and guide teams on secure development practices. Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in … on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development More ❯

tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and guide teams on secure development practices. Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in … on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development More ❯

and architectural risk assessments, identifying vulnerabilities early and collaborating on risk mitigation strategies. Define and enforce secure coding standards and architectural best practices aligned with industry benchmarks such as OWASP Top 10 and API Security Top 10. Partner with cloud engineers and developers to embed security controls specific to GCP, such as workload identity, IAM policy enforcement, VPC Service Controls … these into automated build and deployment pipelines. Practical expertise with threat modeling methodologies such as STRIDE, PASTA, or Attack Trees. Strong knowledge of secure coding standards and common vulnerabilities (OWASP Top 10, API Security Top 10) and how to mitigate them. Familiarity with Google Cloud Platform (GCP) security features and best practices, including IAM, Cloud Armor, Security Command Center, and More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS...), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of cryptography including encryption More ❯

least one modern programming language (e.g., Python, JavaScript, Go). Experience working with CI/CD pipelines and embedding security into DevOps. Familiarity with key security frameworks and standards (OWASP Top 10, ISO 27001, NIST). Hands-on experience securing containerized environments (e.g., Docker, Kubernetes). Desirable Skills Exposure to microservices security, API gateways, and service mesh technologies. Understanding of More ❯

strong focus on securing cloud architectures. Solid understanding of data security principles and mechanisms, including encryption and masking. Familiarity with major security standards and frameworks (e.g., ISO 27001, NIST, OWASP). Experience with programming languages like Python, Go, or Java. Excellent communication skills to work effectively across technical and business teams. Preferred Qualifications Bachelor's or Master's degree in More ❯

Hands-on experience with cloud platforms (AWS strongly preferred), including basic infrastructure and security concepts (e.g., IAM, VPC, Security Groups). Familiarity with core application security principles (e.g., understanding OWASP Top 10 vulnerabilities) Experience with or strong aptitude for learning security tools (e.g., Wiz, SAST, DAST, SCA, vulnerability scanners). Knowledge of or familiarity with Infrastructure as Code (IaC), particularly … Terraform, is a plus. Familiarity with container technologies (Docker, Kubernetes) is a bonus. Good knowledge of relevant security frameworks and standards (e.g., NIST CSF, CIS Benchmarks, OWASP ASVS). Exposure and knowledge of the MITRE ATT&CK framework. Strong communication skills, with the ability to articulate complex security concepts clearly to technical audiences. Strong analytical and problem-solving skills with More ❯

take on a challenge Preferred Skills: Experience in AI red teaming, adversarial ML, LLM security testing Deep understanding of networking protocols, OS security, and web application security Knowledge of OWASP Top Ten, MITRE ATT&CK, and other security frameworks Experience with web security (HTTP, API security, web scraping, DOM manipulation) Benefits: Take part in a part-time, remote, freelance project More ❯

guidance. Develop frameworks and tools for automated threat detection. Ensure security controls are hardened through testing and deployment. Assess technology risks, including cyber security weaknesses and application threats (e.g., OWASP). Build strong relationships with external teams and share knowledge for mutual benefit. Required Qualifications and Skills Formal training or certifications in Engineering and/or Cybersecurity, with 5+ years More ❯

languages and Infrastructure as Code (Terraform, CloudFormation) Familiarity with Jira or other ticketing systems - essential Technical architecture design and review skills - essential Ability to identify vulnerabilities using CWE or OWASP Knowledge of operating systems and their hardening techniques Understanding of development concepts such as CICD, Pipelines, and SDLC Penetration testing knowledge is also super useful Familiarity with Cloud Development Kit More ❯

Knowledge of cloud security frameworks Rest API knowledge Scripting and Infrastructure as Code (Terraform, CloudFormation) Experience with Jira or similar ticketing systems Technical architecture review skills Vulnerability identification (CWE, OWASP) Operating systems and hardening techniques Development concepts like CICD, Pipelines, SDLC Penetration testing knowledge (useful) Familiarity with Cloud Development Kit (CDK), GitOps Experience in DevOps/agile environments Docker, Kubernetes More ❯

and applications. If you have expertise in AWS security, secure coding, Service Mesh/Observability, IAM/Okta, threat modelling and a strong understanding of security frameworks like ISO27001, OWASP or NIST, and the ability to drive secure coding practices, SAST and DAST, we want to hear from you! About the Role As a Cloud Application Security Engineer, you will … Dynamic Application Security Testing) Knowledge of security frameworks such as ISO 27001, NIST, or CIS benchmarks. Experience in application security reviews, vulnerability management, and security controls implementation. Familiarity with OWASP Top 10, CWE, and secure coding practices. Basic coding/scripting skills in Python, JavaScript, or similar. Strong communication skills with the ability to engage technical and non-technical stakeholders. More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS...), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of cryptography including encryption More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ) Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2) Working knowledge of cryptography including encryption More ❯

What skills are essential: You have an in-depth knowledge of security principles, technologies, best practices and threat detection and mitigation strategies Knowledge of common attack vectors and methodologies (OWASP Top 10, Mitre ATT&CK Framework and social engineering tactics The ability to identify potential threats, attack vectors, and vulnerabilities in systems and applications Ability to document security requirements from More ❯

experience with cloud security platforms (e.g., AWS, Azure, Google Cloud) and their security configurations. Pen Testing: Proficient in penetration testing methodologies and tools such as Metasploit, Burp Suite, and OWASP ZAP. Security Patching: Expertise in security patching processes and tools, including WSUS, SCCM, and automated patch management solutions. Scripting and Automation: Solid skills in scripting languages (e.g., Python, PowerShell) for More ❯

controls are hardened through testing and as part of production deployments. Assess potential technology risks including information and cyber security control weaknesses as well as application security threats (e.g. OWASP) Build solid, professional relationships with external teams within the business and (wherever applicable) seek to share knowledge and understanding for the betterment of all those involved. Required qualifications, capabilities, and More ❯

Security Expertise: Hands-on experience with AWS (or other cloud-based solutions) . Strong understanding of secured Software Development Lifecycle (SDLC) and CI/CD platforms . Familiarity with OWASP, CIS frameworks, and security best practices . Infrastructure & Scripting Knowledge: Proficiency in Microsoft platforms (Office 365, IIS, .NET, SQL Server, Windows Server, Active Directory). Strong scripting skills in PowerShell More ❯

Security Expertise: Hands-on experience with AWS (or other cloud-based solutions) . Strong understanding of secured Software Development Lifecycle (SDLC) and CI/CD platforms . Familiarity with OWASP, CIS frameworks, and security best practices . Infrastructure & Scripting Knowledge: Proficiency in Microsoft platforms (Office 365, IIS, .NET, SQL Server, Windows Server, Active Directory). Strong scripting skills in PowerShell More ❯

Security Expertise: Hands-on experience with AWS (or other cloud-based solutions) . Strong understanding of secured Software Development Lifecycle (SDLC) and CI/CD platforms . Familiarity with OWASP, CIS frameworks, and security best practices . Infrastructure & Scripting Knowledge: Proficiency in Microsoft platforms (Office 365, IIS, .NET, SQL Server, Windows Server, Active Directory). Strong scripting skills in PowerShell More ❯

Security Expertise: Hands-on experience with AWS (or other cloud-based solutions) . Strong understanding of secured Software Development Lifecycle (SDLC) and CI/CD platforms . Familiarity with OWASP, CIS frameworks, and security best practices . Infrastructure & Scripting Knowledge: Proficiency in Microsoft platforms (Office 365, IIS, .NET, SQL Server, Windows Server, Active Directory). Strong scripting skills in PowerShell More ❯

in Computer Science, Computer Engineering, or related field, or equivalent work experience Coding skills in at least one primary language, such as Java or Python and React Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards Utilize Static Application Security Testing tools (i.e. Checkmarx) to identify and remediate code vulnerabilities 1+ years More ❯