1 to 25 of 28 OWASP Jobs in Scotland

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

in Python, PHP, JavaScript, and HTML. Utilize industry-standard tools including Burp Suite, Nessus, Checkmarx, HCL AppScan, WebInspect, and manual testing techniques. Conduct compliance-aligned security assessments based on OWASP, NIST, CREST, and MITRE ATT&CK frameworks. Reporting & Documentation Prepare detailed technical and executive reports, risk analysis, and remediation recommendations. Draft and maintain standardized test plans, methodologies, and reporting templates. … Minimum 4 years of penetration testing experience CREST CRT and CPSA certified (preferred) Other Security certifications: OSCP, OSWP, HTB, CBBH, CISSP (Bonus) Red Team experience (Bonus) Strong knowledge of OWASP Top 10, MITRE ATT&CK, CVSS, and secure coding practices Strong scripting and automation skills using Python, PowerShell, or Bash Experience with both automated tools and manual testing techniques Strong More ❯

AppSec or DevSecOps, with strong experience in secure SDLC and CI/CD Hands-on knowledge of security tools like GitHub Advanced Security, Veracode, Snyk, ZAP, Burp Familiarity with OWASP, MITRE, CWE, and modern development frameworks (C#, Java, Python, React) Knowledge of scripting languages (Python, Ruby, Rust) Excellent communication skills to bridge tech and business stakeholders Passion for building scalable More ❯

AppSec or DevSecOps, with strong experience in secure SDLC and CI/CD Hands-on knowledge of security tools like GitHub Advanced Security, Veracode, Snyk, ZAP, Burp Familiarity with OWASP, MITRE, CWE, and modern dev frameworks (C#, Java, Python, React) Knowledge of scripting languages (Python, Ruby, Rust) Excellent communication skills to bridge tech and business stakeholders Passion for building scalable More ❯

authorization practices, audit logging, encryption at rest/in transit, and other application security standards. Ensure software and infrastructure meet organizational security and compliance requirements (e.g., GDPR, ISO 27001, OWASP Top 10). Team Management & Culture Build and scale high-performance engineering teams, including backend, frontend, full-stack, data, and security engineers. Define and track KPIs for engineering productivity, quality More ❯

authorization practices, audit logging, encryption at rest/in transit, and other application security standards. Ensure software and infrastructure meet organizational security and compliance requirements (e.g., GDPR, ISO 27001, OWASP Top 10). Team Management & Culture Build and scale high-performance engineering teams, including backend, frontend, full-stack, data, and security engineers. Define and track KPIs for engineering productivity, quality More ❯

application security Experience working with large-scale multi-cloud, multi-account architecture CISSP, CISM, AWS Solutions Architect Professional, Azure Solutions Architect, or equivalent certification, is preferred Thorough understanding of OWASP Top 10 and Secure Development Expertise in automating security tools and integrations, including simple scripting Experience with application security tools (SAST, DAST, IAST and SCA) Strong technical knowledge of development More ❯

firewalls, IPS, DDoS, WAF, DLP, DNS, NAC, NSPM, and architectures like SASE and Zero Trust. Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security. Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. More ❯

XSS, SQL injection, broken access control). Knowledge of SQL and experience verifying backend data consistency. Familiarity with containerized environments (Docker, Kubernetes). Familiarity with tools like Burp Suite, OWASP ZAP, or static analysis tools is a plus. What We Offer Competitive salary and benefits package. Opportunities for learning, growth, and contributing to a product that makes a difference. Remote More ❯

with public/private cloud environments ( Openshift, Rancher, K8s, AWS, GCP, Azure, etc. ) In-depth knowledge of security principles, compliance regulations, and change management. Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Proven expertise in architectural threat modeling and conducting secure design reviews. In-depth knowledge of common web application vulnerabilities … i.e. OWASP Top 10 or SANS top 25). Familiarity with automated dynamic scanners, fuzzers, and proxy tools. An analytical mind for problem solving, abstract thought, and offensive security tactics. Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences Exposure to advanced AI and Large More ❯

SQL and familiarity with relational & NoSQL databases. Experience designing and consuming REST APIs. Hands‐on with cloud services (AWS) and Docker containers. Solid grasp of secure‐coding best practices (OWASP Top 10). Mindset & Behaviours Collaborative: thrive in cross‐functional teams and build strong relationships with peers. Communicative: speak up in discussions, share ideas and listen actively. Leadership mindset: take More ❯

preferably Azure) and familiar with DevSecOps practices; familiarity with Microsoft E5 security suite is a plus Capable of handling security in both legacy systems and greenfield projects Knowledgeable about OWASP Top 10, ASVS, secure coding, threat modeling (STRIDE), and security architecture review across languages like C#, React, Java, Python, Go, TypeScript/Angular Strong understanding of web app and API More ❯

code reviews and promoting best practice in relation to coding standards. Creating solutions that are scalable and improve performance, are based on secure coding guidelines which prevent common vulnerabilities (OWASP) and are HIPAA and HiTrust compliant. Understanding and planning for evolutionary paths. Managing risk identification and risk mitigation strategies associated with the architecture. You Will Bring An in-depth understanding More ❯

Job Responsibilities: Evidence of strong process, technical and team leadership skills, with a passion for delivering leading edge designs and inspiring a culture of technical excellence and innovative solution design. Experience of navigating the complex landscapes of technologies, 3rd party More ❯

working with just 1 day/week in the office Projects that span both UK and US markets Exposure to best-in-class tools and frameworks (MITRE ATT&CK, OWASP) Supportive culture with a learning mindset and room to grow Involvement in the full security lifecycle from audits to implementation Opportunity to shape how cloud security evolves in a global More ❯

Previous consultancy or client-facing experience. Eligibility for or possession of UK Security Clearance (preferred but not required). Solid understanding of common attack techniques and vulnerability classes (e.g., OWASP Top 10, MITRE ATT&CK). Strong familiarity with tools such as Burp Suite, Nmap, Metasploit, etc. Excellent communication and reporting skills. Required Qualifications: Demonstrable experience in penetration testing (minimum More ❯

Previous consultancy or client-facing experience. Eligibility for or possession of UK Security Clearance (preferred but not required). Solid understanding of common attack techniques and vulnerability classes (e.g., OWASP Top 10, MITRE ATT&CK). Strong familiarity with tools such as Burp Suite, Nmap, Metasploit, etc. Excellent communication and reporting skills. Required Qualifications: Demonstrable experience in penetration testing (minimum More ❯

Ada, Rust, or Go). Familiarity with scripting like Python and Perl is a plus. Solid understanding of offensive and defensive security principles, including common vulnerabilities (CWEs, CVEs) and OWASP guidelines. Experience with cybersecurity, risk management, and information assurance. Demonstrated ability to read, analyze, and understand code to identify vulnerabilities and explain functionality. Experience with static and dynamic code analysis More ❯

Vulnerability Testing Scan systems for vulnerabilities. Collaborate with SecOps and DevSecOps teams. Security QA/Secure Code Testing Test from a secure coding perspective. Ensure compliance with standards like OWASP Top 10. Test Management Oversee testing across teams/products. Manage stakeholder communication, budgets, vendors, and processes. Design testing frameworks and strategies. Advise on tool choices and automation scaling. API More ❯

systems for known vulnerabilities. Collaborate with SecOps and DevSecOps teams. Security QA/Secure Code Testing Test software from a secure coding perspective. Ensure compliance with secure development standards (OWASP Top 10, etc.). Test Management Oversee testing across multiple teams or products. Handle stakeholder communication, budget, vendor selection, and process compliance. Design testing frameworks, strategies, and toolchains. Advise on More ❯

release processes Tech environment: Must-have: Test & Reporting: qTest, Jira, Xray, Allure, Confluence CI/CD & Build: Jenkins, GitLab CI/CD pipelines, Git, Gradle Tooling: NeoLoad, JMeter, BlazeMeter, OWASP ZAP, SonarQube, Burp Suite, Nmap, Lighthouse Automation: Selenium, Playwright, Serenity BDD, Cucumber, Postman, REST Assured Nice to have: AI/ML QA tools: TestGPT, Testim All our roles are UK More ❯

within other areas of the bank, ensuring security is well presented and clearly articulated. What you'll bring • Knowledge of Regulatory Standards: Understanding of relevant security frameworks and standards OWASP ASVS, ISO/IEC 30111:2019, NIST etc. • Experience working with application security scanning methods such as SAST, DAST, SCA, Secrets detection & Dependency scanning. • Experience working in a cross-functional … team and leading on security initiatives. • Strong understanding of application security vulnerabilities (OWASP Top Ten, MITRE to 25 CWE’s etc) and secure coding practices. • Strong ability to communicate security issues to non-technical stakeholders. • Knowledge of driving vulnerability management strategy, policy, controls, services, compliance. What we offer in return • Hybrid and flexible working arrangements to support a healthy work More ❯

. Key Responsibilities Perform static code analysis and security audit of a web application. Identify potential vulnerabilities in logic, data handling, authentication, and access control. Assess the application against OWASP Top 10 and other secure coding standards. Review third-party dependencies for known issues. Produce a professional security report with risk ratings, findings, and recommendations. Required Skills & Experience 4+ years … in Application Security , AppSec consulting , or Secure Code Review roles. Familiarity with tools like Snyk , Checkmarx , Veracode , or Burp Suite (passive scanning) . Knowledge of OWASP , CWE , and general secure software development principles. Strong technical writing and communication skills. Preferred certifications: OSCP , CSSLP , GWAPT , CEH , or equivalent. Executive summary for non-technical stakeholders. Technical breakdown of findings with severity and More ❯

. Key Responsibilities Perform static code analysis and security audit of a web application. Identify potential vulnerabilities in logic, data handling, authentication, and access control. Assess the application against OWASP Top 10 and other secure coding standards. Review third-party dependencies for known issues. Produce a professional security report with risk ratings, findings, and recommendations. Required Skills & Experience 4+ years … in Application Security , AppSec consulting , or Secure Code Review roles. Familiarity with tools like Snyk , Checkmarx , Veracode , or Burp Suite (passive scanning) . Knowledge of OWASP , CWE , and general secure software development principles. Strong technical writing and communication skills. Preferred certifications: OSCP , CSSLP , GWAPT , CEH , or equivalent. Executive summary for non-technical stakeholders. Technical breakdown of findings with severity and More ❯