1 to 25 of 80 OWASP Jobs in the UK

secure coding and SDLC practices Experience working within CI/CD and DevSecOps environments Knowledge of security frameworks such as: NCSC, NIST, CIS, OWASP, ISO27001, PCI DSS/GDPR Strong understanding of common attack vectors (e.g. XSS, SQL injection) Scripting or programming capability across Linux/Windows environments Strong communication ...

segmentation, and host security. Hands on experience with the following security products Trellix, Ivanti, ClearSwift, Yubikey Understanding of secure coding practices and common vulnerabilities (OWASP Top 10, SANS Top 25). Expertise in identity and access management (IAM), including RBAC, ABAC, JWT and Cookie based authentication. Incident detection and response ...

Guidance: Act as the primary security resource for development teams, providing technical advice on vulnerability fixes and secure coding practices (e.g., adherence to the OWASP Top 10). Threat Modelling: Conduct formal threat modelling exercises for new features and application architectures to proactively identify and mitigate design flaws. B. Systems ...

Guidance: Act as the primary security resource for development teams, providing technical advice on vulnerability fixes and secure coding practices (e.g., adherence to the OWASP Top 10). Threat Modelling: Conduct formal threat modelling exercises for new features and application architectures to proactively identify and mitigate design flaws. B. Systems ...

Secure architecture design and secure-by-design principles Risk assessment, threat modelling, and vulnerability management Security frameworks: ISO 27001, NIST 800-30/53, OWASP Cloud security architecture (AWS, Azure, GCP) Incident response, penetration testing, and remediation concepts Persuasive communication skills across technical and non-technical stakeholders Excellent analytical, documentation ...

everything listed, but exposure to some of the following would be highly beneficial: Testing & Automation: JUnit, Playwright, Selenium, Cucumber, Postman Non-Functional Testing: Gatling, OWASP ZAP DevOps & Platforms: Git/GitLab, Docker, Kubernetes, Azure and/or AWS Accessibility: WCAG, WAVE, Axe About you You’ll be someone ...

Excellent communication and coaching skills Stakeholder engagement and collaboration Experience with some of the following is highly desirable: JUnit, Playwright, Selenium, Cucumber Postman, Gatling, OWASP ZAP Docker/Kubernetes Azure and/or AWS Accessibility standards and tooling (WCAG, Wave, Axe) About you Passionate about quality and engineering excellence Comfortable ...

platforms (AWS preferred). Familiarity with microservices and containerisation. Experience with DevSecOps tooling (e.g. GitLab, Jenkins, Atlassian). Understanding of security best practices and OWASP principles. Experience with relational and NoSQL databases (e.g. PostgreSQL, Oracle, MongoDB) is beneficial. ...

similar Tools to Accelerate Engineering Workflows Deep Application Security Expertise: SAST/SCA/DAST/Secret Scanning Secure Code Review Threat Modelling (OWASP Top 10, API Top 10, LLM Security Risks) Experience Integrating Security Tooling into Developer Pipelines (GitLab/GitHub, CI/CD) Understanding of Prompt Injection, Jailbreak ...

conducting threat modelling (e.g. STRIDE, attack trees) and risk analysis Strong understanding of security frameworks and best practice such as ISO 27001, NIST, CIS, OWASP, NCSC guidance Experience working in the UK Public Sector and associated security standards and guidance including GovAssure/NCSC CAF, HMG Security Policy Framework. Knowledge ...

architectures . Proven experience with risk assessment methodologies and maintaining enterprise risk registers . Working knowledge of risk assessment methodologies (e.g. ISO 31000, FAIR, OWASP risk rating). Strong understanding of Gov Assure, CAF, ISO 27001, Cyber Essentials, and NIST frameworks. Experience conducting or supporting security audits and implementing remediation ...

these practices to accelerate delivery and improve quality Desirable Skills In‐depth knowledge of industry security frameworks and web/API security standards e.g., OWASP Top 10, MITRE ATT&CK, OAuth 2.0, OpenID Connect, SAML – to guide secure design and development practices Deep expertise in security architecture and secure ...

Proven, hands-on experience working specifically in Application Security, Penetration Testing, or as a Security-Focused Software Engineer. Vulnerability Expertise : Absolute fluency in the OWASP Top 10. You must be able to explain how vulnerabilities work, how they are exploited, and exactly how to remediate them. Developer Collaboration : Demonstrable experience ...

experience as an IT Security Architect or secure systems engineer in complex cloud environments, creating technical designs for Azure security architecture, application security (e.g., OWASP, DevSecOps), and network segmentation. Strong knowledge of Azure-specific security tools (e.g., Azure Security Center, Key Vault, Policy, Private Link), threat modelling, secure SDLC ...

Operations role within a large or complex enterprise environment. Strong understanding of cybersecurity standards and frameworks, including ISO 27001, NIST 800 53, CIS Controls, OWASP, and SOC1/2. ...

Operations role within a large or complex enterprise environment. Strong understanding of cybersecurity standards and frameworks, including ISO 27001, NIST 800 53, CIS Controls, OWASP, and SOC1/2. Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy. ...

testing experience Strong understanding of web application and infrastructure testing methodologies Experience with tools such as Burp Suite, Nmap, Nessus, Metasploit, etc. Understanding of OWASP Top 10 and common attack vectors Strong report writing and communication skills Consultancy/client-facing experience beneficial Additional certifications such as CPSA or cloud ...

protocols (e.g. A2A) Familiarity with MCPs for tool and context integration in agentic systems Familiarity with secure-by-design development principles (ISO 27001, NIST, OWASP) Experience in defence, national security, or similarly regulated environments Contributions to open-source AI/ML projects Soft Skills Delivery-focused - you ship working systems ...

DDoS mitigation, web proxy, vulnerability management) Understanding of Information Security principles, frameworks and regulatory requirements (e.g. ISO27001, FCA, PRA, ICO) Working knowledge of OWASP Top 10 and build/integration tools (e.g. Maven, Jenkins, Chef, TFS) Effective communication skills, including the ability to explain technical concepts and impacts ...

across diverse teams and projects. Experience in managing and mentoring technical security professionals. Desirable Familiarity with secure development practices and application security frameworks (e.g. OWASP). Experience with using Akamai. Knowledge of Zero Trust architecture principles. Certifications such as CISSP, CCSP, or SABSA. Additional Responsibilities Drive security architecture reviews ...

Essentials), and drive secure-by-design practices. Essential Skills: Designing & implementing secure cloud/infrastructure architectures Risk assessment & maintaining risk registers (ISO 31000, FAIR, OWASP) Knowledge of Gov Assure, CAF, ISO 27001, Cyber Essentials, NIST Conducting/supporting security audits & remediation Platform security (Entra ID, M365 E5, Azure IaaS/ ...

assurance/risk/governance roles Proven background in secure cloud or infrastructure design (Azure/M365) Experience with risk frameworks (ISO 31000, NIST, OWASP etc.) Knowledge of GovAssure, CAF, ISO27001, Cyber Essentials Entra ID/Azure/M365 SIEM/EDR/vulnerability management tools Access control models (RBAC ...

assurance/risk/governance roles Proven background in secure cloud or infrastructure design (Azure/M365) Experience with risk frameworks (ISO 31000, NIST, OWASP etc.) Knowledge of GovAssure, CAF, ISO27001, Cyber Essentials Entra ID/Azure/M365 SIEM/EDR/vulnerability management tools Access control models (RBAC ...

frameworks and best practices. Experience designing solutions across cloud platforms such as Microsoft Azure or AWS. Knowledge of secure architecture and development practices (e.g. OWASP, NCSC principles). Experience with DevOps, CI/CD pipelines and modern software delivery practices. Strong knowledge of microservices, APIs and web services (REST, SOAP ...

with mobile analytics, crash reporting, and APM tools (eg Firebase Crashlytics, Dynatrace, App Center) Understanding of secure coding practices and mobile security frameworks (eg OWASP Mobile) Experience with mobile device management (MDM) or enterprise distribution Familiarity with cross-platform considerations, even if primarily native-focused Scope & Accountability Responsible for hands ...