design and enforce patch windows and remediation SLAs. DevSecOps Toolchain Proficient with CI/CD tooling in Azure DevOps or GitHub Actions. Experience integrating SAST (e.g. SonarQube), DAST (e.g. OWASP ZAP) and SCA (e.g. Dependabot, Snyk) into pipelines. Infrastructure as Code: Terraform, ARM or Bicep. Container & Cloud Security Knowledge of containerisation (Docker, Kubernetes/AKS) and container security best practices. More ❯
Huntingdon, Cambridgeshire, East Anglia, United Kingdom Hybrid / WFH Options
Leidos Innovations UK Limited
firewalls, IDS/IPS, micro-segmentation, and host security. Hands on experience with the following security products Trellix, Ivanti, ClearSwift, Yubikey Understanding of secure coding practices and common vulnerabilities (OWASP Top 10, SANS Top 25). Expertise in identity and access management (IAM), including RBAC, ABAC, JWT and Cookie based authentication. Incident detection and response in MOD environments. Security compliance More ❯
London, South East, England, United Kingdom Hybrid / WFH Options
Akkodis
and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in applicationsecurity tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯
language Experience working with or recommending security tools and technologies Ability to build strong working relationships and influence non-security stakeholders Working knowledge of cybersecurity standards and frameworks (e.g. OWASP, NIST, CIS) Analytical mindset with strong problem-solving skills Excellent written and verbal communication skills Qualifications: 3+ years of experience in information security, with a focus on application and/ More ❯
language Experience working with or recommending security tools and technologies Ability to build strong working relationships and influence non-security stakeholders Working knowledge of cybersecurity standards and frameworks (e.g. OWASP, NIST, CIS) Analytical mindset with strong problem-solving skills Excellent written and verbal communication skills Qualifications: 3+ years of experience in information security, with a focus on application and/ More ❯
Birmingham, West Midlands, West Midlands (County), United Kingdom
ARM
utilisation. * Secure Architecture and DevSecOps Integration o Define and govern secure architecture standards across development teams, ensuring alignment with enterprise security policies, regulatory requirements, and industry frameworks (e.g., NIST, OWASP, ISO 27001). o Lead the strategic integration of security into DevOps pipelines, embedding security controls and automated testing into CI/CD workflows to enable secure-by-design delivery. More ❯
. Proficient in Git or other version control systems. Desirable Knowledge, Skills and Experience: Certifications in OCI or other cloud platforms (AWS, GCP). Experience with security tools like OWASP ZAP, Burp Suite, etc. Familiarity with Jira, Confluence, or similar tools. Knowledge of compliance frameworks (e.g., GDPR, HIPAA, ISO 27001, ISO 13485). Background in start-up or scale-up More ❯
. Bonus Points For: Cloud wizardry (AWS, Azure, GCP) Knowledge of AI tools (OpenAI, Document Intelligence) Experience with CI/CD pipelines and modern DevOps practices Security know-how (OWASP, data protection) Agile team experience - or just loving the fast-paced, sprint-style vibe About Us We are an international engineering and construction company delivering state-of-the-art infrastructure More ❯
. Bonus Points For: Cloud wizardry (AWS, Azure, GCP) Knowledge of AI tools (OpenAI, Document Intelligence) Experience with CI/CD pipelines and modern DevOps practices Security know-how (OWASP, data protection) Agile team experience About Us We are an international engineering and construction company delivering state-of-the-art infrastructure and buildings projects for clients in the UK, Middle More ❯
DevSecOps or Secure SDLC programmes within enterprise environments Strong technical and commercial acumen - able to engage with both CTOs and procurement teams Experience with regulated environments and frameworks (NIST, OWASP, ISO 27001) Hands-on experience with secure engineering practices, security toolchains, and automation strategy Excellent stakeholder management, crisis leadership, and communication skills Relevant certifications (e.g. CISSP, CSSLP, CISM) Eligibility for More ❯
Bristol, Avon, England, United Kingdom Hybrid / WFH Options
Xpertise Recruitment Ltd
world problems with stakeholders and customers What You’ll Bring: 5+ years of experience in C# and .NET Core Strong grasp of software design principles and secure coding practices (OWASP) Experience with REST API development and deployment in AWS or Azure Familiarity with Entity Framework , SQL/NoSQL databases, and cloud architecture Confidence in automated testing (unit, integration, system) Versatility More ❯
Newton Abbot, Devon, England, United Kingdom Hybrid / WFH Options
Reed
Excellent problem-solving skills and attention to detail Commercial experience in professional PHP development Strong understanding of object-oriented programming and SOLID principles Knowledge of secure coding practices (e.g., OWASP) Strong experience with modern PHP frameworks (preferably Laravel or Symfony) Familiarity with relational databases (MySQL) and writing performant queries Comfortable working with Git, Composer, and modern development workflows Strong verbal More ❯
Security & Compliance Assess applicationsecurity risks and provide remediation strategies. Ensure compliance with industry standards (ISO 27001, GDPR, SOC 2, etc.). Implement best practices for secure software development (OWASP, encryption, IAM, etc.). 6. Performance Optimisation & Scaling Analyse system bottlenecks and recommend performance tuning strategies. Support database optimisations, caching mechanisms, and load balancing strategies. Assist in designing auto-scaling More ❯
maintaining Datadog Experience using GitHub and GitHub Actions Behaviour Driven Development (BDD), with Gherkin & SpecFlow Atlassian Jira, Confluence & JFrog Artifactory Ideally some software security best practices and implementation (e.g. OWASP, PKI, X509 Certificates, TLS) Software development for regulated environments (e.g. IVD/Medical devices). Not essential. Principal Software Engineer – Cloud Platform Team More ❯
EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯
EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯
EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯
EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯
EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯
EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯
EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯
