9 of 9 OWASP Jobs in the City of London

practical knowledge of offensive security across web applications, APIs, networks, and cloud environments Solid understanding of system internals, networking, and common vulnerability classes including OWASP Top 10, authentication and authorisation flaws, logic issues, and race conditions Familiarity with Windows and Linux environments from an attacker's perspective Proficiency with standard ...

fintech knowledge (reconciliation, idempotency, auditability, ledger concepts). Experience with distributed systems patterns (queues, background jobs, retries, rate limiting). Security experience (threat modelling, OWASP-style concerns, secure API design). Familiarity with Terraform. Our stack Backend: Python, Flask Data: Postgres Cloud: AWS Edge: Cloudflare Infrastructure as Code: Terraform Delivery ...

reliability — profiling, query optimisation, structured logging, error tracking, and tracing .Collaborate on clean, secure code through code review, conventional Git workflows, and adherence to OWASP and secrets-management best practices .Required Skills & Experienc eBacken dStrong Python fundamentals, including async/await (asyncio) and modern tooling (uv/poetry, virtual environments … multi-cloud/hybrid setup .Infrastructure-as-code (Terraform, Pulumi, or Bicep) and Kubernetes package management with Helm .Security awareness — OWASP Top 10, dependency and secrets scanning (bandit, pip-audit, trivy) .Performance profiling experience (py-spy, cProfile) and frontend bundle optimisation .Experience generating typed API clients (e.g. openapi-typescript ...

architecture, dev-sec-ops, and network security. • Experience in browser security or mobile app security is desirable. • Good understanding of industry standards such as OWASP ASVS, OWASP Top-10, CIS benchmarks. • Hands-on experience with complex Azure and AWS architectures with an emphasis on containerised workloads. • Command-line/ ...

DevSecOps/Application Security engineering background GitHub administration & GitHub Advanced Security (GHAS) CI/CD pipeline security integration SAST/DAST tooling (CodeQL, Semgrep, OWASP ZAP etc.) Secret scanning, dependency scanning, container & IaC scanning OIDC/short-lived credentials Security remediation & vulnerability management JIRA/Agile delivery environments Strong stakeholder … management & delivery ownership Nice to have: BAM/governance programme experience Datadog/SIEM/EDR exposure Pen testing remediation OWASP/Secure SDLC knowledge Cloud/container security exposure The client is looking for someone proactive, organised, and technically strong who can operate across development, infrastructure, security, and operational ...

metrics and continuous testing for core AI risks, including hallucinations, memorisation, algorithmic bias, uncertainty, and model drift . Regulatory Compliance Evidence: Map threat models (OWASP LLM Top 10, Agentic threats) to automated test cases. Produce the technical testing evidence required by EU AI Act Article 15 , DORA , and FCA Operational … configuring, testing, and bypassing Bedrock Guardrails, Agents, and Knowledge Bases (RAG) . AI Security & Fundamentals: Solid understanding of Foundation Models, tool use (function calling), OWASP LLM Top 10 , and NIST AI RMF . Automation Stack: Strong Python development skills, experience with AI eval tools (Garak, Pyrit, Ragas), and building complex ...

Centralised Eval Platform: Operate a firm-wide service to measure success rates, uncertainty, hallucination, and bias across all non-deterministic systems. Secure Architecture: Map OWASP LLM Top 10 and agentic threats to technical controls; manage AWS Bedrock Guardrails and Knowledge Bases. AI Supply Chain: Own the AI-BOM , ensuring supply … Depth: Strong grasp of FMs, RAG, tool-use, and the failure modes of agentic workflows. Security & Compliance: Deep knowledge of NIST AI RMF, OWASP LLM Top 10, and UK/EU financial regulations (FCA/DORA). Testing Automation: Proven ability to build measurement frameworks for drift, memorization, and adversarial ...

Centralised Eval Platform: Operate a firm-wide service to measure success rates, uncertainty, hallucination, and bias across all non-deterministic systems. Secure Architecture: Map OWASP LLM Top 10 and agentic threats to technical controls; manage AWS Bedrock Guardrails and Knowledge Bases. AI Supply Chain: Own the AI-BOM , ensuring supply … Depth: Strong grasp of FMs, RAG, tool-use, and the failure modes of agentic workflows. Security & Compliance: Deep knowledge of NIST AI RMF, OWASP LLM Top 10, and UK/EU financial regulations (FCA/DORA). Testing Automation: Proven ability to build measurement frameworks for drift, memorization, and adversarial ...

Expert, you will lead the organisation's Generative AI security strategy. Key responsibilities include: Advanced Threat Modelling: Leading structured sessions using STRIDE and OWASP LLM/Agentic frameworks to map out attack trees for complex, non-deterministic systems. Adversarial Engineering: Translating emerging threats-such as Prompt Injection, Sleeper Agents … deep knowledge of FCA compliance and DORA. Solid grasp of Foundation Models (FMs), RAG, and the risks of non-deterministic agentic behavior. Mastery of OWASP LLM Top 10 and the NIST AI Risk Management Framework. Hands-on experience securing AWS Bedrock and governing the full AI model lifecycle. Ability ...