1 to 25 of 48 OWASP Jobs in the Thames Valley

applications (e.g. content management systems, application servers, databases, etc.) and how to leverage them in an assessment Good understanding of web technologies and how they are commonly subverted (e.g. OWASP Top 10) At least a basic understanding of development frameworks (.NET, Java,) Ability to remain calm and methodical under pressure PROFESSION COMPETENCIES Adversarial Thinking Cloud Security Assessment Vulnerability Analysis Security More ❯

You will also have: Experience creating application security strategies, standards, and best practices. Experience working with security issues in software architecture, development, including static/dynamic analysis, dependency checks, OWASP Top10, and threat modeling. Experience in an Agile environment with modern CI/CD tools like GitHub, Jenkins, Bamboo. Ability to translate security policies into effective security controls. Knowledge of … more. Remote working, training, career progression, and family-friendly policies. Keywords Senior Software Security Architect, SDLC, Secure by Design, Application Security, Architecture, Software Development, DevOps, InfoSec, Security, Programming Languages, OWASP, Agile, Cloud, Azure, GDPR, ISO 27001, NIST. Due to high application volumes, only suitable candidates will be contacted. We promote equality and diversity in the workplace. Additional Details Seniority level More ❯

teams and business stakeholders is essential. Experience working with security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency check, OWASP Top10 testing, application threat modelling. In-depth experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and … Security Architect, SDLC, Secure by Design, Architecture, Software Development, Engineering, DevOps, InfoSec, Security, Security Strategy, Best Practice, Programming, Code, C++, C#, C, .NET Core, Java, JavaScript, Node.js, Angular, React, OWASP, Agile, Application Threat Modelling, Security Policy, Security Controls, ISO 27001, NIST, GDPR, Cloud, Azure. Please note that due to a high level of applications, we can only respond to applicants More ❯

with their opinions. Desirable qualifications, capabilities, and skills: Experience in a software engineering role, ideally with focus on security. Working knowledge of offensive security, Application and Infrastructure penetration testing (OWASP top 10, OWASP ASVS). Understanding of security vulnerabilities and remediation options in codebases & containers. Working knowledge of methods for authentication and authorization (ODIC, OAuth 2, FIDO 2, etc) Don More ❯

Experience with Azure Managed Services, Docker, Kubernetes, Terraform, Helm Experience building modern web apps using Angular and Typescript Experience working in Azure DevOps managing backlogs etc Working knowledge of OWASP security best practices Knowledge of working with FedRamp compliance Our Employer Commitment This job posting will remain active until a qualified candidate is identified. At Ivanti, we are committed to More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

and implement security tools for secure code analysis and runtime protection. To be considered for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as More ❯

teams to secure APIs, microservices, and containerized workloads. Evaluate and implement security tools for code analysis and runtime protection. Requirements: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding practices. Familiarity with threat modeling methodologies like STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/ More ❯

and implement security tools for secure code analysis and runtime protection. To be considered for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as More ❯

and implement security tools for secure code analysis and runtime protection. To be considered for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as More ❯

and implement security tools for secure code analysis and runtime protection. To be considered for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as More ❯

and implement security tools for secure code analysis and runtime protection. To be considered for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as More ❯

and implement security tools for secure code analysis and runtime protection. To be considered for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as More ❯

and implement security tools for secure code analysis and runtime protection. To be considered for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as More ❯

Minimum 5 years of practical penetration testing experience (web, infrastructure, external/internal). Experience in scoping penetration testing assessments. Strong knowledge of security testing methodologies and frameworks (eg, OWASP, NIST). Proficiency with industry-standard tools (eg, Burp Suite, Nmap, Metasploit, Kali Linux). Excellent written and verbal communication skills. O ne of the following qualifications is essential: OSCP More ❯

Month Contract London/Remote Working Working background as a Test Lead within the public sector Previous experience with Government Digital Standards (GDS) Previous experience in security testing with OWASP ZAP Performance testing knowledge (JMeter preferred) Experience in CI/CD Integration for Test Automation Azure DevOps proficiency for Test Management and defect tracking Working experience of BDD Framework (Cucumber More ❯

testing, and fixing complex vulnerabilities A proven background in credit cards, payments, or financial transaction systems Understanding of modern application architectures (APIs, microservices, cloud platforms – likely Azure) Familiarity with OWASP Top 10, SAST/DAST, and a variety of pen testing techniques A desire to build and lead a team, while remaining technical and practical day to day Right to More ❯

testing, and fixing complex vulnerabilities A proven background in credit cards, payments, or financial transaction systems Understanding of modern application architectures (APIs, microservices, cloud platforms – likely Azure) Familiarity with OWASP Top 10, SAST/DAST, and a variety of pen testing techniques A desire to build and lead a team, while remaining technical and practical day to day Right to More ❯

testing, and fixing complex vulnerabilities A proven background in credit cards, payments, or financial transaction systems Understanding of modern application architectures (APIs, microservices, cloud platforms – likely Azure) Familiarity with OWASP Top 10, SAST/DAST, and a variety of pen testing techniques A desire to build and lead a team, while remaining technical and practical day to day Right to More ❯

Application Firewalls, access control, SIEM, AV, email and web security gateways, firewalls, load-balancers, ACLs, TCP/IP, routing and switching. Knowledge of current and future security initiatives e.g. OWASP standards, SASE intelligence led penetration testing, zero-trust, threat centric security, risk-based vulnerability management. Come from an infrastructure/networks background to fully support XPS changes and security initiatives. More ❯

Previous consultancy or client-facing experience. Eligibility for or possession of UK Security Clearance (preferred but not required). Solid understanding of common attack techniques and vulnerability classes (e.g., OWASP Top 10, MITRE ATT&CK). Strong familiarity with tools such as Burp Suite, Nmap, Metasploit, etc. Excellent communication and reporting skills. Required Qualifications: Demonstrable experience in penetration testing (minimum More ❯

Previous consultancy or client-facing experience. Eligibility for or possession of UK Security Clearance (preferred but not required). Solid understanding of common attack techniques and vulnerability classes (e.g., OWASP Top 10, MITRE ATT&CK). Strong familiarity with tools such as Burp Suite, Nmap, Metasploit, etc. Excellent communication and reporting skills. Required Qualifications: Demonstrable experience in penetration testing (minimum More ❯

in different types of software and programming languages, including: How to test for/exploit them Real world mitigations that can be applied Familiarity with vulnerability classification frameworks (e.g. OWASP Top 10, CVSS, MITRE CVE) What We’ll Give You A team of very skilled and diverse personnel across the globe Ability to work in a hybrid work environment Exposure More ❯

will help you succeed Technical Skills: Experience with Governance, Risk, and Compliance (GRC) tools (preferred: OneTrust). Familiarity with AGILE methodologies, preferably Atlassian/Jira. Understanding of Application Security (OWASP Top 10). Knowledge of web development technologies and programming languages. Proficiency with security assessment tools and techniques. Understanding of legal and regulatory obligations related to information security. Risk Management More ❯

/negotiate technical outcomes with 3rd parties, including conflict resolution due to changing priorities. Experience of using common information security management frameworks, such as NIST, PCI, GDPR, ISO Series, OWASP the IT Infrastructure Library (ITIL), the ISF Standards of Good Practice (SoGP) and ISACA's Control Objectives for Information and related Technology (COBIT) frameworks. Actively represent the security organisation within More ❯