1 to 25 of 222 OWASP Jobs in the UK

tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and guide teams on secure development practices. Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in … on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development More ❯

tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and guide teams on secure development practices. Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in … on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development More ❯

of security principles in cloud environments (AWS, Azure, or GCP) Proficiency with Infrastructure as Code (Terraform, Ansible, or similar) Experience with automated security testing and compliance tools (e.g., SonarQube, OWASP ZAP, Trivy, Aqua Security) Familiarity with monitoring and logging tools such as Prometheus, Grafana, ELK, or Splunk Scripting knowledge (Python, Bash, or PowerShell) Desirable: Experience working within government or defence More ❯

Strong knowledge of containerisation and orchestration technologies (Docker, Kubernetes) Solid experience with Infrastructure as Code tools (Terraform, Ansible, or equivalent) Practical knowledge of automated security tooling (e.g., SonarQube, Trivy, OWASP ZAP) Experience with monitoring and logging systems (e.g., ELK stack, Prometheus, Grafana, Splunk) Scripting capability (e.g., Python, Bash, or PowerShell) Familiarity with secure software development lifecycle (SSDLC) principles Desirable: Exposure More ❯

Strong knowledge of containerisation and orchestration technologies (Docker, Kubernetes) Solid experience with Infrastructure as Code tools (Terraform, Ansible, or equivalent) Practical knowledge of automated security tooling (e.g., SonarQube, Trivy, OWASP ZAP) Experience with monitoring and logging systems (e.g., ELK stack, Prometheus, Grafana, Splunk) Scripting capability (e.g., Python, Bash, or PowerShell) Familiarity with secure software development lifecycle (SSDLC) principles Desirable: Exposure More ❯

vendors and coordinate feedback with teams to ensure actions are followed to mitigate identified risks Skills: Software engineering background is a must with knowledge of Application Security Frameworks e.g. OWASP SAMM/DSOMM etc Hands-on knowledge of information security processes such as security design review, threat modelling, OWASP Top 10, risk analysis, and software testing techniques Strong understanding of … activities - identifying, assessing and providing remediation options for application and technology risks Knowledge of Agile methodologies is a must Knowledge of backend and frontend web application vulnerabilities Knowledge of OWASP Top 10, SANS Top 25 etc Experience working in AWS/Azure/GCP would be beneficial Knowledge of Ci/CD pipelines Thorough understanding of SAST, DAST (including fuzzing More ❯

operations teams on bug fixes, retesting, and verifying patches in staging and production-mirroring environments. Quality & Best Practices • Champion infrastructure and security testing best practices, including vulnerability scanning (e.g., OWASP ZAP, Nessus), compliance checks, and disaster-recovery validations. • Contribute to continuous improvement by proposing new testing tools, frameworks, and process enhancements to raise overall system reliability and observability. Agile & Cross More ❯

Knowledge of cloud security frameworks Rest API knowledge Scripting and Infrastructure as Code (Terraform, CloudFormation) Experience with Jira or similar ticketing systems Technical architecture review skills Vulnerability identification (CWE, OWASP) Operating systems and hardening techniques Development concepts like CICD, Pipelines, SDLC Penetration testing knowledge (useful) Familiarity with Cloud Development Kit (CDK), GitOps Experience in DevOps/agile environments Docker, Kubernetes More ❯

teams and business stakeholders is essential. Experience working with security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency check, OWASP Top10 testing, application threat modelling. In-depth experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and … Security Architect, SDLC, Secure by Design, Architecture, Software Development, Engineering, DevOps, InfoSec, Security, Security Strategy, Best Practice, Programming, Code, C++, C#, C, .NET Core, Java, JavaScript, Node.js, Angular, React, OWASP, Agile, Application Threat Modelling, Security Policy, Security Controls, ISO 27001, NIST, GDPR, Cloud, Azure. Please note that due to a high level of applications, we can only respond to applicants More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of cryptography including encryption More ❯

software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards and secure development principles such as NCSC Secure Development & Deployment Guidance, OWASP, NIST Secure Software Development Framework (SSDF - 800-218), Microsoft Azure Secure Development best practices, ISO27001 Experience with Azure cloud infrastructure, particularly Azure PaaS service Experience with Azure DevOps, particularly CI More ❯

Security Testing. Working knowledge of at least 5 of the following security tools and technologies: Burp Suite (including Burp Scanner) - for web application vulnerability scanning and manual security testing. OWASP ZAP - for DAST and automated security regression testing. Postman or SOAP UI - for API testing with a security focus (e.g. injection, authorisation, token misuse). OAuth2/OpenID Connect - for … systems (e.g. Git) - for secure code handling and integration with secrets scanners. Static Application Security Testing (SAST) tools - e.g. SonarQube, Checkmarx, Semgrep. Dynamic Application Security Testing (DAST) tools - e.g. OWASP ZAP, Burp Suite Pro. Infrastructure-as-Code (IaC) scanning tools - e.g. tfsec, Checkov. Secrets detection tools - e.g. GitLeaks, truffleHog, detect-secrets. Threat modelling methodologies - e.g. STRIDE, PASTA, or creating risk … based test charters. Familiarity with the OWASP Top 10 - and how to test for each category. Behaviours We'll assess you against these behaviours during the selection process: Making Effective Decisions Managing a Quality Service Working Together Seeing the Big Picture Leadership We only ask for evidence of these behaviours on your application form: Leadership Technical skills We'll assess More ❯

Umbrella solution. Essential skills/experience required: Certifications: OSCP or CREST/TIGER Scheme. Experience penetration testing, ethical hacking, or completing vulnerability assessments. Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc.). DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub Advanced Security, IaC scanning, etc.). Secure Cloud Infrastructure, specifically AWS and Azure. Scripting and automation More ❯

defences. Technologies and Soft Skills required: Advanced technical knowledge of penetration testing techniques, security assessments, and vulnerability exploitation. Expertise in security testing tools (such as Burp Suite, Metasploit, Nmap, OWASP ZAP, etc.), as well as manual testing methods. Strong understanding of common application security vulnerabilities (such as SQL injection, XSS, CSRF, insecure deserialization, etc.) and OWASP Top 10. Proficiency in More ❯

MongoDB, DocumentDB) data stores. Have first-hand understanding of Agile development methodologies. Exposure to cloud platforms like AWS and containerization technologies like Docker. Experience in implementing best security practices (OWASP, SAMM or any equivalent) An ability to produce reports, documentation, and presentations as per business requirements. Excellent written, verbal communication skills, problem-solving skills and attention to detail. Proactive and More ❯

MongoDB, DocumentDB) data stores. Have first-hand understanding of Agile development methodologies. Exposure to cloud platforms like AWS and containerization technologies like Docker. Experience in implementing best security practices (OWASP, SAMM or any equivalent) An ability to produce reports, documentation, and presentations as per business requirements. Excellent written, verbal communication skills, problem-solving skills and attention to detail. Proactive and More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator - able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator - able to engage More ❯

cybersecurity, with extensive experience in threat management, vulnerability management, offensive security practices and security testing. Strong knowledge of common security vulnerabilities, attack vectors, and security testing frameworks, such as OWASP, MITRE ATT&CK, CVE/CVSS, and NIST SP 800-53. Experience of vulnerability scanning tools, penetration testing tools, and security testing frameworks (e.g., Nessus, Metasploit, Burp Suite, Nmap More ❯

application security Experience working with large-scale multi-cloud, multi-account architecture CISSP, CISM, AWS Solutions Architect Professional, Azure Solutions Architect, or equivalent certification, is preferred Thorough understanding of OWASP Top 10 and Secure Development Expertise in automating security tools and integrations, including simple scripting Experience with application security tools (SAST, DAST, IAST and SCA) Strong technical knowledge of development More ❯

pure product or application security Strong expertise in offensive security techniques and methodologies, including ethical security testing Deep understanding of secure coding practices, common vulnerabilities and risk scoring methodologies (OWASP Top 10, CWE, CVSS scoring etc.) Strong experience communicating to stakeholders of varying technical skill levels Your experience should include: Using offensive security tooling, including tools such as Burp Suite More ❯

Requirements Bachelor’s degree in IT or equivalent experience. 5+ years in information/application security roles. Experience working in agile environments. Deep understanding of cloud security (Azure, AWS), OWASP, MITRE. Proven experience with policy interpretation and security implementation in real-world projects. Preferred Skills Certifications such as CISSP, CCSP, CEH, Microsoft Azure/AWS Security. Working knowledge of GDPR More ❯

working experience.??? Working knowledge of at least 5 of the following security tools and technologies: Burp Suite (including Burp Scanner) - for web app vulnerability scanning and manual security testing. OWASP ZAP - for DAST and automated security regression testing. Postman or SOAP UI - for API testing with a security focus (e.g. injection, authorisation, token misuse). OAuth2/OpenID Connect - for … version control systems - for secure code handling and integration with security scanners. Static Application Security Testing (SAST) tools - e.g. SonarQube, Checkmarx, Semgrep. Dynamic Application Security Testing (DAST) tools - e.g. OWASP ZAP, Burp Suite Pro. Infrastructure-as-Code (IaC) scanning tools - e.g. tfsec, Checkov. Secrets detection tools - e.g. GitLeaks, truffleHog, detect-secrets. Threat modelling approaches - e.g. STRIDE, or creating risk-based … test charters. Familiarity with the OWASP Top 10 - and how to test for each risk category. Behaviours We'll assess you against these behaviours during the selection process: Making Effective Decisions Managing a Quality Service Working Together Seeing the Big Picture Technical skills We'll assess you against these technical skills during the selection process: Penetration testing/ethical hacking More ❯

firewalls, IPS, DDoS, WAF, DLP, DNS, NAC, NSPM, and architectures like SASE and Zero Trust. Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security. Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. More ❯

firewalls, IPS, DDoS, WAF, DLP, DNS, NAC, NSPM, and architectures like SASE and Zero Trust. Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security. Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. More ❯