1 to 25 of 41 OWASP Jobs in the UK

Docker and/or Kubernetes Development Practices - Mandatory RESTful API design, development, and life cycle management Secure development - SAST/DAST tooling, code review, OWASP awareness Technical documentation to a high standard On-site in Taunton, Somerset - 2 days per week minimum Desirable Skills & Experience Legacy Windows technologies - Win32 ...

Docker and/or Kubernetes Development Practices - Mandatory RESTful API design, development, and life cycle management Secure development - SAST/DAST tooling, code review, OWASP awareness Technical documentation to a high standard On-site in Taunton, Somerset - 2 days per week minimum Desirable Skills & Experience Legacy Windows technologies - Win32 ...

GitHub Actions , CircleCI (or similar) Monitoring & logging: Prometheus , Grafana , ELK stack (or equivalent) DevSecOps: integrating security into pipelines and delivery (e.g., SonarQube , Snyk , OWASP practices) If you'd like to discuss this DevOps Engineer role in more detail, please send your updated CV to (url removed) and I will ...

/CD pipelines, version control (Git), and modern deployment practices. Familiarity with security best practices relevant to web and mobile applications (e.g. OWASP Top 10). Excellent communication skills, able to articulate technical decisions clearly to both technical and non-technical stakeholders. Experience working within Agile or cross-functional delivery ...

Working with shared/common government tech stacks (Node.js, PostgreSQL, Redis) Investigating and resolving technical issues across the stack Applying secure development practices, including OWASP principles and vulnerability management Collaborating with stakeholders and communicating technical concepts clearly Tech stack includes: Node.js, HAPI (web framework) API development (REST, OpenAPI) PostgreSQL, MongoDB ...

conducting threat modelling (e.g. STRIDE, attack trees) and risk analysis Strong understanding of security frameworks and best practice such as ISO 27001, NIST, CIS, OWASP, NCSC guidance Experience working in the UK Public Sector and associated security standards and guidance including GovAssure/NCSC CAF, HMG Security Policy Framework. Knowledge ...

conducting threat modelling (e.g. STRIDE, attack trees) and risk analysis Strong understanding of security frameworks and best practice such as ISO 27001, NIST, CIS, OWASP, NCSC guidance Experience working in the UK Public Sector and associated security standards and guidance including GovAssure/NCSC CAF, HMG Security Policy Framework. Knowledge ...

automated testing using tools such as NUnit, Jasmine and Selenium Good knowledge of SOLID principles Desirable Skills: Containers (docker, K8s) Security best practice (OWASP top ten) OpenIDConnect/Identity server MS SQL Server Azure DevOps, TeamCity Infrastructure as Code (Bicep, ARM templates, Terraform) Please apply now or contact for more ...

SAML, OAuth, OpenID Connect, Active Directory, LDAP, ADFS) Secure application development (Java or .NET) Agile delivery environments API-driven architectures Security frameworks and principles (OWASP, NCSC guidance) Data protection and GDPR-compliant design Desirable Experience Defence, central government or highly regulated environments SC cleared environments Data architecture and modern data ...

Strong grasp of integration patterns with Legacy systems (Mainframe, ESB, message-based, batch) and incremental modernisation strategies Solid understanding of secure-by-design principles, OWASP risks, and engineering for high-assurance environments Experience with infrastructure-as-code (Terraform, CloudFormation, CDK) and modern CI/CD practices Strong experience working ...

Infrastructure as Code (Terraform), observability tooling (Grafana, Kibana, Datadog, CloudWatch), automated testing (NUnit, xUnit, Cypress, Playwright), Git-based workflows, and secure development practices including OWASP, secrets management and Vault. Ways of Working , Comfortable in Scrum/Kanban environments with strong communication skills; experienced with Jira, Confluence, Slack and MS Teams ...

government standards Writing clean, maintainable, and reusable code/configuration Supporting issue investigation, resolution, and continuous improvement Applying secure development practices, including awareness of OWASP principles Collaborating with stakeholders and clearly communicating technical concepts Tech and environment: Microsoft Power Platform (Power Apps, Power Automate, Dataverse) Integration with wider enterprise systems ...

decisions aligning with organisational priorities. Desirable Criteria Experience of working in the energy sector. Experience in automated security testing. Experience with frameworks such as OWASP, NIST, ISO 27001, and CAF. Application Security Architect - SC cleared ...

Microsoft Purview • Background in eComm, marketplace, or retail technology • Scripting (Python, PowerShell), Terraform, or detection-as-code experience • Familiarity with NIST CSF, ISO 27001, OWASP LLM Top 10, or similar frameworks What's on Offer for the Security Engineer • Real ownership — a genuine mandate to drive change, with the tooling ...

architecture principles Leading Infrastructure as Code implementation using Bicep Driving CI/CD maturity (Bitbucket preferred) with strict SDK and dependency version control Ensuring OWASP-aligned secure coding practices and GDPR compliance Collaborating with QA to support automated and manual test strategies Documenting architectural decisions (ADRs) and maintaining clear technical ...

strong attention to detail A solid understanding of how web applications work including security, session management, and best development practices Full understanding of the OWASP framework. Enforcement of the framework throughout all coding Create, maintain and coordinate backup mechanisms for the purposes of business continuity while maintaining a high level ...

ViTest) Contributing to CI/CD pipeline improvements and secure deployment practices Participating in architecture and technical design reviews Ensuring all development aligns with OWASP security best practices Tech Stack & Environment Core technologies: .NET 10/ASP.NET Core Angular 21 (mandatory) DevExpress DevExtreme v25 (mandatory) Entity Framework Core TypeScript/ ...

Awareness of AI/ML in security operations and AI-specific threats (e.g. prompt injection, sensitive-data exposure via GenAI), with awareness of the OWASP LLM Top 10 and MITRE ATLAS. Exposure to cloud detection across Azure, AWS, and/or GCP and to cloud and identity log sources (e.g. ...

InsightVM/InsightIDR, SentinelOne, Cloudflare, OneTrust, Microsoft Purview, or KnowBe4 Background in e‐commerce, marketplace, or retail technology Familiarity with NIST CSF, ISO 27001, OWASP LLM Top 10, or similar frameworks What We Offer Remote/hybrid working, UK‐based, with flexible London office presence A clear mandate to drive ...

proficiency Strong communication and coaching abilities Quality-focused mindset Stakeholder management Preferred Skills Testing tools (JUnit, Playwright, Selenium, Cucumber), performance tools (Gatling), security tools (OWASP Zap), containerization (Docker, Kubernetes), cloud (AWS), and accessibility testing (WCAG, Wave, Axe). ...

proficiency Strong communication and coaching abilities Quality-focused mindset Stakeholder management Preferred Skills Testing tools (JUnit, Playwright, Selenium, Cucumber), performance tools (Gatling), security tools (OWASP Zap), containerization (Docker, Kubernetes), cloud (AWS), and accessibility testing (WCAG, Wave, Axe). ...

DAST, and SCA tooling - Snyk, Checkmarx, Semgrep, Burp Suite, or similar Threat modelling - comfortable running sessions with engineering and product teams Solid understanding of OWASP Top 10 and how to actually remediate real-world vulnerabilities API security - REST, GraphQL, and the common attack vectors around them Knowledge of secure SDLC ...

attack types (e.g. SQL injection, phishing, malware) Experience with log analysis and incident investigation Familiarity with Windows and/or Linux environments Understanding of OWASP Top 10 security risks Ability to work in a fast-paced, incident-driven environment Desirable Security certifications such as CompTIA Security+, GIAC GSEC, or ISC2 ...

attack types (e.g. SQL injection, phishing, malware) Experience with log analysis and incident investigation Familiarity with Windows and/or Linux environments Understanding of OWASP Top 10 security risks Ability to work in a fast-paced, incident-driven environment Desirable Security certifications such as CompTIA Security+, GIAC GSEC, or ISC2 ...

areas such as: Cyber security audits/assessments Vulnerability management Product or application security Security testing strategy Secure SDLC Risk, controls and remediation planning OWASP principles Reviewing security tooling and processes Translating technical findings into clear business language You don’t need to be a pure pen tester for this ...