1 to 25 of 45 OWASP Jobs in the UK

segmentation, and host security. Hands on experience with the following security products Trellix, Ivanti, ClearSwift, Yubikey Understanding of secure coding practices and common vulnerabilities (OWASP Top 10, SANS Top 25). Expertise in identity and access management (IAM), including RBAC, ABAC, JWT and Cookie based authentication. Incident detection and response ...

everything listed, but exposure to some of the following would be highly beneficial: Testing & Automation: JUnit, Playwright, Selenium, Cucumber, Postman Non-Functional Testing: Gatling, OWASP ZAP DevOps & Platforms: Git/GitLab, Docker, Kubernetes, Azure and/or AWS Accessibility: WCAG, WAVE, Axe About you You’ll be someone ...

GitHub Actions , CircleCI (or similar) Monitoring & logging: Prometheus , Grafana , ELK stack (or equivalent) DevSecOps: integrating security into pipelines and delivery (e.g., SonarQube , Snyk , OWASP practices) If you'd like to discuss this DevOps Engineer role in more detail, please send your updated CV to (url removed) and I will ...

Secure architecture design and secure-by-design principles Risk assessment, threat modelling, and vulnerability management Security frameworks: ISO 27001, NIST 800-30/53, OWASP Cloud security architecture (AWS, Azure, GCP) Incident response, penetration testing, and remediation concepts Persuasive communication skills across technical and non-technical stakeholders Excellent analytical, documentation ...

systems and TCP/IP networking protocols Proven ability to perform source code reviews and application security analysis Advanced understanding of web application vulnerabilities (OWASP Top 10) and mitigation strategies Excellent report writing and executive communication skills—ability to translate technical findings into business risk Ability to work autonomously ...

pipelines (Jenkins, GitLab CI, GitHub Actions, CircleCI) Automates testing, integration, and deployment processes. Embed DevSecOps practices using tools such as SonarQube, Snyk, and OWASP Implement monitoring and logging (Prometheus, Grafana, ELK) Experience Required 5-10+ years in DevOps/Cloud Engineering Testing experience - can set the Testing process ...

Excellent communication and coaching skills Stakeholder engagement and collaboration Experience with some of the following is highly desirable: JUnit, Playwright, Selenium, Cucumber Postman, Gatling, OWASP ZAP Docker/Kubernetes Azure and/or AWS Accessibility standards and tooling (WCAG, Wave, Axe) About you Passionate about quality and engineering excellence Comfortable ...

conducting threat modelling (e.g. STRIDE, attack trees) and risk analysis Strong understanding of security frameworks and best practice such as ISO 27001, NIST, CIS, OWASP, NCSC guidance Experience working in the UK Public Sector and associated security standards and guidance including GovAssure/NCSC CAF, HMG Security Policy Framework. Knowledge ...

experience with cloud-native environments—preferably GCP and Azure. Skilled in performance optimisation techniques. Deep understanding of web and mobile security best practices, including OWASP guidelines, secure authentication and authorisation. Experience with containerisation and infrastructure tools such as Docker, Kubernetes, Helm, and Terraform. Familiarity with mobile frameworks such as Ionic ...

experience as an IT Security Architect or secure systems engineer in complex cloud environments, creating technical designs for Azure security architecture, application security (e.g., OWASP, DevSecOps), and network segmentation. Strong knowledge of Azure-specific security tools (e.g., Azure Security Center, Key Vault, Policy, Private Link), threat modelling, secure SDLC ...

Score remediation Vulnerability Management Tools such as Tenable , Pentera , Varonis , Secure Score Experience coordinating remediation with technical teams Frameworks & Security Models MITRE ATT&CK, OWASP Top 10 Exposure to zero-trust principles Understanding of encryption, certificate management, secrets management Scripting & Automation PowerShell (essential) Python or Bash desirable Security automation experience ...

architectures . Proven experience with risk assessment methodologies and maintaining enterprise risk registers . Working knowledge of risk assessment methodologies (e.g. ISO 31000, FAIR, OWASP risk rating). Strong understanding of Gov Assure, CAF, ISO 27001, Cyber Essentials, and NIST frameworks. Experience conducting or supporting security audits and implementing remediation ...

cloud architectures. Proven experience with risk assessment methodologies and maintaining enterprise risk registers. Working knowledge of risk assessment methodologies (e.g. ISO 31000, FAIR, OWASP risk rating). Strong understanding of Gov Assure, CAF, ISO 27001, Cyber Essentials, and NIST frameworks. Experience conducting or supporting security audits and implementing remediation plans. ...

hardware hacking (JTAG, FPGA, USB). Experience with security testing tools: Kali Linux, Nessus, Metasploit, BurpSuite, Wireshark, etc. Familiarity with secure coding practices (OWASP), SDLC, and security frameworks (ISO 2700x, NIST). Understanding of medical device regulations and quality system requirements. Agile/Digital Experience Passion for Agile processes, data ...

protocols (e.g. A2A) Familiarity with MCPs for tool and context integration in agentic systems Familiarity with secure-by-design development principles (ISO 27001, NIST, OWASP) Experience in defence, national security, or similarly regulated environments Contributions to open-source AI/ML projects Soft Skills Delivery-focused - you ship working systems ...

responsibilities are: Technical Leadership Define and evolve backend architecture to ensure scalability, maintainability, and performance. Set coding standards and champion secure development practices (e.g. OWASP). Influence technology choices, frameworks, and tools to support engineering excellence. Oversee improvements to CI/CD pipelines, build processes, and operational workflows. Can clearly ...

Infrastructure as Code (Terraform or CDK) Strong grounding in clean architecture, SOLID principles, and code maintainability Knowledge of API integration and secure development practices (OWASP) What you'll be doing: Delivering end-to-end software solutions in a modern tech stack Working closely with product managers, QA, and engineering leadership ...

knowledge of security products including WAFs, SIEM, AV, email/web gateways, firewalls, load balancers, ACLs, TCP/IP, routing, and switching Familiarity with OWASP, SASE, zero-trust, and risk-based vulnerability management Background in infrastructure and networks Working towards or holding CISSP, SANS GCIA, CompTIA Security+, CCNA/CCNP ...

security governance frameworks CISSP (or equivalent certification) Experience with risk assessments, threat modelling, and security design reviews Broad technical understanding across: Application security (e.g. OWASP, IAM, cryptography) Infrastructure security (networks, endpoints, cloud) Operational security (incident management, DR/BCP, patching) Experience managing or supporting vulnerability assessments and penetration testing Ability ...

vulnerabilities) Hardware security and hacking (JTAG, FPGA, USB, etc.) Proficiency with security tools (Kali Linux, Nessus, InsightVM, Metasploit, Burp Suite, Wireshark, NetSparker) Secure coding (OWASP), MITRE/SANS Top 25, SSDLC, static code analysis Security Frameworks (ISO 2700x, NIST Special Publications) Cloud development and cloud security testing Knowledge of medical ...

assurance/risk/governance roles Proven background in secure cloud or infrastructure design (Azure/M365) Experience with risk frameworks (ISO 31000, NIST, OWASP etc.) Knowledge of GovAssure, CAF, ISO27001, Cyber Essentials Entra ID/Azure/M365 SIEM/EDR/vulnerability management tools Access control models (RBAC ...

assurance/risk/governance roles Proven background in secure cloud or infrastructure design (Azure/M365) Experience with risk frameworks (ISO 31000, NIST, OWASP etc.) Knowledge of GovAssure, CAF, ISO27001, Cyber Essentials Entra ID/Azure/M365 SIEM/EDR/vulnerability management tools Access control models (RBAC ...

CD. Key deliverables: Build and enforce secure Azure infrastructure using Terraform (modular, scalable, production-ready) Implement perimeter security with Azure Front Door + WAF (OWASP, bot protection, rule tuning) Define governance using Azure Policy as code (networking, firewall, compliance controls) Secure AKS workloads with container scanning and runtime protections Design ...

GovAssure. Requirements: Proven experience in cyber security assurance, secure architecture design, or related disciplines. Strong knowledge of risk assessment methodologies (ISO 31000, FAIR, OWASP risk rating). Hands-on experience with enterprise security frameworks including ISO 27001, NIST, CAF, and Cyber Essentials. Experience conducting security audits and implementing remediation strategies. ...

ViTest) Contributing to CI/CD pipeline improvements and secure deployment practices Participating in architecture and technical design reviews Ensuring all development aligns with OWASP security best practices Tech Stack & Environment Core technologies: .NET 10/ASP.NET Core Angular 21 (mandatory) DevExpress DevExtreme v25 (mandatory) Entity Framework Core TypeScript/ ...