10 of 10 Static Application Security Testing Jobs in London

Job Title: Senior Application Security EngineerSalary: £70,000Location: Reading/remote About the Organisation Join a fast-growing UK technology and consulting firm that's investing heavily in cutting-edge cyber security. With a strong focus on innovation, collaboration, and professional development, this company empowers its people to shape the future of secure digital transformation across a wide … be part of a business that values expertise, agility, and doing the right thing - where everyone has the opportunity to make a genuine impact. About the Role The Senior Application Security Engineer will play a key role in protecting the organisation's infrastructure, cloud platforms, and applications. Working within a highly technical and collaborative cyber team - supported by … security initiatives, ensuring systems and software are secure by design. Drive vulnerability management and implement a risk-based approach across the technology stack. Perform security testing (SAST, DAST, SCA) and work with developers to remediate findings. Support cloud security controls (primarily Azure, including cloud-native apps). Champion secure development, threat modelling, and DevSecOps integration. Research More ❯

Job Title: Senior Application Security Engineer Salary: £70,000 Location: Reading/remote About the Organisation Join a fast-growing UK technology and consulting firm that's investing heavily in cutting-edge cyber security. With a strong focus on innovation, collaboration, and professional development, this company empowers its people to shape the future of secure digital transformation across … be part of a business that values expertise, agility, and doing the right thing - where everyone has the opportunity to make a genuine impact. About the Role The Senior Application Security Engineer will play a key role in protecting the organisation's infrastructure, cloud platforms, and applications. Working within a highly technical and collaborative cyber team - supported by … security initiatives, ensuring systems and software are secure by design. Drive vulnerability management and implement a risk-based approach across the technology stack. Perform security testing (SAST, DAST, SCA) and work with developers to remediate findings. Support cloud security controls (primarily Azure, including cloud-native apps). Champion secure development, threat modelling, and DevSecOps integration. Research More ❯

to ship secure software at pace. Responsibilities Focused on application security initiatives across cloud and on-premises environments, employing a diverse suite of tools including Semgrep for SAST, Snyk for SCA, GHAS for secret scanning, Burp Suite for DAST, and scripting for automation. Forge partnerships with external vendors to optimize and seamlessly integrate security tools into our … application security workflow, ensuring comprehensive coverage and operational efficiency. Drive the seamless integration of application security processes into development pipelines, leveraging Azure DevOps (ADO), GitHub Actions, and similar tools for streamlined automation. Actively contribute to the formulation and enforcement of application security policies and procedures, utilizing advanced tool capabilities to mitigate risks effectively. Engage … minimum of 3 years of hands-on experience in application security, with a track record of leadership or significant contributions in similar roles. Proficiency in Semgrep for SAST, Snyk for SCA, GHAS for secret scanning, Burp Suite for DAST, and automation scripting. Understanding of application security principles and best practices. Experience integrating and optimizing security More ❯

The Vacancy Job Title: Principal Cyber Security Specialist Contract Type: Permanent Location: Chatham, London Working Pattern: Hybrid—typically a couple of days a week in the office. Part-time or flexible arrangements are considered to support work-life balance. A fear of losing your current working flexibility shouldn't hinder you from applying for new opportunities, which is why … Learning for all Finance: Snoop Premium available to all colleagues Medical: Opportunity to opt in for Private Medical Insurance Bonus: Discretionary annual bonus The role: As a Principal Cyber Security Specialist, you will play a key role in architecting, deploying, and maintaining security-driven automation, integrations, and platform engineering efforts that support security operations, threat intelligence, and … security controls, monitoring, and compliance automation across the software development lifecycle (SDLC) for internally developed applications. As well as for low-code solutions (Power Platform,salesforce,mulesoft etc) (SAST, DAST, dependency scanning etc). Build and maintain Application security controls for example SaaS SPM, WAF and MAM. Experience: Experience in Security Engineering, Security Automation, or More ❯

A leading fintech company is seeking a Lead AppSec Engineer to join their established team. Youll be instrumental in embedding security into every stage of the software development lifecycleguiding engineers, shaping best practices, and driving secure, scalable solutions across our platform. Key Responsibilities: Security Advisory : Serve as the go-to expert for application security across engineering … teamsproviding hands-on guidance, resolving concerns, and fostering a security-first mindset. DevSecOps Enablement : Promote and implement secure development practices across CI/CD pipelines, secrets and key management, dependency … management, and secure design. Vulnerability Management : Lead vulnerability remediation effortstriaging findings, prioritizing risks, and partnering with teams to deliver effective, pragmatic fixes. Tooling & Automation : Integrate security tools (e.g., SAST, DAST, SCA, secrets scanning) into developer workflows, ensuring automation is both scalable and developer-friendly. Cloud Security Collaboration : Work alongside infrastructure teams to ensure secure configuration of AWS and More ❯

Fully Remote | £60,000 - £70,000 Our client is a fast-growing cyber-defence and threat-intelligence company committed to protecting organisations from sophisticated cyber threats. They combine advanced security analytics, automation and human expertise to deliver real-time defence across modern cloud and on-prem environments. They are expanding their engineering team and looking for a DevSecOps Engineer … who can help embed world-class security into everything they build. The Role: As a DevSecOps Engineer, you will sit at the intersection of development, operations and security. Youll work closely with engineering, threat research, and security operations teams to design, build, and maintain secure, scalable infrastructure and CI/CD pipelines. What Youll do: +Design, maintain and … secure CI/CD pipelines across cloud and on-prem environments. +Build and manage Infrastructure-as-Code (Terraform, Ansible, CloudFormation, etc.). +Integrate security tooling into development workflows: SAST, DAST, dependency scanning, secrets management, etc. +Collaborate with engineering teams to perform threat modelling and ensure secure system design. Key Skills and Experience: +Strong experience with CI/CD systems More ❯

Security Vulnerability Engineer Contract - Inside IR35 London - Hybrid (2 - 3 days a week in office) 6 months Are you a skilled software engineer with a passion for cybersecurity? This company is seeking a talented individual to join their team as a Security vulnerability engineer. This is an excellent opportunity to make a real impact and contribute to the … company's security initiatives. Key Responsibilities: Manage and enhance the company's Bug Bounty Programme (HackerOne), including working with researchers to identify and report vulnerabilities Oversee bounty payouts and conduct risk landscape analysis Track vulnerabilities and define mitigation strategies Collaborate closely with developers to identify, understand, test, and validate fixes for vulnerabilities Required Skills and Qualifications: Expertise in Bug … familiarity with development technologies Skills include automation, MFA implementation, and experience with HackerOne or Similar Bug Bounty technology Desirable Good scripting experience (e.g. Python). Hands-on use of SAST, SCA, secrets scanning, and DAST tools, especially in CI/CD pipelines. Awareness of CI/CD and infrastructure security patterns (GitHub Actions, Terraform, Kubernetes, least-privilege IAM). More ❯

investment administration platforms for financial institutions, integrating investor and portfolio management with compliance and reporting. Job Type: Full Time Workplace: Remote Working Hours: Monday to Friday, 09:0016:00 SAST) Role Overview Our client is seeking experienced mid-to-senior software engineers or infrastructure specialists who are excited by the challenge of building and operating a complex, business-critical managed … and Ansible, alongside programming in Python. Their environments are entirely based on Ubuntu Linux. Experience with server monitoring software (e.g. Prometheus, Grafana, Zabbix, Datadog) and a solid understanding of security principles and best practices (including hardening, access control, auditing, and incident response) is highly valued. This is a remote-first role, and they are looking for individuals who can … from anywhere with a timezone within 3 hours of South African Standard Time. You must be available during our core business hours (Monday to Friday, 09:00–16:00 SAST). The full team meets annually for planning and social events, with additional in-person collaboration among Johannesburg-based staff. Requirements Proven experience delivering complex infrastructure and automation projects, including More ❯

gaps. Ensure adherence to existing Change Management Policy. Perform daily system monitoring, verifying the integrity and availability of all hardware, server resources, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups. Use Windows Active Directory to administer user permissions, managing/creating service accounts and group membership. Assist in disaster … recovery planning and testing for TMHCC International applications. Assist with out of hours deployments where required. Identify automation opportunities with regular, frequent maintenance activities, such as deployments and refreshes. Work closely with other Product Engineering, QE, Platform and Support engineers to develop efficient and effective CI/CD pipelines and processes. Develop policies, standards, guidelines, governance and related guidance … Studio IIS and Apache Tomcat (Web services) Virtualisation software Package management tools like CloudSmith or JFrog Artifactory Container management e.g., minikube, docker or Kubernetes CICD process with ideally with SAST and SCA code analysis DevOps tools: Git repo, Azure DevOps, Azure, GitHub, GitHub Actions, AWS CI/CD tools, TeamCity, OctopusDeploy, Terraform, Ansible PowerShell Azure and AWS fundamentals Desirable: Experience More ❯

DevOps pre-sales engineering role Cloud infrastructure fluency (AWS, Azure or GCP) Hands-on experience with Docker, Kubernetes, CI/CD, Git, build tools Solid AppSec experience with SCA, SAST, SBOM, Container Security Proven track record helping to build enterprise relationships from tech champions to C-level in a clear client-facing pre-sales role working with the sales More ❯