25 of 25 Static Application Security Testing Jobs in the UK

The team you';ll be working with: Security Development and Test Director We are currently recruiting for a dynamic Security Development and Test Director to join our growing Security team. About Us NTT DATA is one of the world's largest Global Security services providers with over 7500 Security SMEs and Integration partner to many … into CI/CD workflows to enable secure-by-design delivery. Oversee the implementation and optimisation of security tooling, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and container security scanners. Establish architectural review boards and security design checkpoints to validate that new … Average time taken to remediate critical and high-severity vulnerabilities identified during development and testing phases. Toolchain Utilisation Effectiveness: Adoption and effective use of security tools (e.g., SAST, DAST, SCA) across development teams, measured by scan frequency and issue resolution rates. Training and Awareness Uptake: Percentage of development and QA staff completing secure coding and DevSecOps training programs. More ❯

INFORMATION SECURITY SPECIALIST KEY POINTS • Hybrid working model (Stoke-on-Trent) – up to £55,000 p/a • Focus on application security, code analysis, threat modelling and penetration testing • Work closely with Software Development teams across a large technical environment • Opportunity to influence secure development practices and automation initiatives ABOUT THE CLIENT We’re supporting a … respected and technology-driven organisation that continues to strengthen its security posture across a broad portfolio of applications. They are looking to appoint an Information Security Specialist to join their established Application Security team, contributing to secure development practices, code assurance, and vulnerability identification across complex systems. THE BENEFITS • Hybrid working and flexible approach • Exposure to … skills) your application to our client in conjunction with this vacancy only. KEY SKILLS Application Security, AppSec, OWASP, Threat Modelling, Secure Development Lifecycle, Code Review, DAST, SAST, CI/CD, Penetration Testing, Supply Chain Security, Risk Assessment, Software Security, Automation More ❯

INFORMATION SECURITY SPECIALIST KEY POINTS * Hybrid working model (Stoke-on-Trent) - up to £55,000 p/a* Focus on application security, code analysis, threat modelling and penetration testing* Work closely with Software Development teams across a large technical environment* Opportunity to influence secure development practices and automation initiatives ABOUT THE CLIENT We're supporting a … respected and technology-driven organisation that continues to strengthen its security posture across a broad portfolio of applications. They are looking to appoint an Information Security Specialist to join their established Application Security team, contributing to secure development practices, code assurance, and vulnerability identification across complex systems. THE BENEFITS * Hybrid working and flexible approach* Exposure to … skills) your application to our client in conjunction with this vacancy only. KEY SKILLS Application Security, AppSec, OWASP, Threat Modelling, Secure Development Lifecycle, Code Review, DAST, SAST, CI/CD, Penetration Testing, Supply Chain Security, Risk Assessment, Software Security, Automation More ❯

Job Title: Senior Application Security EngineerSalary: £70,000Location: Reading/remote About the Organisation Join a fast-growing UK technology and consulting firm that's investing heavily in cutting-edge cyber security. With a strong focus on innovation, collaboration, and professional development, this company empowers its people to shape the future of secure digital transformation across a wide … be part of a business that values expertise, agility, and doing the right thing - where everyone has the opportunity to make a genuine impact. About the Role The Senior Application Security Engineer will play a key role in protecting the organisation's infrastructure, cloud platforms, and applications. Working within a highly technical and collaborative cyber team - supported by … security initiatives, ensuring systems and software are secure by design. Drive vulnerability management and implement a risk-based approach across the technology stack. Perform security testing (SAST, DAST, SCA) and work with developers to remediate findings. Support cloud security controls (primarily Azure, including cloud-native apps). Champion secure development, threat modelling, and DevSecOps integration. Research More ❯

Job Title: Senior Application Security Engineer Salary: £70,000 Location: Reading/remote About the Organisation Join a fast-growing UK technology and consulting firm that's investing heavily in cutting-edge cyber security. With a strong focus on innovation, collaboration, and professional development, this company empowers its people to shape the future of secure digital transformation across … be part of a business that values expertise, agility, and doing the right thing - where everyone has the opportunity to make a genuine impact. About the Role The Senior Application Security Engineer will play a key role in protecting the organisation's infrastructure, cloud platforms, and applications. Working within a highly technical and collaborative cyber team - supported by … security initiatives, ensuring systems and software are secure by design. Drive vulnerability management and implement a risk-based approach across the technology stack. Perform security testing (SAST, DAST, SCA) and work with developers to remediate findings. Support cloud security controls (primarily Azure, including cloud-native apps). Champion secure development, threat modelling, and DevSecOps integration. Research More ❯

Job Title: Senior Application Security Engineer Salary: £70,000 Location: Reading/remote About the Organisation Join a fast-growing UK technology and consulting firm that's investing heavily in cutting-edge cyber security. With a strong focus on innovation, collaboration, and professional development, this company empowers its people to shape the future of secure digital transformation across … be part of a business that values expertise, agility, and doing the right thing - where everyone has the opportunity to make a genuine impact. About the Role The Senior Application Security Engineer will play a key role in protecting the organisation's infrastructure, cloud platforms, and applications. Working within a highly technical and collaborative cyber team - supported by … security initiatives, ensuring systems and software are secure by design. Drive vulnerability management and implement a risk-based approach across the technology stack. Perform security testing (SAST, DAST, SCA) and work with developers to remediate findings. Support cloud security controls (primarily Azure, including cloud-native apps). Champion secure development, threat modelling, and DevSecOps integration. Research More ❯

and grow your role. Join the Appspace team and be a part of a culture that's helping people everywhere love where they work. Your Role as a Principal Security Engineer: We're looking for a Principal Security Engineer with a passion for securing cloud environments and a proven history of leading complex security transformations. This is … hands-on, deeply technical role, not an advisory position, ideal for someone who thrives at the intersection of engineering and client engagement. You'll use your expertise in cloud security, software security, and penetration testing to guide clients through high-impact security initiatives. A key focus of the role is conducting forensic investigations across cloud platforms … within major cloud platforms, including IAM, network configuration, and cloud-native security tools. Hands-on experience with vulnerability management, penetration testing, and common attack vectors; familiarity with SAST, DAST, and SCA tools. Strong understanding of the OWASP Top 10, secure coding principles, cryptography, and threat modeling. Proven track record leading client-facing security projects and transformation initiatives. More ❯

As a Senior Penetration Tester, you will focus on securing the Company's applications through best practice development lifecycle controls and perform penetration tests to assess the effectiveness of security measures. Full-time Closes 03/12/2025 The Information Security department deal with the security of closed sourced, open source and proprietary applications. The team … and remediating risks efficiently through penetration testing. Utilising your knowledge of Secure Development Lifecycles and code assessment, you will work with the Software Development teams to understand and mitigate application-based vulnerabilities. This role is based within the wider Information Security department, with engineers and analysts of varying backgrounds. Collectively, the team utilises enterprise and bespoke tooling to … identify, mitigate threats, and safeguard the Business. We utilise AI to enhance our existing security processes and practices, embracing the advantages it brings. You will play a key role in our journey to leverage this powerful technology in strengthening our application security. This role is eligible for inclusion in the Company's hybrid working from home policy. Preferred More ❯

As a Senior Penetration Tester, you will focus on securing the Company's applications through best practice development lifecycle controls and perform penetration tests to assess the effectiveness of security measures. Full-time Closes 03/12/2025 The Information Security department deal with the security of closed sourced, open source and proprietary applications. The team … and remediating risks efficiently through penetration testing. Utilising your knowledge of Secure Development Lifecycles and code assessment, you will work with the Software Development teams to understand and mitigate application-based vulnerabilities. This role is based within the wider Information Security department, with engineers and analysts of varying backgrounds. Collectively, the team utilises enterprise and bespoke tooling to … identify, mitigate threats, and safeguard the Business. We utilise AI to enhance our existing security processes and practices, embracing the advantages it brings. You will play a key role in our journey to leverage this powerful technology in strengthening our application security. This role is eligible for inclusion in the Company's hybrid working from home policy. Preferred More ❯

to ship secure software at pace. Responsibilities Focused on application security initiatives across cloud and on-premises environments, employing a diverse suite of tools including Semgrep for SAST, Snyk for SCA, GHAS for secret scanning, Burp Suite for DAST, and scripting for automation. Forge partnerships with external vendors to optimize and seamlessly integrate security tools into our … application security workflow, ensuring comprehensive coverage and operational efficiency. Drive the seamless integration of application security processes into development pipelines, leveraging Azure DevOps (ADO), GitHub Actions, and similar tools for streamlined automation. Actively contribute to the formulation and enforcement of application security policies and procedures, utilizing advanced tool capabilities to mitigate risks effectively. Engage … minimum of 3 years of hands-on experience in application security, with a track record of leadership or significant contributions in similar roles. Proficiency in Semgrep for SAST, Snyk for SCA, GHAS for secret scanning, Burp Suite for DAST, and automation scripting. Understanding of application security principles and best practices. Experience integrating and optimizing security More ❯

The Vacancy Job Title: Principal Cyber Security Specialist Contract Type: Permanent Location: Chatham, London Working Pattern: Hybrid—typically a couple of days a week in the office. Part-time or flexible arrangements are considered to support work-life balance. A fear of losing your current working flexibility shouldn't hinder you from applying for new opportunities, which is why … Learning for all Finance: Snoop Premium available to all colleagues Medical: Opportunity to opt in for Private Medical Insurance Bonus: Discretionary annual bonus The role: As a Principal Cyber Security Specialist, you will play a key role in architecting, deploying, and maintaining security-driven automation, integrations, and platform engineering efforts that support security operations, threat intelligence, and … security controls, monitoring, and compliance automation across the software development lifecycle (SDLC) for internally developed applications. As well as for low-code solutions (Power Platform,salesforce,mulesoft etc) (SAST, DAST, dependency scanning etc). Build and maintain Application security controls for example SaaS SPM, WAF and MAM. Experience: Experience in Security Engineering, Security Automation, or More ❯

Team Lead is responsible for defining, developing, and leading the strategic direction for safeguarding the organisation's infrastructure and applications. This is achieved by proactively identifying, assessing, and remediating security vulnerabilities. The role sits within the Digital Engineering Services & Solutions (DES) department of the Technology Division.The role is part of the Digital Engineering Services & Solutions (DES) department, which encompasses … with service transition processes to ensure compliance with internal controls and regulatory standards. It plays a critical role in governance, audit readiness, and the continuous improvement of MUFG's security posture, while also serving as the central coordination point for all vulnerability-related activities across DES.The successful candidate must demonstrate proven experience in leading teams and fostering a culture … of vulnerabilities, aligned with criticality-based policy enforcement. Prioritise weaknesses in IT infrastructure and applications using manual and automated methods, including results from Static Application Testing (SAST) and Software Composition Analysis (SCA) tooling (in conjunction with the Service Transition team). Influence stakeholders to prioritise and drive remediation of process and technology gaps Work with Cyber Security More ❯

Cyber Security Consultant £30,000 – £45,000 per annum Melton Mowbray Role Summary We’re a growing MSP based in Melton Mowbray, helping organisations of all sizes strengthen their security posture and achieve recognised certifications. We’re looking for a skilled Cyber Security Consultant specialising in Penetration Testing to deliver high-quality security testing and assurance across a diverse client base. You’ll lead and support security assessments including network, web application, mobile, cloud, wireless, and internal infrastructure testing , alongside Cyber Essentials and Cyber Essentials Plus (CE/CE+) assessments. This role suits someone who enjoys hands-on technical work, clear reporting, and helping clients improve their security posture … and Certifications: CREST CRT/CCRT/CCT or CHECK Team Member . OSCP/OSWE/OSEP/GPEN/eCPPT/similar. Experience with secure code review, SAST/DAST pipelines, or DevSecOps. Familiarity with ISO 27001 or wider GRC frameworks. What We Offer: Competitive salary and annual performance bonus. Training budget and certification support. Clear progression path More ❯

A leading fintech company is seeking a Lead AppSec Engineer to join their established team. Youll be instrumental in embedding security into every stage of the software development lifecycleguiding engineers, shaping best practices, and driving secure, scalable solutions across our platform. Key Responsibilities: Security Advisory : Serve as the go-to expert for application security across engineering … teamsproviding hands-on guidance, resolving concerns, and fostering a security-first mindset. DevSecOps Enablement : Promote and implement secure development practices across CI/CD pipelines, secrets and key management, dependency … management, and secure design. Vulnerability Management : Lead vulnerability remediation effortstriaging findings, prioritizing risks, and partnering with teams to deliver effective, pragmatic fixes. Tooling & Automation : Integrate security tools (e.g., SAST, DAST, SCA, secrets scanning) into developer workflows, ensuring automation is both scalable and developer-friendly. Cloud Security Collaboration : Work alongside infrastructure teams to ensure secure configuration of AWS and More ❯

scale Modernisation Programme. The role requires deep expertise in modern quality engineering practices, with the ability to guide delivery teams, implement QA standards, and ensure compliance with the full testing lifecycle. Technology Environment Cloud & Platform: HCP (Kubernetes-based) on AWS, with potential migration to Azure Monitoring: Kibana, Grafana, Splunk, PagerDuty (transitioning to … Dynatrace) CI/CD: GitLab pipelines Databases: Oracle RDS, SQL, MongoDB (limited use) Languages & Frameworks: Java 21, Spring Boot/Spring Batch Testing & Automation: Playwright, WireMock, OWASP ZAP (SAST, DAST, SCA), Gatling Key Responsibilities Define and implement QA principles within the workstream, aligned with programme strategy Collaborate with stakeholders to establish automation patterns and repeatable testing approaches Direct … (SIT) End-to-End Business Testing: Business Process Testing (BPT) Specialist Testing: Performance, Security, Accessibility, and Operational Acceptance Testing Secure Development: Oversight of SAST/DAST in CI/CD pipelines to ensure "Secure by Design More ❯

will lead the quality assurance function across internal and client projects, managing QA resources and coordinating partner teams as required. This role is responsible for driving best practices in testing, including manual, automation, performance, and security testing, while ensuring adherence to established standards throughout the software development lifecycle. The Test Manager will actively participate in test planning … execution, and defect resolution, championing quality engineering principles and supporting successful project delivery. Key Responsibilities • Manage and lead the testing team, including direct line management and matrix management of client and partner resources as required.• Collaborate with clients to ensure effective utilisation of the test team in line with business objectives.• Drive the implementation of best practices across all … Functional Testing (NFT). Desirable Skills and Experience • Familiarity with CI/CD pipelines, particularly GitLab.• Understanding of automation frameworks and tools such as Playwright, Wiremock, OWASP Zap (SAST, DAST, SCA), Gatling• Knowledge of monitoring tools including Kibana, Grafana, Splunk, PagerDuty, and ideally Dynatrace.• Exposure to cloud platforms (AWS, Azure) and containerisation technologies (Kubernetes).• Understanding of databases: Oracle More ❯

disaster recovery capabilities CI/CD & Deployment Build and maintain CI/CD pipelines using ArgoCD and GitOps workflows Enable fast, safe deployments for multiple engineering teams Implement automated testing, security scanning, and quality gates Create deployment strategies (blue/green, canary, rolling updates) Support teams with deployment tooling and best practices Observability & Reliability Implement comprehensive monitoring, logging … systems Build dashboards and metrics for system health and performance Design and implement incident response procedures Conduct post-mortems and drive continuous improvement Optimize system performance and resource utilization Security & Compliance Implement security best practices across infrastructure and deployments Manage secrets, credentials, and access control Ensure compliance with data protection requirements for financial data Conduct security scanning … distributed systems Desirable Skills and Experience Experience with GitHub Actions for CI/CD Understanding of networking and load balancing in cloud environments Security tooling experience - vulnerability scanning, SAST/DAST, compliance automation Experience with cost optimization and FinOps practices in cloud environments Knowledge of database administration – MS SQL, PostgreSQL, Redis, or similar Understanding of AI/ML infrastructure More ❯

Fully Remote | £60,000 - £70,000 Our client is a fast-growing cyber-defence and threat-intelligence company committed to protecting organisations from sophisticated cyber threats. They combine advanced security analytics, automation and human expertise to deliver real-time defence across modern cloud and on-prem environments. They are expanding their engineering team and looking for a DevSecOps Engineer … who can help embed world-class security into everything they build. The Role: As a DevSecOps Engineer, you will sit at the intersection of development, operations and security. Youll work closely with engineering, threat research, and security operations teams to design, build, and maintain secure, scalable infrastructure and CI/CD pipelines. What Youll do: +Design, maintain and … secure CI/CD pipelines across cloud and on-prem environments. +Build and manage Infrastructure-as-Code (Terraform, Ansible, CloudFormation, etc.). +Integrate security tooling into development workflows: SAST, DAST, dependency scanning, secrets management, etc. +Collaborate with engineering teams to perform threat modelling and ensure secure system design. Key Skills and Experience: +Strong experience with CI/CD systems More ❯

We're looking for a Software Engineer to build the internal platform that powers our security development lifecycle. You will design and maintain a backend-focused service that ingests, normalizes, and correlates security artifacts … enabling centralized risk visibility, audit readiness and automated compliance workflows. Key Responsibilities Design & implement a backend platformthat schedules ingestion, normalization, storage, and historical tracking of security artifacts (BOMs, SAST/SCA findings, fuzzing results) in a scalable, tool-agnostic fashion. Develop and maintain ETL pipelinesand database schemas for high-throughput ingestion and historical trend analysis. Expose data via well … and querying relational databases. Clear technical writing todocumentdata schemas, APIs, and dashboard usage. "Nice to Have" Skills and Experience Experience with Grafana, Prometheus, or similar observability platforms. Familiarity with SAST and SCA tools (e.g., Coverity, Black Duck) and experience understanding their findings. Experience defining and visualizing key security and performance metrics within dashboard solutions. Experience with security data More ❯

build scalable web applications using modern frontend and backend technologies Develop responsive user interfaces and robust REST APIs Design and maintain database schemas, queries, and optimise performance Implement comprehensive testing strategies and CI/CD pipelines Make critical technical decisions on architecture and technology choices Optimise application performance across the full stack for scalability and user experience Collaborate … Python (Django or FastAPI) and RESTful API design Database proficiency with PostgreSQL including schema design and query optimization Experience with containerisation (Docker) Knowledge of CI/CD pipelines and testing methodologies (unit, integration, automated testing) Leadership skills for mentoring engineers and communicating with stakeholders Understanding of software design principles and performance optimization techniques Track record of successful project … patterns and implementation Familiarity with object storage solutions (MinIO, S3) Experience with GitOps workflows and tools like ArgoCD or GitHub Actions Knowledge of DevSecOps practices and scan tooling for SAST, DAST, SCA and SBOM Experience with monitoring and observability tools Defence/Public Sector consultant experience Security Clearance: UKSV (United Kingdom Security Vetting) clearance is required for this More ❯

Security Vulnerability Engineer Contract - Inside IR35 London - Hybrid (2 - 3 days a week in office) 6 months Are you a skilled software engineer with a passion for cybersecurity? This company is seeking a talented individual to join their team as a Security vulnerability engineer. This is an excellent opportunity to make a real impact and contribute to the … company's security initiatives. Key Responsibilities: Manage and enhance the company's Bug Bounty Programme (HackerOne), including working with researchers to identify and report vulnerabilities Oversee bounty payouts and conduct risk landscape analysis Track vulnerabilities and define mitigation strategies Collaborate closely with developers to identify, understand, test, and validate fixes for vulnerabilities Required Skills and Qualifications: Expertise in Bug … familiarity with development technologies Skills include automation, MFA implementation, and experience with HackerOne or Similar Bug Bounty technology Desirable Good scripting experience (e.g. Python). Hands-on use of SAST, SCA, secrets scanning, and DAST tools, especially in CI/CD pipelines. Awareness of CI/CD and infrastructure security patterns (GitHub Actions, Terraform, Kubernetes, least-privilege IAM). More ❯

investment administration platforms for financial institutions, integrating investor and portfolio management with compliance and reporting. Job Type: Full Time Workplace: Remote Working Hours: Monday to Friday, 09:0016:00 SAST) Role Overview Our client is seeking experienced mid-to-senior software engineers or infrastructure specialists who are excited by the challenge of building and operating a complex, business-critical managed … and Ansible, alongside programming in Python. Their environments are entirely based on Ubuntu Linux. Experience with server monitoring software (e.g. Prometheus, Grafana, Zabbix, Datadog) and a solid understanding of security principles and best practices (including hardening, access control, auditing, and incident response) is highly valued. This is a remote-first role, and they are looking for individuals who can … from anywhere with a timezone within 3 hours of South African Standard Time. You must be available during our core business hours (Monday to Friday, 09:00–16:00 SAST). The full team meets annually for planning and social events, with additional in-person collaboration among Johannesburg-based staff. Requirements Proven experience delivering complex infrastructure and automation projects, including More ❯

gaps. Ensure adherence to existing Change Management Policy. Perform daily system monitoring, verifying the integrity and availability of all hardware, server resources, systems and key processes, reviewing system and application logs, and verifying completion of scheduled jobs such as backups. Use Windows Active Directory to administer user permissions, managing/creating service accounts and group membership. Assist in disaster … recovery planning and testing for TMHCC International applications. Assist with out of hours deployments where required. Identify automation opportunities with regular, frequent maintenance activities, such as deployments and refreshes. Work closely with other Product Engineering, QE, Platform and Support engineers to develop efficient and effective CI/CD pipelines and processes. Develop policies, standards, guidelines, governance and related guidance … Studio IIS and Apache Tomcat (Web services) Virtualisation software Package management tools like CloudSmith or JFrog Artifactory Container management e.g., minikube, docker or Kubernetes CICD process with ideally with SAST and SCA code analysis DevOps tools: Git repo, Azure DevOps, Azure, GitHub, GitHub Actions, AWS CI/CD tools, TeamCity, OctopusDeploy, Terraform, Ansible PowerShell Azure and AWS fundamentals Desirable: Experience More ❯

if you have: Live in Edinburgh or are within commutable distance Solid experience in DevOps and Platform Engineering Git and version control workflows Security engineering tools and practices: SAST/DAST tools (Checkmarx, Veracode, SonarQube) Container security (Aqua, Snyk, Anchore) Programming and scripting languages (Python, Go, YAML, JSON etc.) A background in financial services or similar regulated industries. … Familiarity with compliance frameworks, and security requirements (e.g., ISO 27001, SOC 2, SOX, PCI DSS, FedRAMP, FFIEC, NYDFS, and SEC compliance requirements) A track record in consulting, solutions architecture, or technical coaching. Interest in technical sales and supporting go-to-market strategies. Excellent written and verbal communication skills, with the ability to translate complex technical topics to both technical … and non-technical stakeholders. AWS/Azure/GCP certifications, CISSP, CISM, or other security certifications are a plus Generous equity plan. Remote-first working environment with travel to our Oslo office and customer sites across Europe (London, Zurich, and more). Opportunity to work on innovative solutions with a passionate and driven team. If you are excited by More ❯

DevOps pre-sales engineering role Cloud infrastructure fluency (AWS, Azure or GCP) Hands-on experience with Docker, Kubernetes, CI/CD, Git, build tools Solid AppSec experience with SCA, SAST, SBOM, Container Security Proven track record helping to build enterprise relationships from tech champions to C-level in a clear client-facing pre-sales role working with the sales More ❯