1 to 25 of 67 Static Application Security Testing Jobs in the UK

Position Overview Fast growing FinTech seeking a technically proficient Principal Application Security Architect to join our innovative FinTech organisation. This role is critical in shaping the security posture of complex, cloud-native applications that power fast-growing financial services and digital payments platforms. As an Application Security Architect, you will work closely with software engineers … teams. Security Testing & Automation Oversee the deployment and tuning of automated application security testing tools including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). Collaborate with development teams to integrate security testing seamlessly into CI/CD pipelines … security or secure software engineering, preferably within FinTech or highly regulated industries. Hands-on experience with a range of application security testing tools including SAST, DAST, and SCA, and integrating these into automated build and deployment pipelines. Practical expertise with threat modeling methodologies such as STRIDE, PASTA, or Attack Trees. Strong knowledge of secure coding More ❯

locally based skills and technical expertise to drive innovation and adoption of new technology. Your role and responsibilities We are seeking a Cybersecurity Architect to join our Data and Application Security team. Our Data Security services cover a wide range of areas, including Cloud Access Security Brokers (CASB), Data Access Governance (DAG), PKI (Public Key Infrastructure … modelling workshops with cross-functional teams to identify potential security risks early in the software development lifecycle and recommending effective mitigation strategies. Designing and implementingsecurity testing (SCA, SAST, DAST) as part of the DevSecOps pipeline to identify and remediate vulnerabilities at every stage of the development process. Designing and implementing IaC security solutions to ensure secure provisioning … the software development lifecycle, automating security practices intoCI/CD pipelines, and ensuring seamless collaboration between security and development teams. Experience with automated SCA (Software Composition Analysis), SAST (Static Application Security Testing), and DAST (Dynamic Application Security Testing) to identify vulnerabilities early and throughout development. Application Security: Proficiency in More ❯

Security Development & Test Director 6 Months Hybrid - Birmingham 2 days per week on site £800 per day (Inside IR35) We are currently recruiting for a dynamic Security Development and Test Director to join our growing Security team. This is a great opportunity for you to play a pivotal role in helping to shape our client's transformation … CI/CD workflows to enable secure-by-design delivery. o Oversee the implementation and optimisation of security tooling, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and container security scanners. o Establish architectural review boards and security design checkpoints to validate that … Average time taken to remediate critical and high-severity vulnerabilities identified during development and testing phases. * Toolchain Utilisation Effectiveness: Adoption and effective use of security tools (e.g., SAST, DAST, SCA) across development teams, measured by scan frequency and issue resolution rates. * Training and Awareness Uptake: Percentage of development and QA staff completing secure coding and DevSecOps training programs. More ❯

Senior Security Engineer (Product Security) Technology London New Senior Security Engineer (Product Security) London Ebury is a global fintech firm dedicated to empowering businesses to expand internationally through tailored and forward-thinking financial solutions. Since our founding in 2009, we've grown to a diverse team of over 1,700 professionals across 40+ offices and 29+ … contributions are valued. You'll play a key role in shaping the future of cross-border finance, while advancing your own career in a dynamic, high-growth industry. Senior Security Engineer London Office - Hybrid: 4 days in the office, 1 day working from home Role Overview We are seeking a Senior Security Engineer to embed security throughout … security architecture patterns and reference implementations Security Code Reviews & Testing Conduct in-depth security code reviews for critical features Implement automated security testing (SAST, DAST, IAST, SCA) Configure and tune security scanning tools (Aquasec, Trivy, Dependabot, etc) Review cryptographic implementations against industry standards Validate authentication and authorization implementations Ensure compliance with OWASP ASVS More ❯

About this role WRITER is seeking an Application Security Engineer with deep expertise in AppSec, DevSecOps automation, and red team operations to secure our AI and AGI applications. At WRITER, security is woven into the heart of our innovation. As we continue to push the boundaries of AI, we need a seasoned security engineer who can … applications, APIs, and model endpoints, simulating adversarial attacks to validate controls. Automate security testing at scale - Develop scripts, tools, and frameworks for continuous security assessment, including SAST, DAST, and SCA integration. Lead application-layer red team exercises - Plan and execute engagements that mimic sophisticated adversary techniques targeting AI systems. Hunt and validate vulnerabilities - Discover, reproduce, and … web application and API security, including cloud-native architectures. Technical Expertise Proficient with penetration testing tools (e.g., Burp Suite, OWASP ZAP, custom scripts). Skilled in SAST, DAST, and SCA tools. Strong understanding of application-layer attack techniques and exploitation. Experience with supply chain security and build pipeline hardening. Execution & Impact Demonstrated ability to identify More ❯

Role overview: Working for a security vendor, the Security team are accountable for the company's Information Security, Security Architecture, Security Compliance, Security Awareness, Security Operations and Information Security Risk Management Activities. You'll work closely with development and operational teams to design, implement/recommend application security controls. This … is a new role for the company requiring a passion for cyber security and a hands-on development background to create and develop the application security capabilities as part of the SDLC. Ideally you will have a background in software development. Main tasks and responsibilities: Assess and identify gaps in current application security controls and … Knowledge of OWASP Top 10, SANS Top 25 etc Experience working in AWS/Azure/GCP would be beneficial Knowledge of Ci/CD pipelines Thorough understanding of SAST, DAST (including fuzzing), endpoint and perimeter scanning etc. Familiarity with industry security standards (ISO27001, NIST, CCM etc) Network and infrastructure experience. API gateway security, WAF and IDS, SSO More ❯

What You'll Be Working On: ️ Implementing secure development practices and conducting threat modeling for software applications ️ Performing static and dynamic application security testing (SAST/DAST) to identify vulnerabilities in code ️ Collaborating with DevOps and development teams to integrate security into the CI/CD pipeline ️ Conducting regular application security assessments, including … penetration testing and vulnerability scanning ️ Providing guidance and training to development teams on secure coding practices and security tools What We're Looking For: ️ Proven experience as an Application Security Specialist or in … a similar application security role ️ Strong knowledge of secure coding practices, common vulnerabilities (e.g., OWASP Top 10), and application security testing tools ️ Experience with SAST, DAST, and security code review tools (e.g., Fortify, Veracode, Checkmarx) ️ Familiarity with secure software development frameworks (e.g., OWASP, NIST) ️ Relevant certifications such as CSSLP, CEH, or CISSP are highly More ❯

source solutions, and embracing enterprise agile methodology. We encourage professional development to ensure you bring innovative ideas to our products while satisfying your own intellectual curiosity. Our Global Information Security team's mission is to ensure the development, implementation, and management of a comprehensive program that effectively protects the confidentiality, integrity, and availability of Point72 information assets. Our team … is comprised of security professionals with expertise in a diverse portfolio of security disciplines. What you'll do Collaborate with the DevOps team to design, implement, and manage a robust DevSecOps framework for our software development pipeline, integrating security tools and processes into our CI/CD workflows to enhance the developer experience Champion a security … progress and identify outliers Implement and manage security testing tools and processes within the CI/CD pipeline, including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and open source security (OSS) Work together with the DevOps team to automate security controls and More ❯

RMM Service Automation Platform and has a proven track record of helping MSPs standardize and automate the setup and delivery of IT services to achieve true scalability. The Senior Application Security Engineer plays a critical role in enhancing our application security posture by conducting advanced security assessments, leading security initiatives, and collaborating with development … teams to integrate security into the software development lifecycle. The position plays a key role in identifying and mitigating security vulnerabilities to protect our applications and data. This role is based in our Edinburgh hub. What You'll Do Assist in maturing organizational processes that drive complex security efforts for internal teams and external partners. Develop and … is preferred Thorough understanding of OWASP Top 10 and Secure Development Expertise in automating security tools and integrations, including simple scripting Experience with application security tools (SAST, DAST, IAST and SCA) Strong technical knowledge of development and production release process, including CI/CD Experience with the application of threat modeling and other risk identification techniques More ❯

own our AppSec strategy - driving threat modeling, secure architecture design, and offensive security testing . You will lead manual and automated penetration testing, manage AppSec tooling (SAST, DAST, SCA), and build developer enablement programs. You'll also be responsible for vulnerability management, incident response for application-layer events, and ensuring compliance alignment for SOC 2, ISO … architectures in collaboration with Engineering teams. Offensive Security Testing Conduct penetration tests (white-box and black-box) for web applications and APIs. Perform dynamic (DAST), static (SAST), and software composition (SCA) analysis. Simulate adversary attack scenarios to validate controls and identify gaps. Secure SDLC Integration Embed security into every stage of development; implement automated security … vulnerability assessments. Expert knowledge of OWASP Top 10, web application and API security, and common vulnerability classes with practical remediation strategies. Hands-on experience with AppSec tooling (SAST, DAST, SCA) integrated into CI/CD pipelines. Strong programming and scripting skills (Python preferred) and ability to influence secure coding practices. Proven ability to lead incident response for application More ❯

Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008. We're seeking a Product Security Engineer to support secure development across our engineering teams. In this hands-on role, you'll help identify and mitigate product risks by participating in security reviews, improving … tooling, and supporting vulnerability remediation. You'll work closely with senior security engineers and cross-functional teams to build security into our software development lifecycle. This is a great opportunity for a security-minded engineer who wants to grow their technical breadth while making meaningful impact in a cloud-first, DevOps-centric environment. You must be comfortable … Reviews: Conduct structured threat modeling and security assessments for new features, architectures, and services. Vulnerability Management & Remediation: Work closely with engineering teams to identify and remediate vulnerabilities from SAST, DAST, SCA, container security, and cloud security scans. Code & Architecture Review: Conduct secure code reviews and architectural security assessments to identify risks early in the development process. More ❯

Join us at Barclays as an Application Security Engineering Lead, where you'll design and deliver tools that help developers build secure software from the start. Your work will enhance security across the bank, protecting critical systems … and sensitive information. To be successful as an Application Security Engineering Lead, you should have experience with: Advanced knowledge of application security testing methodologies (SAST, DAST, IAST, SCA). Experience with cloud security architectures, DevSecOps integration, and pipelines. Advanced knowledge of security principles and guardrails. Coding proficiency in at least one major language. … Some other highly valued skills may include: Proven ability to build and scale application security programs from the ground up. Cross-functional collaboration skills with development, operations, and product teams. Vendor management and security tool evaluation expertise. You may be assessed on key critical skills relevant for success in the role, such as risk and controls, change More ❯

Product Security Architect page is loaded Product Security Architect Apply locations Leeds, UK Dublin, Ireland posted on Posted 14 Days Ago job requisition id JR129906 Product Security Architect Product Security Architect Location - Leeds/Dublin Hybrid - 2 days per week At Flutter, Product Security encompasses not just application code, but also infrastructure as code … the enterprise embed security into the product development lifecycles. This role is the key advisor on AppSec standards, secure development practices, threat modelling, and security tooling (e.g. SAST, DAST, SCA, IaC scanning, container security, etc.), ensuring consistency and maturity in how applications are built and maintained. By aligning teams with modern DevSecOps principles, developer enablement, and security … the development of a global secure development policy, including approved tools, practices, and coding standards. Technology & Tooling Strategy: Evaluate, recommend, and support the rollout of AppSec tools such as SAST, DAST, SCA, container and IaC scanners, runtime protections, and CI/CD pipeline integrations. Collaborate with platform and DevOps teams to ensure tool integration and automation into developer workflows across More ❯

Career progression with excellent training and development. Company events - Pub nights, sporting events, seasonal parties, socials Overview of the role IFX Payments is seeking a technically skilled and proactive Application Security Engineer to embed secure development practices across its software delivery lifecycle. This role is critical in reducing application-layer risks, implementing secure coding standards, and ensuring … drive continuous improvement in application security posture. Responsibilities Secure Development Lifecycle (SDLC) Embed security controls into CI/CD pipelines and development workflows. Implement and manage SAST, DAST, and SCA tools to detect vulnerabilities early in the lifecycle Conduct secure code reviews and support developers in remediating findings. Threat Modelling & Architecture Review Lead threat modelling sessions using … experience in application security or secure software development. Strong understanding of OWASP Top 10, secure coding techniques, and threat modelling. Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners. Familiarity with cloud platforms (Azure or AWS), CI/CD pipelines, and DevOps practices. Knowledge of regulatory frameworks (ISO 27001, FCA, NIST). Excellent communication More ❯

places! This is where you come in. The Opportunity As IAG Loyalty evolves into a Platform as a Service business, we're looking for a talented and passionate Senior Application Security Engineer to join our security engineering team. You'll have a background in software engineering and a deep interest in application and API security. You … our CI/CD pipelines, facilitate threat modelling sessions, and review security-sensitive design decisions around authentication, cryptography, and logging. You'll also ensure that tools such as SAST, DAST, and SCA are effective and efficient, and that testing programmes - including pen testing, vulnerability scanning, and bug bounty - are delivering value. You'll triage vulnerabilities, support engineering … vulnerabilities, including the OWASP Top 10 Proficient in coding, scripting (e.g. Python, Bash), and automating security in CI/CD Hands-on experience with security tools like SAST, DAST, and SCA Familiar with cloud environments (especially AWS), containers, and microservices Comfortable reviewing technical designs, performing threat modelling, and advising on secure architecture Strong communicator who collaborates well with More ❯

Junior Product Security Engineer Assist in embedding security best practices into Sonos product development lifecycle Location: Glasgow, Scotland, United Kingdom Job Tags: Operations About The Role Junior Product Security Engineer At Sonos we want to create the ultimate listening experience for our customers and know that it starts by listening to each other. As part of the … applicants must live within commuting distance of our Glasgow office location and should expect to be in office a minimum of 4 days per week. At Sonos, our Product Security Vision is to protect our products by implementing proven security practices and leveraging expertise to create experiences that both delight our customers and safeguard them and their information … identify potential security risks in system designs. Operational Product Security Support: Gain hands-on experience with common security tools and technologies such as static analysis (SAST), dynamic scanning (DAST), and security testing frameworks. Assist in streamlining vulnerability remediation processes, tracking defect status, and facilitating vulnerability information flow to development teams. Learn and support Product More ❯

Junior Product Security Engineer page is loaded Junior Product Security Engineer Apply locations Glasgow - Sonos Scotland time type Full time posted on Posted Yesterday time left to apply End Date: September 30, 2025 (30+ days left to apply) job requisition id R2508 At Sonos we want to create the ultimate listening experience for our customers and know that … applicants must live within commuting distance of our Glasgow office location and should expect to be in office a minimum of 4 days per week. At Sonos, our Product Security Vision is to protect our products by implementing proven security practices and leveraging expertise to create experiences that both delight our customers and safeguard them and their information … identify potential security risks in system designs. Operational Product Security Support: Gain hands-on experience with common security tools and technologies such as static analysis (SAST), dynamic scanning (DAST), and security testing frameworks. Assist in streamlining vulnerability remediation processes, tracking defect status, and facilitating vulnerability information flow to development teams. Learn and support Product More ❯

The Cyber Security Architect will work closely with the solution architects and enterprise architects to improve and maintain the cyber security of NAVBLUE'S products, services and infrastructure. The ideal candidate will play a critical role in designing and implementing cybersecurity frameworks to align with the business objectives and mitigate potential threats. Main Responsibilities: Perform Security Risk … and Threat analysis during the initial design and the Software Development Life Cycle planning, analysis, and design phases. Providing recommendations and requirements for mitigating any security weaknesses identified while defining Non-Functional Requirements in coordination with Solutions Architects. Ensure Security by Design is embedded within the Software Development Life Cycle, while ensuring that all security requirements have … Working knowledge of the SDLC and AWS network architecture Knowledge of the SAFe Agile method would be an asset Understanding of security testing in the software pipeline (SAST, DAST, SCA, RASP) Knowledge of STRIDE, DICE and other threat and risk frameworks Knowledge of AWS tools Proven experience managing multiple projects simultaneously Practical interpersonal skills; adaptable to all levels More ❯

The Cyber Security Architect will work closely with the solution architects and enterprise architects to improve and maintain the cyber security of NAVBLUE'S products, services and infrastructure. The ideal candidate will play a critical role in designing and implementing cybersecurity frameworks to align with the business objectives and mitigate potential threats. Main Responsibilities: Perform Security Risk … and Threat analysis during the initial design and the Software Development Life Cycle planning, analysis, and design phases. Providing recommendations and requirements for mitigating any security weaknesses identified while defining Non-Functional Requirements in coordination with Solutions Architects. Ensure Security by Design is embedded within the Software Development Life Cycle, while ensuring that all security requirements have … Working knowledge of the SDLC and AWS network architecture Knowledge of the SAFe Agile method would be an asset Understanding of security testing in the software pipeline (SAST, DAST, SCA, RASP) Knowledge of STRIDE, DICE and other threat and risk frameworks Knowledge of AWS tools Proven experience managing multiple projects simultaneously Practical interpersonal skills; adaptable to all levels More ❯

and software management, anchored in a continuous innovation culture. What you'll be doing: As a DevOps Engineer at Ripjar you will be responsible for ensuring the reliability and security of the infrastructure that underpins our development and operational services. You will play an active role in supporting and continuously improving our core infrastructure offering, providing a solid foundation … and applications hosted on Linux-based systems. Design, deploy and maintain IP networks. Create robust automated solutions to allow development teams to self-serve routine infrastructure requests. Improve code security by integrating security testing tools into build and deployment pipelines. Implement effective monitoring of the reliability and security of applications and infrastructure services. The successful candidate … of automating tasks using languages and tools such as Bash, Python, JavaScript, and GitHub Actions. Knowledge of how to effectively use security testing and monitoring tooling, e.g. SAST and SIEM products. Candidates with the following background will be of particular interest: Experience contributing to incident response across a complex microservice-based application Application Security best More ❯

Job Summary We are seeking a pragmatic and highly skilled DevSecOps Engineer to join our Platform team. In this role, you will be responsible for identifying, prioritising and remediating security issues as a security engineer and lead analyst to support the broader organisation. You will collaborate closely with Platform, Infrastructure, Development and Security teams to embed security … modelling, code and infrastructure reviews. Develop and execute incident response procedures, leveraging Sentinel playbooks and Logic Apps when required. CI/CD & Automation Integrate automated security testing (SAST, DAST, SCA) into Azure DevOps pipelines or GitHub Actions. Create Infrastructure as Code (IaC) with Terraform or ARM templates, embedding security checks. Automate security operations tasks using Azure … party tools). Ability to design and enforce patch windows and remediation SLAs. DevSecOps Toolchain Proficient with CI/CD tooling in Azure DevOps or GitHub Actions. Experience integrating SAST (e.g. SonarQube), DAST (e.g. OWASP ZAP) and SCA (e.g. Dependabot, Snyk) into pipelines. Infrastructure as Code: Terraform, ARM or Bicep. Container & Cloud Security Knowledge of containerisation (Docker, Kubernetes/ More ❯

manager, engineer, quality assurance, mentor, problem solver, and collaborative team member-ensuring both technical excellence and alignment with business goals. What will you be doing? Collaborate with solution architects, application architects and data engineers to develop solutions meeting delivery goals. Identifying and capturing work that needs to be done, including dependencies external to the team. Responsible for onboarding new … ensuring compliance with FA development standards and processes. Optimise the developer experience to make the development process easier and help the team to become more productive. Ensure that production application services and applications are monitored and observed proactively - spotting potential issues early. Continuously stretch engineers with meaningful challenges and provide honest, constructive feedback to accelerate their development. Monitor and … delivery. Experience of providing technical leadership and oversight with offshore and/or third-party delivery teams. Experience with unit testing, TDD and BDD. Experience with working with SAST (Static Application Security Testing) and SCA (Software Composition Analysis) tools e.g. Sonar. Experience with design and development of n-tier architectures. Knowledge of common software design More ❯

technical excellence and alignment with business goals. The role is a 12-month Fixed-Term Contract based at Wembley Stadium. What will you be doing? Collaborate with solution architects, application architects and data engineers to develop solutions meeting delivery goals Identifying and capturing work that needs to be done, including dependencies external to the team Responsible for onboarding new … ensuring compliance with FA development standards and processes. Optimise the developer experience to make the development process easier and help the team to become more productive. Ensure that production application services and applications are monitored and observed proactively - spotting potential issues early. Continuously stretch engineers with meaningful challenges and provide honest, constructive feedback to accelerate their development. Monitor and … delivery Experience of providing technical leadership and oversight with offshore and/or third-party delivery teams Experience with unit testing, TDD and BDD Experience with working with SAST (Static Application Security Testing) and SCA (Software Composition Analysis) tools e.g. Sonar. Experience with design and development of n-tier architectures Knowledge of common software design More ❯

challenges. We are dedicated to consistently updating our job descriptions to ensure we continue to lead in banking innovation. How you will contribute and key responsibilities: As a Senior Security Engineer, you will be instrumental in designing and implementing security measures for our mobile applications, services, and websites to meet the highest security standards. Your expertise will … help us continuously analyse and improve our security systems, ensuring that our products and services are not only secure by design but also comply with internal and external regulatory requirements. Other responsibilities include: Security Analysis and Improvement: Continuously analyse our security systems for potential improvements, ensuring that our defences remain at the forefront of cybersecurity practices. Vulnerability … Event driven streaming technologies, Logging and monitoring, networks, firewalls, load balancers, DNS, CDNs, Working knowledge of agile DevSecOps environments, and CI/CD (Git, Concourse, Terraform), Working knowledge of SAST, DAST, RASP, and IAST tools and building security into existing SDLC processes, Knowledge of cloud Security Architecture of public clouds (such as AWS or GCP), Security certification More ❯

Security Development & Test Director £140,000 GBP Onsite WORKING Location: Central London, Greater London - United Kingdom Type: Permanent Security Development & Test Director London (Hybrid, 2-3 days onsite) Up to £140,000 + Benefits + Bonus We're hiring a Security Development & Test Director to lead a rapidly growing security capability at a major global consultancy. … This is a leadership role where you'll shape strategic offerings around secure software development, DevSecOps, and security testing - while staying hands-on enough to influence tooling, architecture, and delivery standards across complex client environments. You'll be joining a high-performing cyber team with serious backing and a strong pipeline of transformation work across multiple sectors. … What you'll be doing: Leading the definition and implementation of secure architecture and DevSecOps practices across large-scale client programmes Overseeing security testing operations - including tooling (SAST, DAST, SCA), processes and coverage Driving service maturity and quality across delivery, with a focus on automation, governance, and continuous improvement Supporting business development and client engagement - from presales and More ❯