12 of 12 Static Application Security Testing Jobs in the South East

Experience in the following types of Security Testing: - Security Analysis and Consulting - Static Application Security Testing (SAST) - Dynamic Application Security Testing (DAST) - Infrastructure Vulnerability Assessment - Mobile Application Penetration testing OWASP More ❯

treasury solutions, empowering investment firms with cutting-edge technology to optimize financial performance, enhance liquidity, and mitigate risk. As part of our commitment to security and innovation, we are expanding our Information Security Team and seeking a DevSecOps Engineer to drive security automation and best practices across … our cloud infrastructure and IT operations. Job Overview As a DevSecOps Engineer , you will play a pivotal role in integrating security practices into our DevOps pipeline and IT operations . Working at the intersection of operations, security, and development , you will collaborate closely with internal teams to safeguard … alerts across Infosec, servers, firewalls, and applications. Conduct continuous monitoring of internal and third-party information security controls. Threat & Vulnerability Management: Assess SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) scans. Implement remediation and mitigation strategies in collaboration More ❯

Application Security Consultant – Remote CSSLP, CISSP, OSWE, GWAPT, CREST CRT/CCT App A leading Technology consultancy is looking for an Application Security Consultant to play a key role in embedding security into the heart of modern software development practices. The role: You’ll work … is especially focused on cloud-native development in AWS environments. Key responsibilities include: Embedding secure coding practices and supporting design/code reviews Implementing SAST, DAST, SCA, and other security checks into DevOps workflows Supporting secure API design and cloud-native architecture Acting as a key escalation point for … vulnerability triage and remediation Delivering developer enablement through workshops and hands-on threat modelling What you’ll bring: 3+ years in application or product security roles Strong grasp of application-level threats, secure design, and remediation strategies Experience with IaC security (Terraform, CloudFormation), container security More ❯

Overview: Additional Information: Please note, this role requires working full-time onsite, five days per week. NON Negotiable We are seeking an experienced IT Security Engineer to become a vital part of a growing IT Department. This critical role will focus on protecting our information assets through robust cybersecurity … measures, ensuring adherence to best practices, international standards, and local regulations. Ideally suited to candidates who possess expert knowledge of security frameworks including NIST 800, ISO 27001, and cybersecurity guidelines from PRA, FCA, and ICO. Candidates with at least 3 years' relevant experience in finance or banking, particularly as … and disposal. Conduct security evaluations on network and firewall policies and manage application security in both development and testing phases (SAST, DAST). Liaise with internal audit teams and international cybersecurity operations centres to implement security policies and controls. Provide cybersecurity training to ensure staff More ❯

Senior Product Security Engineer Location: London Salary: £200,000+ A leading global quantitative investment firm is seeking a Senior Product Security Engineer to strengthen the security of its trading systems, cloud infrastructure, and business applications. This is a hands-on, high-impact role working across a modern … tech stack in a fast-paced environment. Key Responsibilities Implement and maintain security controls across low-latency systems and multi-cloud platforms (AWS, Azure, Alibaba Cloud) Collaborate with engineering teams to integrate … secure coding practices into the SDLC Conduct threat modeling, vulnerability assessments, and code reviews Automate security processes through CI/CD integration using SAST, DAST, and related tools Assess third-party vendors and enforce security standards Mentor teams on security architecture and best practices What We’re More ❯

London-based Quant Trading fund is looking for a Senior Security Architect to influence architecture and lead strategic security projects during a period of rapid expansion. The incoming Security Architect will work with IT, cloud, and engineering teams to implement security solutions for low-latency systems … and multi-cloud platforms (AWS and Azure). Whilst this is predominantly a security architecture role, the incoming architect will perform an advisor/consulting role, helping to guide and influence technology stakeholders to build secure and robust systems. Role and Responsibilities: Support the implementation of security controls … environments Perform vendor security reviews to assess third-party security practices and ensure compliance with standards Integration of security scanning tools (SAST, DAST, etc.) into CI/CD pipelines and runtime environments to ensure continuous security monitoring and threat detection across Cloud - AWS, Azure, and on More ❯

About Us Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure … with internal product and engineering teams to identify potential issues in product designs. Assist in the adoption of shared cybersecurity services such as SCA, SAST, and DAST. Participate in the development and adoption of new standards and policies. Impart education to key stakeholders from both technology and business teams regarding … SSDF, ASVS, and other cybersecurity frameworks. Knowledge of cryptographic techniques and implementations. Familiarity with security tooling used to support a SSDLC (SCA/SAST/DAST/container scanning). A strong desire to stay current and understand emerging technologies and risks. Strong project management skills to drive and More ❯

You will need to login before you can apply for a job. DevSecOps Security Engineer - Tesco Mobile Sector: Technology Role: Professional Contract Type: Permanent Hours: Full Time About the role: As one of our DevSecOps Security Engineers, you will be helping the team manage and deploy solutions on … platforms in a secure and optimised manner. This will include all aspects of security, maintaining an evolving programme of work to address prioritised concerns, helping to identify threats and risks, and working to implement solutions and mitigations. You will also work with the rest of the squad to incorporate … projects. Significant experience with cloud providers AWS and Azure. Experience of CI/CD pipelines and adding security tooling to these. Experience using SAST and other techniques to improve code security. Experience using AWS Security Hub, Azure Security Center, etc. to improve cloud security position. Willingness More ❯

productivity of development teams and ensure seamless integration and deployment of applications. Responsibilities: • Tool Development: Design, develop, and maintain tools that support software development, testing, and deployment processes. • Automation: Implement automation solutions to streamline workflows and reduce manual intervention. • Integration: Ensure seamless integration of tools with existing systems and … processes to ensure clear communication and knowledge sharing. • Innovation: Stay updated with the latest technologies and best practices in platform engineering and tool development. • Security: Implement security measures to protect tools and systems from potential threats. • Training and Support: Provide training and support to team members on the … Bamboo, GitLab, Ansible. • Cloud Platforms: Knowledge of cloud services like AWS, Azure, or Google Cloud Platform. • Security: Experience with tools for delivering SCA, SAST, DAST capabilities. • Monitoring and Logging: Proficiency with tools like Splunk, Dynatrace, Datadog, Prometheus, Grafana. • Version Control: Strong understanding of Git and version control practices. • Scripting More ❯

We are looking for a skilled Java Developer with DevOps knowledge to join our DevSecOps team. If you're passionate about automation, security, and scalable software development, this role offers the opportunity to build plugins, develop REST APIs, and enhance CI/CD workflows—all while ensuring security doesn’t slow down business operations. What You’ll Do: 🔹 Develop Gradle/Maven/npm/PyPi plugins for SBOM collection and security scanning 🔹 Build and maintain REST API microservices using Java 17 (and occasionally Go), deploying them on OpenShift/Kubernetes 🔹 Integrate security tools like … improve development workflows What We’re Looking For: 🔹 Strong Java development experience (especially in web-based applications) 🔹 Understanding of DevSecOps principles (Shift Left, SCA, SAST) 🔹 Experience with Linux, Bash scripting, and containerization tools (Docker, Kubernetes, OpenShift) Bonus Points If You Have: 🔹 Experience with JavaScript, TypeScript, Go, or Python 🔹 Familiarity with More ❯

internally to produce a stronger offering than ever before in our mission to empower people to be the best version of themselves. As a Security Engineer, you'll provide hands-on technical expertise to guide software development, delivery and continuous improvement focusing on risk and security. You'll help … new Digital Platform so that it is secure and compliant with both internal and industry regulations. You'll analyze new feature code to identify security risks and work with engineers to mitigate them, applying modern security standards such as OWASP CI/CD, DSOMM, SAMM, and Cloud Security …/3, AMQP, streaming protocols) and cloud network design (VPNs, subnets, regions/zones), as well as integration technologies (Auth0, APIM). Expertise with SAST & SCA systems like Snyk and Checkmarx. Experience with DAST systems such as OpenZAP and Qualys DAST, preferably with HTTP APIs. Ability to manage large-scale More ❯

security hardening: Audit React, GraphQL and FastAPI layers to eliminate XSS/CSRF and strengthen CSP Static analysis remediation: Triage and address SAST findings RBAC rollout: Finalise and implement role-based access controls Audit logging: Structure and surface user action logs in the app 💻 Tech Stack Frontend: React … Apollo GraphQL Backend: FastAPI (Python) Infra/Security: GitHub Actions, SAST tools, Auth0 (or equivalent), RBAC, CSP ✅ What We’re Looking For Must-haves: 5+ years building production-grade web apps (React + Python) CI/CD experience with microservices Hands-on with modern auth providers (Auth0, Kinde, Okta … a must Bonus points for: Experience migrating to managed auth Exposure to Kubernetes, Terraform or Helm Working in early-stage, high-growth startups under security constraints 💬 How We Work You’ll ship iteratively, demo weekly, and document your work for long-term sustainability. We value clean code, proactive ownership More ❯