1 to 25 of 27 Static Application Security Testing Jobs in the UK

within CI/CD Pipelines Ensure Agent Operates Reliably Across Production Engineering Environments Tooling & Security Integration: Integrate with Enterprise Security Tooling, including: SAST/SCA/DAST Secret Scanning Infrastructure - as - Code Security Tools Embed into Developer Workflows (GitLab/GitHub, CI/CD Pipelines, Ticketing Systems … Building LLM - Powered or Agentic Applications Prior Use of Claude Code or similar Tools to Accelerate Engineering Workflows Deep Application Security Expertise: SAST/SCA/DAST/Secret Scanning Secure Code Review Threat Modelling (OWASP Top 10, API Top 10, LLM Security Risks) Experience Integrating Security ...

Linux and Windows Operating Systems Key Responsibilities Integrate security controls and best practices into SDLC and CI/CD pipelines. Support and manage SAST, SCA, IaC, and dependency scanning activities. Identify vulnerabilities and provide remediation guidance to development teams. Promote secure-by-design principles and DevSecOps culture across engineering … automation. Required Skills & Experience Strong understanding of DevSecOps implementation and Secure SDLC practices. Experience with Static Application Security Testing (SAST) and Software Composition Analysis (SCA) tools. Knowledge of Infrastructure-as-Code (IaC) security and dependency scanning. Hands-on experience with vulnerability management and remediation support. ...

include but not be limited to: DevSecOps & Pipeline Security Implement and maintain security testing in GitLab CI pipelines Configure and tune SAST, DAST, dependency scanning, and secrets detection Build automated security gates that balance rigour with delivery velocity Enable self-serve security tooling for development … security, DevSecOps, and secure software development Hands-on experience with CI/CD security integration (GitLab CI or similar) Familiarity with SAST/DAST tooling and dependency scanning Understanding of common vulnerabilities (OWASP Top 10) and remediation Previous experience working as a back end or full stack ...

Senior Cloud Security Engineer (London or Bristol) We are HealthHero, Europe’s largest digital clinic. Join us at a pivotal moment as we scale our digital healthcare platform across Europe — giving you the chance to shape security at the heart of a fast-growing, AI-driven business. … SDLC Champion integration of security testing into CI/CD pipelines across all development teams and usage of automated security gates: SAST, DAST, dependency scanning, secrets detection Enable self-serve security tooling for development teams Ability to set up development environment Cloud Security Own cloud ...

Application Security Engineer Manchester - Hybrid, 3 days a week in the office. Commutable from Stockport, Wigan, Bolton, Rochdale, Bury, Sale, Liverpool, Warrington, and Runcorn. Up to £75,000 + benefits We're partnered exclusively with a Fintech business in Manchester who've been building their own SaaS platform … right in here. Key skills needed: Strong background in application security, ideally in a SaaS or Fintech environment Experience with SAST, DAST, and SCA tooling - Snyk, Checkmarx, Semgrep, Burp Suite, or similar Threat modelling - comfortable running sessions with engineering and product teams Solid understanding of OWASP ...

Statera Talent is working on a senior Cyber Security leadership role with a well respect global financial organisation. This is a high-visibility position focused on leading a global vulnerability risk programme across a complex technology environment. It would suit someone who can combine technical security knowledge with … following: Vulnerability management across infrastructure, cloud and applications Risk-based prioritisation beyond basic severity scoring Security testing outputs such as SAST, DAST, SCA, infrastructure scanning, CSPM or penetration testing Working with engineering, infrastructure, application and security teams to drive remediation Executive-level reporting, dashboards, metrics ...

DevSecOps Engineer – Security Led Delivery, 6 months, London/Hybrid, £550 - £600/day We’re supporting a major media & entertainment organisation looking for a hands-on DevSecOps Engineer to drive application security and BAM (Business Application Measures) improvements across a large enterprise environment. This … required: Strong DevSecOps/Application Security engineering background GitHub administration & GitHub Advanced Security (GHAS) CI/CD pipeline security integration SAST/DAST tooling (CodeQL, Semgrep, OWASP ZAP etc.) Secret scanning, dependency scanning, container & IaC scanning OIDC/short-lived credentials Security remediation & vulnerability management ...

Retail Hybrid: either London or Welwyn Garden City (whichever is closest) 3 days per week 6 months £850 per day In short: Our Application Security team require a strong Python generalist to run, deploy and maintain purpose-built applications. You’ll need solid experience across Python development, DevOps … collaborate with cross-functional teams to integrate security practices. Experience working in an agile environment, such as Scrum. Nice to have Experience with SAST/DAST tooling and security automation Familiarity with API security patterns (JWT, OAuth, rate limiting) Comfortable working with AI-assisted development tools Experience ...

Retail Hybrid: either London or Welwyn Garden City (whichever is closest) 3 days per week 6 months £850 per day In short: Our Application Security team require a strong Python generalist to run, deploy and maintain purpose-built applications. You’ll need solid experience across Python development, DevOps … collaborate with cross-functional teams to integrate security practices. Experience working in an agile environment, such as Scrum. Nice to have Experience with SAST/DAST tooling and security automation Familiarity with API security patterns (JWT, OAuth, rate limiting) Comfortable working with AI-assisted development tools Experience ...

Security Architect 2-3 days Bristol then rest remote 6 months likely extension £600pd outside IR35 Active DV or SC clearance required Key Responsibilities Architecture & Design Develop secure architecture designs for container platforms (e.g., Kubernetes, OpenShift, Docker). Architect and strengthen security controls across virtualisation technologies , including VMware … Classifications Policy Desirable Skills Experience with OpenShift or enterprise Kubernetes distributions. Hands on security tooling (Falco, Istio, Calico, etc.). Experience with SAST/DAST, SBOMs, and software supply chain security. Familiarity with automation tooling (Terraform, Ansible, Helm). Certifications such as: CCSK/CCSP CISSP CISM Kubernetes ...

requirements: • Seeking a strong application security expert with deep penetration testing exposure. • Must have knowledge of various AppSec tools and have a wider appreciation of cyber security in general. • Secure code review, managing SAST, DAST and VM tools across the firm globally • Knowledge of mobile pen testing is highly advantageous • Linux is a key component for the role ...

Senior Product Security Engineer London (Hybrid) Salary: £80,000 - £100,000 This is an opportunity to join a forward-thinking technology-driven business where security is embedded from day one. You will play a key role in shaping how products are built securely, working closely with engineering teams … modelling activities for new features and systems Collaborate closely with engineering teams to design secure architectures Integrate and optimise security tooling such as SAST, SCA, DAST and vulnerability scanning Help drive secure development lifecycle practices across teams Deliver secure engineering training and guidance to developers Support triage and remediation ...

Penetration Tester | London (Onsite)| A leading quantitative investment management firm is looking to hire a Penetration Tester to join its established Security Assurance function. The business operates at the intersection of technology and financial markets, running complex, high-performance infrastructure at scale, and takes a rigorous, engineering-led approach … tooling, scripts, and frameworks to automate testing and improve assessment coverage Integrate penetration testing into CI/CD pipelines, including validation of SAST/DAST findings and runtime security controls Provide mentorship and technical guidance to engineers on attack vectors, exploitation techniques, and secure design principles Stay ...

Azure Security Consultant - Azure DevSecOps Consultant – Information Security We are partnered with a major enterprise undergoing significant cloud-security transformation, and we're seeking an experienced Azure DevSecOps Consultant to join their Information Security function. This is a pivotal, hands-on role focused on designing, implementing … teams. Implementing automated cloud control validation aligned to internal and industry frameworks. Leading the adoption of Policy as Code principles. Integrating security tooling (SAST, DAST, SCA, secret scanning) into the DevOps toolchain. Creating documentation, SOPs, and guidance to support secure development and cloud practices. Translating complex technical risks into ...

high-impact software solutions within complex cloud and cyber environments. This role is ideal for someone who enjoys solving challenging technical problems, embedding security throughout the development lifecycle, and working collaboratively across engineering, delivery, and stakeholder teams. You will play a key role in designing, developing, and maintaining secure … security best practices DevSecOps & Automation Experience with CI/CD pipelines and automation tooling Knowledge of security integration across the SDLC including: SAST DAST Continuous testing Experience using tools such as Jenkins or GitHub Actions Containerisation & Testing Experience with Docker or similar containerisation technologies Experience with ...

Description Azure Security Consultant - Azure DevSecOps Consultant – Information Security We are partnered with a major enterprise undergoing significant cloud-security transformation, and we're seeking an experienced Azure DevSecOps Consultant to join their Information Security function. This is a pivotal, hands-on role focused on designing … teams. Implementing automated cloud control validation aligned to internal and industry frameworks. Leading the adoption of Policy as Code principles. Integrating security tooling (SAST, DAST, SCA, secret scanning) into the DevOps toolchain. Creating documentation, SOPs, and guidance to support secure development and cloud practices. Translating complex technical risks into ...

informed decisions powered by data from real people, collected in a privacy safe way. As we continue to expand, we’re seeking a Cloud Security and Platform Engineer who will play a key role in our engineering team, working on our underlying infrastructure that supports our applications and business. … policies · Knowledge of coding standards · Experience using AI tools to enhance productivity and quality · Experience working with security tooling such as SIEMs, SAST analysers, vulnerability scanners · Ability to enable teams through a pragmatic approach to security · Development experience with Python, Terraform and CloudFormation · Experience with AI Tooling ...

informed decisions powered by data from real people, collected in a privacy safe way. As we continue to expand, we’re seeking a Cloud Security and Platform Engineer who will play a key role in our engineering team, working on our underlying infrastructure that supports our applications and business. … policies · Knowledge of coding standards · Experience using AI tools to enhance productivity and quality · Experience working with security tooling such as SIEMs, SAST analysers, vulnerability scanners · Ability to enable teams through a pragmatic approach to security · Development experience with Python, Terraform and CloudFormation · Experience with AI Tooling ...

maintain CI/CD pipeline quality using Azure DevOps. Contribute to the design and maintenance of automated deployment pipelines. Drive DevSecOps best practices, including: SAST/DAST security scanning Dependency management Environment segregation Secure software development practices Quality & Compliance Ensure all solutions meet WCAG AA accessibility standards. Provide guidance … equivalent orchestration platforms. Cloud-native development on Microsoft Azure. Development Practices - Mandatory RESTful API design, development, and life cycle management. Secure development practices including SAST/DAST tooling and dependency management. Code review leadership - ability to set and enforce standards across a team. Technical documentation produced to a high standard. ...

platform for 10 years. As the business has scaled, so has the complexity of their engineering environment - and they've reached the point where security needs to be built into every stage of delivery, not bolted on at the end. They're hiring a DevSecOps Engineer … cloud-native environment Strong CI/CD experience - GitHub Actions, GitLab CI, Jenkins, or similar - and the ability to integrate security gates properly SAST, DAST, and SCA tooling - Snyk, Checkov, Trivy, Semgrep, or similar Infrastructure as Code - Terraform, CloudFormation - and identifying misconfigs before they hit production Container and Kubernetes ...

Engineer Location: London (Hybrid) Engagement Type: Day Rate Contract (Inside IR35) The Assignment This is a high-impact, tactical consulting role. Our client has security tooling in flightincluding Snyk, SonarQube, and automated pipelinesbut they need an consultant to make it land. Currently, they are battling tool noise, backlog fatigue … OWASP SAMM and NIST SSDF frameworks, translating findings into a prioritised 12-month risk-reduction roadmap. Pipeline Optimisation: Tuned tool signal-to-noise ratios (SAST, SCA, DAST, IaC) aggressively. Triage backlogs, suppress false positives, and refine CI/CD gates (GitHub Actions, Azure DevOps, or GitLab) to protect engineering velocity. ...

site. Financial Services Lorien's leading banking client is looking for a skilled Automation Test Engineer with strong experience of with Rest API testing in Java to join our London-based team. The ideal candidate will have strong experience of working with CI/CD Environments, Rest … pragmatic decision-making. Partner with product and engineering to convert requirements into clear, testable acceptance criteria and executable examples. Integrate security checks (SAST, dependency/SBOM) into CI pipelines and work with teams to drive remediation. Support operational readiness by helping maintain runbooks and observability standards. Coach engineers ...

first and microservices design principles. Contribute to CI/CD pipelines in Azure DevOps - build, test, and deployment automation. Apply DevSecOps practices including SAST/DAST scanning, dependency management, and environment segregation. Participate in code reviews, uphold coding standards, and implement secure development practices. Support Legacy system modernisation - migrating from … Terraform and/or Bicep Containerisation - Docker and/or Kubernetes Development Practices - Mandatory RESTful API design, development, and life cycle management Secure development - SAST/DAST tooling, code review, OWASP awareness Technical documentation to a high standard On-site in Taunton, Somerset - 2 days per week minimum Desirable Skills ...

stakeholders to refine requirements and shape technical solutions Guide cloud migration strategies and hybrid-cloud approaches Support rapid prototyping and technical investigation activities Embed security best practices and DevSecOps principles throughout delivery Contribute to CI/CD pipelines, automation, and engineering standards Coach and mentor engineers, supporting technical development … observability, scalability, and security within distributed systems DevSecOps & Automation Experience with CI/CD pipelines and automation tooling Knowledge of DevSecOps practices including SAST, DAST, and continuous testing Experience with tools such as Jenkins and GitHub Actions Containerisation & Testing Experience with Docker or containerisation technologies Strong understanding ...

Milan Italy). The Role The responsibilities will include: Help to design, build, and maintain AI‐augmented DevOps pipelines, integrating LLM‐powered tooling, automated testing, code generation, observability, and environment provisioning. Develop automation for operational workflows (permissions, tagging, remediation tasks, infrastructure housekeeping, monitoring pipelines) Help to build foundational components …/cloud‐native architectures. Implement as necessary any and all of the security processes required for operational suitability within WTW for solutions (including SAST and DAST processes) Ensure operational stability, observability, and controlled evolution of AI and agentic systems for the ICT Consultancy business Maintain & support AI tools ...