1 to 25 of 295 Static Application Security Testing Jobs in the UK

Position Overview Fast growing FinTech seeking a technically proficient Principal Application Security Architect to join our innovative FinTech organisation. This role is critical in shaping the security posture of complex, cloud-native applications that power fast-growing financial services and digital payments platforms. As an Application Security Architect, you will work closely with software engineers … teams. Security Testing & Automation Oversee the deployment and tuning of automated application security testing tools including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA). Collaborate with development teams to integrate security testing seamlessly into CI/CD pipelines … security or secure software engineering, preferably within FinTech or highly regulated industries. Hands-on experience with a range of application security testing tools including SAST, DAST, and SCA, and integrating these into automated build and deployment pipelines. Practical expertise with threat modeling methodologies such as STRIDE, PASTA, or Attack Trees. Strong knowledge of secure coding More ❯

Cyber Security Engineer - London (Hybrid) - £700 per day inside IR35 - 4 months+ All applicants must hold an active SC clearance. My client is on the hunt for a Cyber Security Engineer to join a central government client of theirs. You will be joining an AppSec team focused on building security automation into delivery pipelines and conducting security … digital services. Key Responsibilities Perform penetration testing and vulnerability assessments of web applications, APIs, and cloud infrastructure. Evaluate the automated security tooling into CI/CD pipelines (SAST, DAST, dependency checking, IaC etc), and make necessary recommendations. Collaborate with developers to remediate identified vulnerabilities and ensure secure code practices. Provide expert input on cloud security (AWS, Azure … or GCP) and DevSecOps tooling. Assist in maintaining security assurance across the SDLC in line with MoJ and NCSC guidelines. Essential Criteria Penetration testing, ethical hacking, or vulnerability assessments. Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc.). DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub Advanced Security, IaC scanning, etc. More ❯

designing, developing, and maintaining large-scale, secure, and high-performing solutions. This role involves mentoring and coaching junior team members, translating stakeholder requirements into actionable user stories, and embedding security throughout the software development life cycle. The position calls for strong technical expertise, collaborative mindset, and an ability to deliver innovative solutions that align with business objectives. Experience Requirements … Software Development & Principles Programming Languages: Proficiency in one or more of: Java, Spring Boot, Python, JavaScript, TypeScript, ReactJS SOLID Principles: Familiarity with object-oriented and clean coding practices Testing & BDD Unit Testing Frameworks: Experience with Cypress, Cucumber, Behave, Selenium, or similar tools Domain-Specific Languages: Knowledge of BDD approaches (e.g., Cucumber, Gherkin) for test automation Containerisation & Microservices Container … to build, configure, and secure cloud environments effectively Security & CI/CD Security Integration: Familiarity with embedding security checks at every phase of the SDLC (e.g., SAST, DAST) Automation Pipelines: Experience with Continuous Integration (CI), Continuous Delivery (CD), and continuous testing tools (e.g., Jenkins, GitHub Actions) Agile & Mentorship Agile Delivery: Background in Scrum or Kanban, assisting More ❯

designing, developing, and maintaining large-scale, secure, and high-performing solutions. This role involves mentoring and coaching junior team members, translating stakeholder requirements into actionable user stories, and embedding security throughout the software development life cycle. The position calls for strong technical expertise, collaborative mindset, and an ability to deliver innovative solutions that align with business objectives. Experience Requirements … Software Development & Principles Programming Languages: Proficiency in one or more of: Java, Spring Boot, Python, JavaScript, TypeScript, ReactJS SOLID Principles: Familiarity with object-oriented and clean coding practices Testing & BDD Unit Testing Frameworks: Experience with Cypress, Cucumber, Behave, Selenium, or similar tools Domain-Specific Languages: Knowledge of BDD approaches (e.g., Cucumber, Gherkin) for test automation Containerisation & Microservices Container … to build, configure, and secure cloud environments effectively Security & CI/CD Security Integration: Familiarity with embedding security checks at every phase of the SDLC (e.g., SAST, DAST) Automation Pipelines: Experience with Continuous Integration (CI), Continuous Delivery (CD), and continuous testing tools (e.g., Jenkins, GitHub Actions) Agile & Mentorship Agile Delivery: Background in Scrum or Kanban, assisting More ❯

designing, developing, and maintaining large-scale, secure, and high-performing solutions. This role involves mentoring and coaching junior team members, translating stakeholder requirements into actionable user stories, and embedding security throughout the software development life cycle. The position calls for strong technical expertise, collaborative mindset, and an ability to deliver innovative solutions that align with business objectives. Experience Requirements … Software Development & Principles SOLID Principles: Familiarity with object-oriented and clean coding practices Testing & BDD Unit Testing Frameworks: Experience with Cypress, Cucumber, Behave, Selenium, or similar tools Domain-Specific Languages: Knowledge of BDD approaches (e.g., Cucumber, Gherkin) for test automation Containerisation & Microservices Container Technologies: Practical understanding of Docker or equivalent solutions Microservice Patterns: Experience architecting microservice-based systems … to build, configure, and secure cloud environments effectively Security & CI/CD Security Integration: Familiarity with embedding security checks at every phase of the SDLC (e.g., SAST, DAST) Automation Pipelines: Experience with Continuous Integration (CI), Continuous Delivery (CD), and continuous testing tools (e.g., Jenkins, GitHub Actions) Agile Delivery: Background in Scrum or Kanban, assisting Product Owners More ❯

our company, clients, and partners worldwide. Take on a vital role as part of a high-performing team delivering secure software solutions. Contribute to shaping the future of software security at one of the world's leading financial institutions. As a Lead Security Engineer within the Platform team, you will be instrumental in delivering software solutions that meet … misuse and malicious behavior. You will carry out critical technology solutions with tamper-proof, audit-defensible methods across various technical domains and business functions. Job Responsibilities Design and enforce security best practices in public cloud environments (AWS, Azure, GCP … . Define and implement infrastructure as Code (IaC), work with CI/CD pipelines, and automation tools. Integrate security testing into CI/CD pipelines (e.g., SCA, SAST, DAST). Conduct code reviews, threat modeling, and vulnerability assessments on applications. Develop production deployment strategies that go beyond routine approaches to meet stakeholder needs. Create scripts and automation to More ❯

Senior Security Engineer We are seeking an experienced Senior Security Engineer to join our dynamic Security Team. In this key role, you will be a key contributor to Funding Circle's cloud and application security posture. You will leverage your deep expertise in AWS security, secure software development lifecycle (SSDLC) practices, and CI/… CD security to implement and champion robust security solutions. You will act as a subject matter expert and mentor, collaborating closely with engineering and product teams to embed security seamlessly into our cloud infrastructure and development processes, ensuring the protection of our platform and customer data in a fast-paced FinTech environment. Who are we? We're … Deep, demonstrable expertise in designing, implementing, securing, and managing a wide range of AWS security services . Proven, hands-on experience architecting, building, and integrating security tooling (SAST, DAST, SCA, secrets management, IAST) and automated security controls within CI/CD pipelines (e.g., GitLab CI, Jenkins, GitHub Actions). Strong track record of defining, implementing, measuring, and More ❯

Role: Cyber Security Engineer Salary/Rate: up to £700 per day (inside IR35) Location: Hybrid LondonContract Duration: until October 2025 We are currently looking for a Cyber Security Engineer for our government client. This Cyber Security Engineer role is hybrid, based between 2-3 days per week on site in central London and the remainder of … the week working remotely. The contract for the Cyber Security Engineer position is until October 2025 with potential to extend, operating inside IR35. Security Clearance: Security Check ("SC Clearance") This role is inside IR35 - Due to the service of the role, it will now be based on an Umbrella solution. Essential skills/experience required: Certifications: OSCP … desirable Role/Responsibilities: Perform penetration testing and vulnerability assessments of web applications, APIs, and cloud infrastructure. Evaluate the automated security tooling into CI/CD pipelines (SAST, DAST, dependency checking, IaC etc), and make necessary recommendations. Collaborate with developers to remediate identified vulnerabilities and ensure secure code practices. Provide expert input on cloud security (AWS, Azure More ❯

Join to apply for the Cyber Security Engineer role at Circle Group 1 week ago Be among the first 25 applicants Join to apply for the Cyber Security Engineer role at Circle Group Cyber Security Engineer Salary/Rate: up to £700 per day (inside IR35) Location: Hybrid London Contract Duration: until October 2025 We are currently … looking for a Cyber Security Engineer for our government client. This Cyber Security Engineer role is hybrid, based between 2-3 days per week on site in central London and the remainder of the week working remotely. Role: Cyber Security Engineer Salary/Rate: up to £700 per day (inside IR35) Location: Hybrid London Contract Duration: until … desirable Role/Responsibilities Perform penetration testing and vulnerability assessments of web applications, APIs, and cloud infrastructure. Evaluate the automated security tooling into CI/CD pipelines (SAST, DAST, dependency checking, IaC etc), and make necessary recommendations. Collaborate with developers to remediate identified vulnerabilities and ensure secure code practices. Provide expert input on cloud security (AWS, Azure More ❯

The Role Embed security best practices within the SDLC … collaborating with developers to ensure secure coding. Conduct security assessments, identify potential threats, and mitigate risks in web and mobile applications. Perform application security testing (SAST, DAST) and manual security code reviews. Implement and manage security tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise … testing, or software security engineering. Strong knowledge of secure coding principles in one or more languages (e.g., Python, Java, JavaScript, Go, .NET). Hands-on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top More ❯

The Role Embed security best practices within the SDLC … collaborating with developers to ensure secure coding. Conduct security assessments, identify potential threats, and mitigate risks in web and mobile applications. Perform application security testing (SAST, DAST) and manual security code reviews. Implement and manage security tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise … testing, or software security engineering. Strong knowledge of secure coding principles in one or more languages (e.g., Python, Java, JavaScript, Go, .NET). Hands-on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top More ❯

on our company, clients, and partners worldwide. In this critical role, you will be part of a high-performing team delivering secure software solutions, shaping the future of software security at one of the world's largest companies. Responsibilities Design and enforce security best practices in public cloud environments (AWS, Azure, GCP). … Define and implement infrastructure as Code (IaC), and work with CI/CD pipelines and automation tools. Integrate security testing into CI/CD pipelines (e.g., SCA, SAST, DAST). Conduct code reviews, threat modeling, and vulnerability assessments on applications. Develop production deployment strategies, thinking beyond routine approaches. Create scripts and automation to streamline security operations, using … Python or Go. Collaborate effectively with third-party vendors and internal teams. Maintain security by following industry insights and regulations, and by evolving security protocols. Evaluate security architecture and work to simplify and automate security measures. Work with stakeholders to understand security needs and recommend improvements. Analyze current architecture and applications, providing security guidance. More ❯

Join to apply for the Junior Security Engineer role at Funding Circle UK Continue with Google Continue with Google Join to apply for the Junior Security Engineer role at Funding Circle UK Description Junior Security Engineer We are seeking an enthusiastic and motivated Junior Security Engineer to join our dynamic Security Team. This is an … excellent opportunity to kick-start or develop your career in cybersecurity within a fast-paced FinTech environment. You will support our Cloud and Application Security initiatives, learning from experienced engineers and contributing to the protection of our platform and customer data. You will assist in implementing security controls, supporting the secure software development lifecycle (SSDLC), helping to … Groups). Familiarity with core application security principles (e.g., understanding OWASP Top 10 vulnerabilities) Experience with or strong aptitude for learning security tools (e.g., Wiz, SAST, DAST, SCA, vulnerability scanners). Knowledge of or familiarity with Infrastructure as Code (IaC), particularly Terraform, is a plus. Familiarity with container technologies (Docker, Kubernetes) is a bonus. Good knowledge More ❯

challenges. We are dedicated to consistently updating our job descriptions to ensure we continue to lead in banking innovation. How you will contribute and key responsibilities: As a Senior Security Engineer, you will be instrumental in designing and implementing security measures for our mobile applications, services, and websites to meet the highest security standards. Your expertise will … help us continuously analyse and improve our security systems, ensuring that our products and services are not only secure by design but also comply with internal and external regulatory requirements. Other responsibilities include: Security Analysis and Improvement: Continuously analyse our security systems for potential improvements, ensuring that our defences remain at the forefront of cybersecurity practices Vulnerability … Event driven streaming technologies, Logging and monitoring, networks, firewalls, load balancers, DNS, CDNs, Working knowledge of agile DevSecOps environments, and CI/CD (Git, Concourse, Terraform), Working knowledge of SAST, DAST, RASP, and IAST tools and building security into existing SDLC processes, Knowledge of cloud Security Architecture of public clouds (such as AWS or GCP), Security certification More ❯

do your best work. Learn more at iongroup.com . Your role Your duties and responsibilities: Work with cloud platform teams to design, develop, debug and support platforms, services and application workspaces. Work with the application teams to design, develop, debug and support new cloud-native applications and migrate existing applications to the cloud. Regularly evaluate the best cloud … applications, hardware, and practices to keep the ION Cloud up to date with the best of breed available in the industry. Maintain strong and continuous engagement with security SMEs internally and externally to ensure the ION Cloud architecture and operating model is up to the top security standards. Work with stakeholders to understand customers' needs and to implement …/CD environment. OWASP Top 10, SANS CWE, OpenSAMM, BSIMM, etc. Penetration testing, vulnerability scanning. Implementation of security monitoring tools. Implementing pipelines that make use of SCA, SAST, DAST, IAST and RASP solutions. Qualifications: SANS/SEC-540: Cloud Security and DevSecOps Automation. Systems Security Certified Practitioner (SSCP). Certified Information Systems Security Professional (CISSP More ❯

Job Title: Cyber Security Engineer – MUST HAVE INSURANCE EXPERIENCE Department: Cyber Security Reports To: Head of Security Architecture & Engineering Salary: GBP600 Per Day Inside IR35 Location: Central London (3 days per week on site, 2 days per week remote) The Role We're looking for a hands–on Application Security Engineer with a strong engineering … mindset and a background in financial services, insurance, or fintech . You'll be embedded with product and engineering teams, driving secure development practices and owning security controls across our SDLC and cloud–native platforms. This is a technical role , not for architects or managers – you'll be writing code … integrating tools, running threat modelling sessions, and solving real–world security problems. What You'll Do Lead threat modelling , secure design reviews, and AppSec assessments. Integrate and automate SAST, DAST, SCA , and container scanning in CI/CD. Triage and drive remediation of vulnerabilities across cloud and app layers. Deliver security controls via code (Terraform, YAML, scripting). More ❯

Job Title: Cyber Security Engineer - MUST HAVE INSURANCE EXPERIENCE Department: Cyber Security Reports To: Head of Security Architecture & Engineering Salary: £600 Per Day Inside IR35 Location: Central London (3 days per week on site, 2 days per week remote) The Role We're looking for a hands-on Application Security Engineer with a strong engineering … mindset and a background in financial services, insurance, or fintech . You'll be embedded with product and engineering teams, driving secure development practices and owning security controls across our SDLC and cloud-native platforms. This is a technical role , not for architects or managers - you'll be writing code … integrating tools, running threat modelling sessions, and solving real-world security problems. What You'll Do Lead threat modelling , secure design reviews, and AppSec assessments. Integrate and automate SAST, DAST, SCA , and container scanning in CI/CD. Triage and drive remediation of vulnerabilities across cloud and app layers. Deliver security controls via code (Terraform, YAML, scripting). More ❯

challenges. We are dedicated to consistently updating our job descriptions to ensure we continue to lead in banking innovation. How you will contribute and key responsibilities: As a Senior Security Engineer, you will be instrumental in designing and implementing security measures for our mobile applications, services, and websites to meet the highest security standards. Your expertise will … help us continuously analyse and improve our security systems, ensuring that our products and services are not only secure by design but also comply with internal and external regulatory requirements. Other responsibilities include: Security Analysis and Improvement: Continuously analyse our security systems for potential improvements, ensuring that our defences remain at the forefront of cybersecurity practices. Vulnerability … Event driven streaming technologies, Logging and monitoring, networks, firewalls, load balancers, DNS, CDNs, Working knowledge of agile DevSecOps environments, and CI/CD (Git, Concourse, Terraform), Working knowledge of SAST, DAST, RASP, and IAST tools and building security into existing SDLC processes, Knowledge of cloud Security Architecture of public clouds (such as AWS or GCP), Security certification More ❯

challenges. We are dedicated to consistently updating our job descriptions to ensure we continue to lead in banking innovation. How you will contribute and key responsibilities: As a Senior Security Engineer, you will be instrumental in designing and implementing security measures for our mobile applications, services, and websites to meet the highest security standards. Your expertise will … help us continuously analyse and improve our security systems, ensuring that our products and services are not only secure by design but also comply with internal and external regulatory requirements. Other responsibilities include: Security Analysis and Improvement: Continuously analyse our security systems for potential improvements, ensuring that our defences remain at the forefront of cybersecurity practices. Vulnerability … Event driven streaming technologies Logging and monitoring, networks, firewalls, load balancers, DNS, CDNs Working knowledge of agile DevSecOps environments, and CI/CD (Git, Concourse, Terraform) Working knowledge of SAST, DAST, RASP, and IAST tools and building security into existing SDLC processes Knowledge of cloud Security Architecture of public clouds (such as AWS or GCP) Security certification More ❯

Role: Cyber Security Engineer Contract Duration: Until 1st October 2025 Rate: £700/day Security Clearance: SC required Expenses: Reimbursed when travelling away from base office A leading digital security function is seeking an experienced Cyber Security Engineer to strengthen its Application Security (AppSec) capabilities. This role focuses on embedding automated security controls … within CI/CD pipelines and delivering hands-on testing of cloud-based … services. Key Responsibilities: Conduct penetration tests and security assessments on web apps, APIs, and cloud platforms Review and optimise security automation tools within CI/CD workflows (SAST, DAST, IaC scanning, etc.) Partner with developers to fix vulnerabilities and champion secure coding Provide subject-matter expertise in cloud security (AWS, Azure, or GCP) and DevSecOps tooling Ensure More ❯

re located within a commutable distance of our offices so that we're able to interact and collaborate in person. About the role: We are looking for an experienced Security Engineer to join our growing Security Engineering team, working closely with the GRC & compliance team and the various Engine Technology teams to make sure security is at … the heart of all our technical processes. Your place within the team will depend on your individual strengths and interests. This role will cover a wide array of security areas across our multi-tenant SaaS cloud environments and internal infrastructure and will require a skilled individual to spearhead efforts in fortifying both infrastructure and application platforms, against potential … into the software development lifecycle Experience performing secure code reviews and security approvals including the use of static and dynamic application security testing (SAST/DAST) tools. Experience in Cryptography management & enhancements Experience configuring and utilising cloud-native security logging, monitoring, and detection services Relevant security certifications such as ISC2 CC, CISSP More ❯

Story Behind the Need • Business group: Application Security - deploying application security vulnerability testing tools used by the Bank for vulnerability testing; currently doing a lot of modernization projects updating portfolio for statis dynamic and mobile testing • Project: Resource will be playing a key role in deploying components of the strategic solution for Application … CD pipelines and automation (e.g. Jenkins) Nice-To-Have Skills: • Cloud solution and containerization deployment experience - GCP(1st), AWS(2nd), Azure(3rd), • Experience with security testing tools (SAST, SCA, DAST) • Experience/knowledge of security best practices around connectivity (MTLS, SAML, OAuth Client and Credentials IP Allow Listing) • Cybersecurity experience • Experience from large highly matrixed enterprise organizations … initiative, strong problem solver and is a strategic thinker and can identify solution; experience using vulnerability and security testing tools to help with understanding of software composition (SAST, SCA, DAST), best will have used the tools themselves and have an understanding of how they work, strong independent developer, with programming and automation expertise Feedback from previous supplier calls More ❯

Lead the design and implementation of secure, scalable DevSecOps solutions across cloud, on-prem, and hybrid environments Advise customers on best practices for CI/CD, containerisation, and integrating security across the SDLC Collaborate with Sales and Consulting teams to develop technical proposals and bid responses Facilitate customer workshops, design reviews, and solution assurance activities Drive innovation and thought … SAFe, Kanban, etc.) Deep expertise in Kubernetes (vanilla, EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with … are still areas of our business with clear hiring requirements - and we would like to bring talent like you on board! By the way, we have completely virtualised our application process and our recruiters remain available to you should you have any questions. We are still looking forward to getting to know you More ❯

Lead the design and implementation of secure, scalable DevSecOps solutions across cloud, on-prem, and hybrid environments Advise customers on best practices for CI/CD, containerisation, and integrating security across the SDLC Collaborate with Sales and Consulting teams to develop technical proposals and bid responses Facilitate customer workshops, design reviews, and solution assurance activities Drive innovation and thought … SAFe, Kanban, etc.) Deep expertise in Kubernetes (vanilla, EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with … are still areas of our business with clear hiring requirements - and we would like to bring talent like you on board! By the way, we have completely virtualised our application process and our recruiters remain available to you should you have any questions. We are still looking forward to getting to know you! About us Computacenter is a leading More ❯

Lead the design and implementation of secure, scalable DevSecOps solutions across cloud, on-prem, and hybrid environments Advise customers on best practices for CI/CD, containerisation, and integrating security across the SDLC Collaborate with Sales and Consulting teams to develop technical proposals and bid responses Facilitate customer workshops, design reviews, and solution assurance activities Drive innovation and thought … SAFe, Kanban, etc.) Deep expertise in Kubernetes (vanilla, EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with … are still areas of our business with clear hiring requirements - and we would like to bring talent like you on board! By the way, we have completely virtualised our application process and our recruiters remain available to you should you have any questions. We are still looking forward to getting to know you! About us Computacenter is a leading More ❯