8 of 8 Contract Static Application Security Testing Jobs in the UK excluding London

Contract Role – AppSec Engineer/Application Security Engineer – London/Manchester/Glasgow/Hybrid – 12 months initial – Inside IR35 Role Overview: Job Title: AppSec Engineer/Application Security Engineer Location: Hybrid – 2 days onsite per week (London/Manchester/Glasgow) Contract Type: Contract Duration … Inside IR35) Sector: Banking Key Skills & Experience AppSec Engineer, experience with: The software security landscape: CVEs, CWEs, common software vulnerability types SAST, SCA, and DAST, including the strengths and weaknesses of each At least one programming language (e.g. Java, Go) At least one major cloud provider (e.g. ...

immediately available Test Manager with experience in connected vehicle ecosystems, IoT, or automotive software testing? This role provides leadership and oversight across all test activities, from planning through execution to sign-off, with accountability for ensuring that solutions are robust, reliable, and fit for purpose. The Test Manager will … distributed systems and microservices architectures. Working knowledge of OWASP standards, common security vulnerabilities, and experience conducting or coordinating security testing including SAST, DAST, and penetration testing. Understanding of authentication and authorization frameworks (OAuth, JWT, SAML) and familiarity with secure coding practices and threat modelling Experience in test ...

Contract Role – Senior Golang/Java Security Engineer – London/Manchester/Glasgow/Hybrid – 12 months initial – Inside IR35 Role Overview: Job Title: Senior Golang/Java Security Engineer Location: Hybrid – 2 days onsite per week (London/Manchester/Glasgow) Contract Type: Contract Duration: 12 months … Golang/Java Security Engineer experience with: Golang/Go or Java The software security landscape: CVEs, CWEs, common software vulnerability types SAST, SCA, and DAST, including the strengths and weaknesses of each At least one major cloud provider (e.g. AWS, GCP, Azure) REST API design HTTP Authentication ...

scan, and deployment processes. Extend Python tooling for SLSA provenance, SBOM generation, hash/digest validation, and security scan aggregation (SonarQube, Sonatype IQ, SAST/Container). Optimise pipeline performance using parallel builds, caching, scope-reduced BOMs, and dependency prefetching. Ensure artifact integrity through correct SHA1/SHA256 mapping … Terraform, and container image metadata. Knowledge of supply-chain security, including SLSA, CycloneDX SBOMs, and digests. Experience with SonarQube, Sonatype IQ, container and SAST scanning. Proven skills in pipeline performance tuning, including caching, parallelisation, and dependency pruning. Awareness of compliance and security standards relevant to CI/ ...

extend Python tooling for: SLSA provenance SBOM generation (CycloneDX) Hash/digest accuracy (SHA1/SHA256) Security scan aggregation (SonarQube, Sonatype IQ, SAST, container scanning) Optimise pipeline performance through parallelisation, caching, dependency prefetching, and BOM scope reduction. Ensure artifact integrity and reproducibility , including evidence modelling and digest validation. Refactor … container image metadata . Solid experience with software supply-chain security (SLSA, CycloneDX SBOMs, digests). Hands-on use of SonarQube, Sonatype IQ, SAST, and container scanning tools . Proven ability to optimise CI/CD performance (caching, parallel builds, dependency pruning). Awareness of compliance and secure ...

extend Python tooling for: SLSA provenance SBOM generation (CycloneDX) Hash/digest accuracy (SHA1/SHA256) Security scan aggregation (SonarQube, Sonatype IQ, SAST, container scanning) Optimise pipeline performance through parallelisation, caching, dependency prefetching, and BOM scope reduction. Ensure artifact integrity and reproducibility , including evidence modelling and digest validation. Refactor … container image metadata . Solid experience with software supply-chain security (SLSA, CycloneDX SBOMs, digests). Hands-on use of SonarQube, Sonatype IQ, SAST, and container scanning tools . Proven ability to optimise CI/CD performance (caching, parallel builds, dependency pruning). Awareness of compliance and secure ...

package, scan, deploy). Extend Python tooling for SLSA provenance, SBOM generation, hash/digest accuracy, and security scan aggregation (SonarQube, Sonatype IQ,SAST/Container). Optimize performance (parallel builds, caching, scope-reduced BOMs, dependency prefetch). Ensure artifact integrity (correct SHA1/SHA256 mapping, reproducible inputs, evidence … Helm/Terraform and container image metadata. Supply-chain security (SLSA, CycloneDX SBOM, digests). Experience with SonarQube, Sonatype IQ, container and SAST scanning. Proven performance tuning (caching, parallelization, dependency pruning). Compliance Awareness. ...

controls. Capture and assess evidence such as pipeline logs, approvals, artefact integrity/signing, access controls, and configuration baselines. Validate security posture via SAST/DAST scans, dependency and licence reviews, container/image policies, and supply-chain controls. Evaluate logging, monitoring, and observability practices. Map findings to compliance ...