17 of 17 Permanent Static Application Security Testing Jobs in Berkshire

Cloud Application Security Engineer/AppSec Engineer/Cloud Security Engineer/AWS Security Hybrid – London (2 days in-office) | Competitive Salary + Bonus + Benefits Are you passionate about securing cutting-edge digital platforms in a fast-moving fintech environment? We're seeking an experienced … Okta, threat modelling and a strong understanding of security frameworks like ISO27001, OWASP or NIST, and the ability to drive secure coding practices, SAST and DAST, we want to hear from you! About the Role As a Cloud Application Security Engineer, you will be the go-to … security using more broad controls. A strong understanding of vulnerability identification and exploitation techniques and proficiency in using security tools such as SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) Knowledge of security frameworks such as ISO More ❯

treasury solutions, empowering investment firms with cutting-edge technology to optimize financial performance, enhance liquidity, and mitigate risk. As part of our commitment to security and innovation, we are expanding our Information Security Team and seeking a DevSecOps Engineer to drive security automation and best practices across … our cloud infrastructure and IT operations. Job Overview As a DevSecOps Engineer , you will play a pivotal role in integrating security practices into our DevOps pipeline and IT operations . Working at the intersection of operations, security, and development , you will collaborate closely with internal teams to safeguard … alerts across Infosec, servers, firewalls, and applications. Conduct continuous monitoring of internal and third-party information security controls. Threat & Vulnerability Management: Assess SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) scans. Implement remediation and mitigation strategies in collaboration More ❯

Senior Application Security Engineer Salary: up to £100,000 + bonus + benefits Location: UK – Remote This company is scaling its security function and is hiring Senior Application Security Engineers to help embed secure development practices across its engineering teams. You’ll play a hands … on role in identifying and resolving vulnerabilities, integrating security into the SDLC, helping developers create software that is secure, robust, and production-ready by design. You’ll be joining a high-impact security team at a pivotal point in the company’s growth. The environment spans legacy systems … hands-on experience in application security and secure software development. Strong knowledge of secure coding practices and common vulnerabilities (OWASP) Experience with SAST, DAST, and IAST tools and integrating them into CI/CD pipelines. Proficiency in writing and reviewing code (JavaScript, Java, Python) with an emphasis on More ❯

Senior Application Security Engineer Salary: up to £100,000 + bonus + benefits Location: UK – Remote This company is scaling its security function and is hiring Senior Application Security Engineers to help embed secure development practices across its engineering teams. You’ll play a hands … on role in identifying and resolving vulnerabilities, integrating security into the SDLC, helping developers create software that is secure, robust, and production-ready by design. You’ll be joining a high-impact security team at a pivotal point in the company’s growth. The environment spans legacy systems … hands-on experience in application security and secure software development. Strong knowledge of secure coding practices and common vulnerabilities (OWASP) Experience with SAST, DAST, and IAST tools and integrating them into CI/CD pipelines. Proficiency in writing and reviewing code (JavaScript, Java, Python) with an emphasis on More ❯

to see. This job is with the software supply chain company - securing and powering how software gets delivered everywhere. What you'll do: Embed security across the platform, from source to prod. Architect security controls across distributed, cloud-native systems. Lead threat modeling and security reviews (and … get people to enjoy them) Pen-test services and infra (ethically, please). Extend security automation and monitoring with tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc. Harden everything from container runtimes to APIs to artifact pipelines. Write secure code, review other people’s code, and … a software engineer. Python for sure and a bit of TypeScript never hurt anyone. Deep application security knowledge Hands-on experience with SAST, DAST, RASP, and securing cloud (preferably AWS). Strong grasp of container security, API security, IaC, and CI/CD. You’ve done More ❯

to see. This job is with the software supply chain company - securing and powering how software gets delivered everywhere. What you'll do: Embed security across the platform, from source to prod. Architect security controls across distributed, cloud-native systems. Lead threat modeling and security reviews (and … get people to enjoy them) Pen-test services and infra (ethically, please). Extend security automation and monitoring with tools like CircleCI, GitHub Actions, DataDog, AWS Security Hub, etc. Harden everything from container runtimes to APIs to artifact pipelines. Write secure code, review other people’s code, and … a software engineer. Python for sure and a bit of TypeScript never hurt anyone. Deep application security knowledge Hands-on experience with SAST, DAST, RASP, and securing cloud (preferably AWS). Strong grasp of container security, API security, IaC, and CI/CD. You’ve done More ❯

Overview: Additional Information: Please note, this role requires working full-time onsite, five days per week. NON Negotiable We are seeking an experienced IT Security Engineer to become a vital part of a growing IT Department. This critical role will focus on protecting our information assets through robust cybersecurity … measures, ensuring adherence to best practices, international standards, and local regulations. Ideally suited to candidates who possess expert knowledge of security frameworks including NIST 800, ISO 27001, and cybersecurity guidelines from PRA, FCA, and ICO. Candidates with at least 3 years' relevant experience in finance or banking, particularly as … and disposal. Conduct security evaluations on network and firewall policies and manage application security in both development and testing phases (SAST, DAST). Liaise with internal audit teams and international cybersecurity operations centres to implement security policies and controls. Provide cybersecurity training to ensure staff More ❯

Senior Product Security Engineer Location: London Salary: £200,000+ A leading global quantitative investment firm is seeking a Senior Product Security Engineer to strengthen the security of its trading systems, cloud infrastructure, and business applications. This is a hands-on, high-impact role working across a modern … tech stack in a fast-paced environment. Key Responsibilities Implement and maintain security controls across low-latency systems and multi-cloud platforms (AWS, Azure, Alibaba Cloud) Collaborate with engineering teams to integrate … secure coding practices into the SDLC Conduct threat modeling, vulnerability assessments, and code reviews Automate security processes through CI/CD integration using SAST, DAST, and related tools Assess third-party vendors and enforce security standards Mentor teams on security architecture and best practices What We’re More ❯

CI/CD pipelines Practical experience integrating Git-based workflows and build tools Demonstrated use of Application Security (AppSec) tools including: SCA , SAST , Container Security , and SBOM Management Hands-on proficiency with at least one major cloud provider: AWS , Azure , or GCP (mandatory) Ability to architect and … capable Solutions Architect to work on the front lines of digital transformation. If you're excited about shaping the future of software delivery and security, we’d love to hear from you. More ❯

You will need to login before you can apply for a job. DevSecOps Security Engineer - Tesco Mobile Sector: Technology Role: Professional Contract Type: Permanent Hours: Full Time About the role: As one of our DevSecOps Security Engineers, you will be helping the team manage and deploy solutions on … platforms in a secure and optimised manner. This will include all aspects of security, maintaining an evolving programme of work to address prioritised concerns, helping to identify threats and risks, and working to implement solutions and mitigations. You will also work with the rest of the squad to incorporate … projects. Significant experience with cloud providers AWS and Azure. Experience of CI/CD pipelines and adding security tooling to these. Experience using SAST and other techniques to improve code security. Experience using AWS Security Hub, Azure Security Center, etc. to improve cloud security position. Willingness More ❯

to become part of our growing Cyber Engineering Services. A successful candidate for the Cyber Engineer role will possess a solid foundation as a security engineer, responsible for ensuring the security of complex global environments and designing security solutions at scale. This includes extensive expertise in application … secure technical solutions to protect against cyber threats and potential cyber-attacks. The role will be focused on detection engineering within the strategic Element security tooling. Core Responsibilities Assist in the design and implementation of technical solutions and security toolsets to address security vulnerabilities, mitigate cyber threats … with various security technologies such as NDR/content filtering/FW/IPS/IDS/DDOS, EDR/MDR, DAST/SAST, Identity Access Management, SIEM & SOAR, log management. Preferable experience in Azure, AWS, Defender, Darktrace. Experience and technical knowledge in multiple areas of cyber defence operations. More ❯

to become part of our growing Cyber Engineering Services. A successful candidate for the Cyber Engineer role will possess a solid foundation as a security engineer, responsible for ensuring the security of complex global environments and designing security solutions at scale. This includes extensive expertise in application … secure technical solutions to protect against cyber threats and potential cyber-attacks. The role will be focused on detection engineering within the strategic Element security tooling. Core Responsibilities Assist in the design and implementation of technical solutions and security toolsets to address security vulnerabilities, mitigate cyber threats … with various security technologies such as NDR/content filtering/FW/IPS/IDS/DDOS, EDR/MDR, DAST/SAST, Identity Access Management, SIEM & SOAR, log management. Preferable experience in Azure, AWS, Defender, Darktrace. Experience and technical knowledge in multiple areas of cyber defence operations. More ❯

operations workflows. 2,Cybersecurity Integration: Apply cybersecurity best practices throughout the software development lifecycle (SDLC). Analyze cyber vulnerabilities, propose mitigation strategies, and enforce security guidelines. Set up tools and processes to monitor and enhance product security. 3,Agile & SDLC: Strong understanding of Agile methodologies and the software development … Technical Skills (Must-Have): DevOps: CI/CD pipelines, containerization, infrastructure as code (IaC). Cybersecurity: Vulnerability assessment, threat mitigation, security tooling (e.g., SAST/DAST). Requirements: DevOps: CI/CD pipelines, containerization, infrastructure as code (IaC). Cybersecurity: Vulnerability assessment, threat mitigation, security tooling (e.g., SAST …/DAST). Power Systems: Application development (preferred). More ❯

an agile delivery environment. Own the end-to-end CI/CD lifecycle including environment management, monitoring, and integration of security tools (e.g. SAST, SCA). Champion automation across infrastructure (e.g. Terraform, Ansible) and testing frameworks. Engage with internal and external stakeholders to align technical delivery with business … competing priorities. Excellent communication and stakeholder engagement skills. Bachelor’s degree in Computer Science, Engineering, or equivalent experience. Desirable: Copado Compliance Hub and Robotic Testing experience. Retail or e-commerce background. Experience with containerisation (Docker), orchestration (Kubernetes), and cloud-native architectures. Relevant certifications (e.g. Copado Consultant, DevOps Engineer). More ❯

We are looking for a skilled Java Developer with DevOps knowledge to join our DevSecOps team. If you're passionate about automation, security, and scalable software development, this role offers the opportunity to build plugins, develop REST APIs, and enhance CI/CD workflows—all while ensuring security doesn’t slow down business operations. What You’ll Do: 🔹 Develop Gradle/Maven/npm/PyPi plugins for SBOM collection and security scanning 🔹 Build and maintain REST API microservices using Java 17 (and occasionally Go), deploying them on OpenShift/Kubernetes 🔹 Integrate security tools like … improve development workflows What We’re Looking For: 🔹 Strong Java development experience (especially in web-based applications) 🔹 Understanding of DevSecOps principles (Shift Left, SCA, SAST) 🔹 Experience with Linux, Bash scripting, and containerization tools (Docker, Kubernetes, OpenShift) Bonus Points If You Have: 🔹 Experience with JavaScript, TypeScript, Go, or Python 🔹 Familiarity with More ❯

security hardening: Audit React, GraphQL and FastAPI layers to eliminate XSS/CSRF and strengthen CSP Static analysis remediation: Triage and address SAST findings RBAC rollout: Finalise and implement role-based access controls Audit logging: Structure and surface user action logs in the app 💻 Tech Stack Frontend: React … Apollo GraphQL Backend: FastAPI (Python) Infra/Security: GitHub Actions, SAST tools, Auth0 (or equivalent), RBAC, CSP ✅ What We’re Looking For Must-haves: 5+ years building production-grade web apps (React + Python) CI/CD experience with microservices Hands-on with modern auth providers (Auth0, Kinde, Okta … a must Bonus points for: Experience migrating to managed auth Exposure to Kubernetes, Terraform or Helm Working in early-stage, high-growth startups under security constraints 💬 How We Work You’ll ship iteratively, demo weekly, and document your work for long-term sustainability. We value clean code, proactive ownership More ❯

Cloud is a plus). Using Infrastructure as Code (IaC) and Configuration Management tools like Terraform and Ansible to build and secure environments. Embedding security best practices and compliance benchmarks directly into IaC and CM workflows. Integrating infrastructure with CI/CD pipelines (e.g. GitHub Actions … . Deploying applications using Kubernetes, EKS, ECS, and Lambda — with a preference for Kubernetes/EKS experience. Implementing pipeline security controls, such as SAST, vulnerability scanning, and code linting. Monitoring and securing infrastructure using AWS services like CloudWatch, Athena, Config, and CloudTrail. Why join us - This is an opportunity More ❯