1 to 25 of 93 Permanent OWASP Jobs in England

across engineering and product teams Requirements: 3+ years experience in DevOps, security engineering, or cloud infrastructure Strong scripting skills (Python, Bash, or PowerShell) Familiarity with tools like Snyk, SonarQube, OWASP ZAP, or Aqua Experience with Kubernetes, Docker, and infrastructure-as-code (Terraform, Helm) Understanding of security frameworks (ISO 27001, NIST, CIS Benchmarks) Bonus Points Certifications: AWS Security Specialty, CISSP, or More ❯

principles in customer-facing SaaS platforms. Deep understanding of application security and secure SDLC across modern stacks (JavaScript/React, C#/.NET, Azure services, containers). Knowledge of OWASP Top 10 and mitigation strategies. Experience with modern authentication and authorization protocols (OpenID Connect, OAuth2.0). Hands-on experience with SAST/DAST tools and integration into SDLC. Proficiency in More ❯

principles in customer-facing SaaS platforms. Deep understanding of application security and secure SDLC across modern stacks (JavaScript/React, C#/.NET, Azure services, containers). Knowledge of OWASP Top 10 and mitigation strategies. Experience with modern authentication and authorization protocols (OpenID Connect, OAuth2.0). Hands-on experience with SAST/DAST tools and integration into SDLC. Proficiency in More ❯

ofmodern software development approaches such as automated testing, test driven development, continuous integration, pair programming, code review and version control have understanding of common web security risks such as OWASP Top 10, and the corresponding mitigations enjoy researching and learning new programming tools and techniques and sharing their skills with others have experience working in a collaborative environment, and an More ❯

in mentoring and adapting coaching style to diverse learning needs Confident communicator who can align technical solutions with business priorities Knowledge of secure coding practices and common vulnerabilities (e.g., OWASP Top 10) Familiarity with performance profiling and optimisation It would be a bonus if you also had: Commercial experience with serverless technologies (e.g., AWS Lambda, DynamoDB, API Gateway) Exposure to More ❯

and Azure DevOps (CI/CD) Familiarity with scripting languages like PowerShell, YAML, JSON Hands-on with application security tools and DevSecOps processes Understanding of frameworks and standards like OWASP, NIST SSDF, ISO27001, NCSC Experience with threat modelling, risk assessments, and secure design reviews Confident owning security strategy and tooling across complex product landscapes A strong communicator - able to engage More ❯

and Azure DevOps (CI/CD) Familiarity with scripting languages like PowerShell, YAML, JSON Hands-on with application security tools and DevSecOps processes Understanding of frameworks and standards like OWASP, NIST SSDF, ISO27001, NCSC Experience with threat modelling, risk assessments, and secure design reviews Confident owning security strategy and tooling across complex product landscapes A strong communicator - able to engage More ❯

through deployment, oversee secure coding and testing, and drive operational maturity and resilience against evolving threats What you'll do: Define and govern secure architecture standards, aligned with NIST, OWASP, ISO 27001, and enterprise policies Lead DevSecOps integration, embedding automated security testing (SAST, DAST, SCA, container security) into CI/CD pipelines Oversee large-scale secure development programs, ensuring SLA More ❯

/CD tools such as Jenkins, AWS CodePipeline, GitLab CI, or GitHub Actions Solid understanding of relational and NoSQL databases (e.g., PostgreSQL, MongoDB) Knowledge of security best practices (e.g. OWASP) and performance optimization Excellent leadership, communication, time management and mentoring skills, with the ability to influence technical direction Desirable Qualifications Experience in fintech, payments, or enterprise SaaS platforms Exposure to More ❯

/Postgres , databases DevOps: CI/CD, Docker , containerisation, Ubuntu/Linux, AWS , Serverless, CDK/CDKTF , Ansible Quality & Analytics: Postman API, testing frameworks, web analytics Patterns: Secure SDLC, OWASP Top 10 , TDD , Git-based workflows Must-have experience Proven delivery of full-stack web applications (frontend + backend + API) from design to production deployment . Hands-on with More ❯

/Postgres , databases DevOps: CI/CD, Docker , containerisation, Ubuntu/Linux, AWS , Serverless, CDK/CDKTF , Ansible Quality & Analytics: Postman API, testing frameworks, web analytics Patterns: Secure SDLC, OWASP Top 10 , TDD , Git-based workflows Must-have experience Proven delivery of full-stack web applications (frontend + backend + API) from design to production deployment . Hands-on with More ❯

. Proficient in Git or other version control systems. Desirable Knowledge, Skills and Experience: Certifications in OCI or other cloud platforms (AWS, GCP). Experience with security tools like OWASP ZAP, Burp Suite, etc. Familiarity with Jira, Confluence, or similar tools. Knowledge of compliance frameworks (e.g., GDPR, HIPAA, ISO 27001, ISO 13485). Background in start-up or scale-up More ❯

. Familiarity with containerisation and infrastructure tools such as Docker, Kubernetes, Helm, and Terraform. Expertise in performance optimisation, caching, and monitoring. A solid understanding of secure coding practices and OWASP guidelines. Desirable: Exposure to Guidewire Software (PolicyCenter, BillingCenter) and mobile frameworks like Ionic Capacitor. You’ll Excel Here If You: Enjoy leading by example and mentoring others. Can translate complex More ❯

Note: this position includes participation in an on-call rotation. What we’re looking for 3+ years in software engineering plus 2+ years in application security. Strong knowledge of OWASP, application vulnerabilities, and security testing techniques. Experience with secure web application development and Agile/DevOps methodologies. Familiarity with pen testing, bug bounty, or hacker community collaboration. Strong communication skills More ❯

Provide mentoring, training, and security awareness support to internal teams. Essential Skills & Experience Strong hands-on experience in application and cloud security engineering. Deep understanding of web app vulnerabilities (OWASP Top 10, CWE) and secure coding practices. Proficiency with security testing tools and vulnerability management platforms. Broad knowledge of network and infrastructure security concepts (WAFs, ACLs, VPNs, etc.). Familiarity More ❯

Provide mentoring, training, and security awareness support to internal teams. Essential Skills & Experience Strong hands-on experience in application and cloud security engineering. Deep understanding of web app vulnerabilities (OWASP Top 10, CWE) and secure coding practices. Proficiency with security testing tools and vulnerability management platforms. Broad knowledge of network and infrastructure security concepts (WAFs, ACLs, VPNs, etc.). Familiarity More ❯

Provide mentoring, training, and security awareness support to internal teams. Essential Skills & Experience Strong hands-on experience in application and cloud security engineering. Deep understanding of web app vulnerabilities (OWASP Top 10, CWE) and secure coding practices. Proficiency with security testing tools and vulnerability management platforms. Broad knowledge of network and infrastructure security concepts (WAFs, ACLs, VPNs, etc.). Familiarity More ❯

embedding security in agile development environments Hands-on knowledge of cloud platforms , CI/CD pipelines , and scripting (PowerShell, YAML, JSON, etc.) Familiarity with frameworks and standards such as OWASP , NIST SSDF , ISO27001 , or NCSC Practical experience with threat modelling , security tooling , and risk assessments Excellent communication skills, able to influence and engage at all levels from developers to execs More ❯

embedding security in agile development environments Hands-on knowledge of cloud platforms , CI/CD pipelines , and scripting (PowerShell, YAML, JSON, etc.) Familiarity with frameworks and standards such as OWASP , NIST SSDF , ISO27001 , or NCSC Practical experience with threat modelling , security tooling , and risk assessments Excellent communication skills, able to influence and engage at all levels from developers to execs More ❯

Not expecting you to be a cloud architect, but you should know your way around. DevSecOps practices – secure pipelines, IaC security, dependency scanning, GitHub/Jenkins integrations. Application security – OWASP Top 10, SAST/DAST tooling, secrets management, API security. Threat modelling – Ideally STRIDE, or something better. And you can do it with a dev team, not just in theory. More ❯

certifications: CISSP, CISM, CISA, or equivalent Higher education sector experience Multi-tenant SaaS architecture security experience DevSecOps and CI/CD security integration knowledge Security frameworks: NIST, CIS Controls, OWASP Multi-jurisdictional data protection knowledge Enterprise sales cycle support experience Key Attributes Strategic thinker who can balance security with business needs Pragmatic approach to security implementation Detail-oriented with strong More ❯

certifications: CISSP, CISM, CISA, or equivalent Higher education sector experience Multi-tenant SaaS architecture security experience DevSecOps and CI/CD security integration knowledge Security frameworks: NIST, CIS Controls, OWASP Multi-jurisdictional data protection knowledge Enterprise sales cycle support experience Key Attributes: Strategic thinker who can balance security with business needs Pragmatic approach to security implementation Detail-oriented with strong More ❯

certifications: CISSP, CISM, CISA, or equivalent Higher education sector experience Multi-tenant SaaS architecture security experience DevSecOps and CI/CD security integration knowledge Security frameworks: NIST, CIS Controls, OWASP Multi-jurisdictional data protection knowledge Enterprise sales cycle support experience Key Attributes: Strategic thinker who can balance security with business needs Pragmatic approach to security implementation Detail-oriented with strong More ❯

or supporting the higher education sector. Strong understanding of multi-tenant SaaS security. Knowledge of DevSecOps and integrating security in CI/CD pipelines. Familiarity with NIST, CIS Controls, OWASP, and other security frameworks. Awareness of global data protection and multi-jurisdictional privacy requirements. Experience supporting enterprise sales cycles with security expertise and assurance. Benefits: 25 days' holiday plus bank More ❯

profile with working samples of previously produced code * Docker * Laravel Livewire/Inertia * DevOps * Experience with security, form validation, XSS prevention, database security, session management, input validation and other OWASP guidelines You will be able to be part of something special. As the Lead, you will be given so much autonomy, and it is a true green field project. Job More ❯