1 to 25 of 47 DemandTrendPermanent Static Application Security Testing Jobs in England

locally based skills and technical expertise to drive innovation and adoption of new technology. Your role and responsibilities We are seeking a Cybersecurity Architect to join our Data and Application Security team. Our Data Security services cover a wide range of areas, including Cloud Access Security Brokers (CASB), Data Access Governance (DAG), PKI (Public Key Infrastructure … modelling workshops with cross-functional teams to identify potential security risks early in the software development lifecycle and recommending effective mitigation strategies. Designing and implementingsecurity testing (SCA, SAST, DAST) as part of the DevSecOps pipeline to identify and remediate vulnerabilities at every stage of the development process. Designing and implementing IaC security solutions to ensure secure provisioning … the software development lifecycle, automating security practices intoCI/CD pipelines, and ensuring seamless collaboration between security and development teams. Experience with automated SCA (Software Composition Analysis), SAST (Static Application Security Testing), and DAST (Dynamic Application Security Testing) to identify vulnerabilities early and throughout development. Application Security: Proficiency in More ❯

Senior Security Engineer (Product Security) Technology London New Senior Security Engineer (Product Security) London Ebury is a global fintech firm dedicated to empowering businesses to expand internationally through tailored and forward-thinking financial solutions. Since our founding in 2009, we've grown to a diverse team of over 1,700 professionals across 40+ offices and 29+ … contributions are valued. You'll play a key role in shaping the future of cross-border finance, while advancing your own career in a dynamic, high-growth industry. Senior Security Engineer London Office - Hybrid: 4 days in the office, 1 day working from home Role Overview We are seeking a Senior Security Engineer to embed security throughout … security architecture patterns and reference implementations Security Code Reviews & Testing Conduct in-depth security code reviews for critical features Implement automated security testing (SAST, DAST, IAST, SCA) Configure and tune security scanning tools (Aquasec, Trivy, Dependabot, etc) Review cryptographic implementations against industry standards Validate authentication and authorization implementations Ensure compliance with OWASP ASVS More ❯

About this role WRITER is seeking an Application Security Engineer with deep expertise in AppSec, DevSecOps automation, and red team operations to secure our AI and AGI applications. At WRITER, security is woven into the heart of our innovation. As we continue to push the boundaries of AI, we need a seasoned security engineer who can … applications, APIs, and model endpoints, simulating adversarial attacks to validate controls. Automate security testing at scale - Develop scripts, tools, and frameworks for continuous security assessment, including SAST, DAST, and SCA integration. Lead application-layer red team exercises - Plan and execute engagements that mimic sophisticated adversary techniques targeting AI systems. Hunt and validate vulnerabilities - Discover, reproduce, and … web application and API security, including cloud-native architectures. Technical Expertise Proficient with penetration testing tools (e.g., Burp Suite, OWASP ZAP, custom scripts). Skilled in SAST, DAST, and SCA tools. Strong understanding of application-layer attack techniques and exploitation. Experience with supply chain security and build pipeline hardening. Execution & Impact Demonstrated ability to identify More ❯

source solutions, and embracing enterprise agile methodology. We encourage professional development to ensure you bring innovative ideas to our products while satisfying your own intellectual curiosity. Our Global Information Security team's mission is to ensure the development, implementation, and management of a comprehensive program that effectively protects the confidentiality, integrity, and availability of Point72 information assets. Our team … is comprised of security professionals with expertise in a diverse portfolio of security disciplines. What you'll do Collaborate with the DevOps team to design, implement, and manage a robust DevSecOps framework for our software development pipeline, integrating security tools and processes into our CI/CD workflows to enhance the developer experience Champion a security … progress and identify outliers Implement and manage security testing tools and processes within the CI/CD pipeline, including static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA), and open source security (OSS) Work together with the DevOps team to automate security controls and More ❯

own our AppSec strategy - driving threat modeling, secure architecture design, and offensive security testing . You will lead manual and automated penetration testing, manage AppSec tooling (SAST, DAST, SCA), and build developer enablement programs. You'll also be responsible for vulnerability management, incident response for application-layer events, and ensuring compliance alignment for SOC 2, ISO … architectures in collaboration with Engineering teams. Offensive Security Testing Conduct penetration tests (white-box and black-box) for web applications and APIs. Perform dynamic (DAST), static (SAST), and software composition (SCA) analysis. Simulate adversary attack scenarios to validate controls and identify gaps. Secure SDLC Integration Embed security into every stage of development; implement automated security … vulnerability assessments. Expert knowledge of OWASP Top 10, web application and API security, and common vulnerability classes with practical remediation strategies. Hands-on experience with AppSec tooling (SAST, DAST, SCA) integrated into CI/CD pipelines. Strong programming and scripting skills (Python preferred) and ability to influence secure coding practices. Proven ability to lead incident response for application More ❯

Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008. We're seeking a Product Security Engineer to support secure development across our engineering teams. In this hands-on role, you'll help identify and mitigate product risks by participating in security reviews, improving … tooling, and supporting vulnerability remediation. You'll work closely with senior security engineers and cross-functional teams to build security into our software development lifecycle. This is a great opportunity for a security-minded engineer who wants to grow their technical breadth while making meaningful impact in a cloud-first, DevOps-centric environment. You must be comfortable … Reviews: Conduct structured threat modeling and security assessments for new features, architectures, and services. Vulnerability Management & Remediation: Work closely with engineering teams to identify and remediate vulnerabilities from SAST, DAST, SCA, container security, and cloud security scans. Code & Architecture Review: Conduct secure code reviews and architectural security assessments to identify risks early in the development process. More ❯

Product Security Architect page is loaded Product Security Architect Apply locations Leeds, UK Dublin, Ireland posted on Posted 14 Days Ago job requisition id JR129906 Product Security Architect Product Security Architect Location - Leeds/Dublin Hybrid - 2 days per week At Flutter, Product Security encompasses not just application code, but also infrastructure as code … the enterprise embed security into the product development lifecycles. This role is the key advisor on AppSec standards, secure development practices, threat modelling, and security tooling (e.g. SAST, DAST, SCA, IaC scanning, container security, etc.), ensuring consistency and maturity in how applications are built and maintained. By aligning teams with modern DevSecOps principles, developer enablement, and security … the development of a global secure development policy, including approved tools, practices, and coding standards. Technology & Tooling Strategy: Evaluate, recommend, and support the rollout of AppSec tools such as SAST, DAST, SCA, container and IaC scanners, runtime protections, and CI/CD pipeline integrations. Collaborate with platform and DevOps teams to ensure tool integration and automation into developer workflows across More ❯

Career progression with excellent training and development. Company events - Pub nights, sporting events, seasonal parties, socials Overview of the role IFX Payments is seeking a technically skilled and proactive Application Security Engineer to embed secure development practices across its software delivery lifecycle. This role is critical in reducing application-layer risks, implementing secure coding standards, and ensuring … drive continuous improvement in application security posture. Responsibilities Secure Development Lifecycle (SDLC) Embed security controls into CI/CD pipelines and development workflows. Implement and manage SAST, DAST, and SCA tools to detect vulnerabilities early in the lifecycle Conduct secure code reviews and support developers in remediating findings. Threat Modelling & Architecture Review Lead threat modelling sessions using … experience in application security or secure software development. Strong understanding of OWASP Top 10, secure coding techniques, and threat modelling. Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners. Familiarity with cloud platforms (Azure or AWS), CI/CD pipelines, and DevOps practices. Knowledge of regulatory frameworks (ISO 27001, FCA, NIST). Excellent communication More ❯

places! This is where you come in. The Opportunity As IAG Loyalty evolves into a Platform as a Service business, we're looking for a talented and passionate Senior Application Security Engineer to join our security engineering team. You'll have a background in software engineering and a deep interest in application and API security. You … our CI/CD pipelines, facilitate threat modelling sessions, and review security-sensitive design decisions around authentication, cryptography, and logging. You'll also ensure that tools such as SAST, DAST, and SCA are effective and efficient, and that testing programmes - including pen testing, vulnerability scanning, and bug bounty - are delivering value. You'll triage vulnerabilities, support engineering … vulnerabilities, including the OWASP Top 10 Proficient in coding, scripting (e.g. Python, Bash), and automating security in CI/CD Hands-on experience with security tools like SAST, DAST, and SCA Familiar with cloud environments (especially AWS), containers, and microservices Comfortable reviewing technical designs, performing threat modelling, and advising on secure architecture Strong communicator who collaborates well with More ❯

The Cyber Security Architect will work closely with the solution architects and enterprise architects to improve and maintain the cyber security of NAVBLUE'S products, services and infrastructure. The ideal candidate will play a critical role in designing and implementing cybersecurity frameworks to align with the business objectives and mitigate potential threats. Main Responsibilities: Perform Security Risk … and Threat analysis during the initial design and the Software Development Life Cycle planning, analysis, and design phases. Providing recommendations and requirements for mitigating any security weaknesses identified while defining Non-Functional Requirements in coordination with Solutions Architects. Ensure Security by Design is embedded within the Software Development Life Cycle, while ensuring that all security requirements have … Working knowledge of the SDLC and AWS network architecture Knowledge of the SAFe Agile method would be an asset Understanding of security testing in the software pipeline (SAST, DAST, SCA, RASP) Knowledge of STRIDE, DICE and other threat and risk frameworks Knowledge of AWS tools Proven experience managing multiple projects simultaneously Practical interpersonal skills; adaptable to all levels More ❯

and software management, anchored in a continuous innovation culture. What you'll be doing: As a DevOps Engineer at Ripjar you will be responsible for ensuring the reliability and security of the infrastructure that underpins our development and operational services. You will play an active role in supporting and continuously improving our core infrastructure offering, providing a solid foundation … and applications hosted on Linux-based systems. Design, deploy and maintain IP networks. Create robust automated solutions to allow development teams to self-serve routine infrastructure requests. Improve code security by integrating security testing tools into build and deployment pipelines. Implement effective monitoring of the reliability and security of applications and infrastructure services. The successful candidate … of automating tasks using languages and tools such as Bash, Python, JavaScript, and GitHub Actions. Knowledge of how to effectively use security testing and monitoring tooling, e.g. SAST and SIEM products. Candidates with the following background will be of particular interest: Experience contributing to incident response across a complex microservice-based application Application Security best More ❯

Job Summary We are seeking a pragmatic and highly skilled DevSecOps Engineer to join our Platform team. In this role, you will be responsible for identifying, prioritising and remediating security issues as a security engineer and lead analyst to support the broader organisation. You will collaborate closely with Platform, Infrastructure, Development and Security teams to embed security … modelling, code and infrastructure reviews. Develop and execute incident response procedures, leveraging Sentinel playbooks and Logic Apps when required. CI/CD & Automation Integrate automated security testing (SAST, DAST, SCA) into Azure DevOps pipelines or GitHub Actions. Create Infrastructure as Code (IaC) with Terraform or ARM templates, embedding security checks. Automate security operations tasks using Azure … party tools). Ability to design and enforce patch windows and remediation SLAs. DevSecOps Toolchain Proficient with CI/CD tooling in Azure DevOps or GitHub Actions. Experience integrating SAST (e.g. SonarQube), DAST (e.g. OWASP ZAP) and SCA (e.g. Dependabot, Snyk) into pipelines. Infrastructure as Code: Terraform, ARM or Bicep. Container & Cloud Security Knowledge of containerisation (Docker, Kubernetes/ More ❯

manager, engineer, quality assurance, mentor, problem solver, and collaborative team member-ensuring both technical excellence and alignment with business goals. What will you be doing? Collaborate with solution architects, application architects and data engineers to develop solutions meeting delivery goals. Identifying and capturing work that needs to be done, including dependencies external to the team. Responsible for onboarding new … ensuring compliance with FA development standards and processes. Optimise the developer experience to make the development process easier and help the team to become more productive. Ensure that production application services and applications are monitored and observed proactively - spotting potential issues early. Continuously stretch engineers with meaningful challenges and provide honest, constructive feedback to accelerate their development. Monitor and … delivery. Experience of providing technical leadership and oversight with offshore and/or third-party delivery teams. Experience with unit testing, TDD and BDD. Experience with working with SAST (Static Application Security Testing) and SCA (Software Composition Analysis) tools e.g. Sonar. Experience with design and development of n-tier architectures. Knowledge of common software design More ❯

challenges. We are dedicated to consistently updating our job descriptions to ensure we continue to lead in banking innovation. How you will contribute and key responsibilities: As a Senior Security Engineer, you will be instrumental in designing and implementing security measures for our mobile applications, services, and websites to meet the highest security standards. Your expertise will … help us continuously analyse and improve our security systems, ensuring that our products and services are not only secure by design but also comply with internal and external regulatory requirements. Other responsibilities include: Security Analysis and Improvement: Continuously analyse our security systems for potential improvements, ensuring that our defences remain at the forefront of cybersecurity practices. Vulnerability … Event driven streaming technologies, Logging and monitoring, networks, firewalls, load balancers, DNS, CDNs, Working knowledge of agile DevSecOps environments, and CI/CD (Git, Concourse, Terraform), Working knowledge of SAST, DAST, RASP, and IAST tools and building security into existing SDLC processes, Knowledge of cloud Security Architecture of public clouds (such as AWS or GCP), Security certification More ❯

Security Development & Test Director £140,000 GBP Onsite WORKING Location: Central London, Greater London - United Kingdom Type: Permanent Security Development & Test Director London (Hybrid, 2-3 days onsite) Up to £140,000 + Benefits + Bonus We're hiring a Security Development & Test Director to lead a rapidly growing security capability at a major global consultancy. … This is a leadership role where you'll shape strategic offerings around secure software development, DevSecOps, and security testing - while staying hands-on enough to influence tooling, architecture, and delivery standards across complex client environments. You'll be joining a high-performing cyber team with serious backing and a strong pipeline of transformation work across multiple sectors. … What you'll be doing: Leading the definition and implementation of secure architecture and DevSecOps practices across large-scale client programmes Overseeing security testing operations - including tooling (SAST, DAST, SCA), processes and coverage Driving service maturity and quality across delivery, with a focus on automation, governance, and continuous improvement Supporting business development and client engagement - from presales and More ❯

Security Development and test Director £100,000 to 135,000 GBP Bonus Hybrid WORKING Location: Central London, Greater London - United Kingdom Type: Permanent Security Development & Test Director Permanent | London or Birmingham (Hybrid) | £135,000 + 20% Bonus + £6,000 Car Allowance | Senior Director Level This is a rare opportunity for an accomplished leader in secure development to … shape and drive the future of secure architecture, DevSecOps integration, and software security testing across large-scale transformation programmes. You'll work at both strategic and operational levels, embedding secure-by-design principles across software pipelines while driving improvements in security architecture, tooling, and compliance. This senior role offers significant autonomy and impact-perfect for someone with … SDLC Define and govern secure architecture and ensure alignment with enterprise policies and industry frameworks (e.g. OWASP, NIST, ISO 27001) Drive DevSecOps integration into CI/CD pipelines, embedding SAST, DAST, SCA and container security tools Own the security testing process, improving automation, coverage, and remediation velocity Champion secure design, threat modelling and coding best practices across More ❯

Gartner and Forrester, and our sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008. We're seeking a Product Security Engineer to support secure development across our engineering teams. In this hands-on role, you'll help identify and mitigate product risks by participating in security reviews, improving … design reviews and backlog grooming. Threat Modelling : Participate in structured threat modelling exercises with guidance from senior team members. Vulnerability Triage : Work with engineering teams to review findings from SAST, SCA, DAST, and container scans and track remediation progress. Code & Config Review : Conduct basic secure code and configuration reviews, escalating high-risk findings as needed. Security Tooling & Automation : Help … e.g., Python, Java, JavaScript, Go, or C#). Familiarity with cloud platforms (AWS, Azure, or GCP) and container technologies (Docker, Kubernetes). Exposure to security tooling such as SAST, SCA, or DAST scanners (e.g., Semgrep, Endor, Burp). Basic understanding of identity and access controls (OAuth, SAML, API tokens). Strong collaboration and communication skills, with a willingness to More ❯

65k - £78K + bonus, benefits) We are working with a globally renowned and industry leading UK brand who are going through an exciting phase of growth across their wider Security function, resulting in the need for a DevSecOps Engineer. As a DevSecOps Engineer, you will work within a newly established team in a role that sees you provide hands … on Application Security and DevSecOps responsibilities, as well as being involved in various strategic activities. Your duties would include setting-up, securing and enhancing pipelines, scripting and automation, as well as looking at how things are done, what improvements can be made, supporting cyber change initiatives and driving security awareness/practices as necessary. This role will … most companies of a similar size, who also offer some of the best perks & benefits available! Key skills and experience required: DevSecOps experience Application Security expertise across SAST, DAST & SCA Background and experience in Software Development/Scripting/Automation Ability to work in a fast-paced environment Ability to work on-site for key strategic/important More ❯

Security Engineer (Vlocity/Salesfore Industries) (Hands on recent career experience of Salesforce Industries/Vlocity is essential) FPSG have a fantastic opportunity to join a large-scale digital transformation programme aimed at uniting multiple internal business units under a new, secure, cloud-native digital platform. Ideal for a hands-on Security Engineer who enjoys embedding security … and cloud network architecture (VPNs, subnets, zones) Experience with API security and integration-related platforms such as Auth0 or API Gateways Proficiency with security tools including SAST (e.g. Snyk, Checkmarx), SCA, and DAST (e.g. OpenZAP, Qualys DAST) Ability to manage secure operations of large-scale software estates, including deployment pipelines, rollback strategies, and uptime monitoring Practical experience building … Engineer, Information Security Specialist, Salesforce Industries, Vlocity, Azure, OWASP CI/CD, DSOMM, SAMM, Cloud Security Posture Management, Prisma Cloud, Azure Defender, Snyk, Checkmarx, OpenZAP, Qualys, DAST, SAST, CI/CD, Infrastructure Security, Auth0, Secure APIs, Networking Protocols, DevSecOps, Secure Development, CRM Security Next Steps Please click "Apply now" and submit your up-to-date CV More ❯

Security Engineer Permanent Hybrid - 2 or 3 days p/w on-site Tunbridge Wells area (Hands on recent career experience of Salesforce Industries/Vlocity is essential) FPSG have a fantastic opportunity to join a large-scale digital transformation programme aimed at uniting multiple internal business units under a new, secure, cloud-native digital platform. Ideal for a … and cloud network architecture (VPNs, subnets, zones) Experience with API security and integration-related platforms such as Auth0 or API Gateways Proficiency with security tools including SAST (e.g. Snyk, Checkmarx), SCA, and DAST (e.g. OpenZAP, Qualys DAST) Ability to manage secure operations of large-scale software estates, including deployment pipelines, rollback strategies, and uptime monitoring Practical experience building … Engineer, Information Security Specialist, Salesforce Industries, Vlocity, Azure, OWASP CI/CD, DSOMM, SAMM, Cloud Security Posture Management, Prisma Cloud, Azure Defender, Snyk, Checkmarx, OpenZAP, Qualys, DAST, SAST, CI/CD, Infrastructure Security, Auth0, Secure APIs, Networking Protocols, DevSecOps, Secure Development, CRM Security Next Steps Please click "Apply now" and submit your up-to-date CV More ❯

future states of the organisation and make faster, more informed decisions. The company is headquartered in London, with offices in Philadelphia, The Hague, Toronto, and Sydney. Role The Principal Security Engineer is a strategic, hands-on leader responsible for evaluating, evolving, and executing Orgvue's security engineering strategy across our entire application development and cloud-hosting estate. … Partnering closely with Information Security, Engineering, and Product teams, you will embed secure-by-design principles throughout the software-development lifecycle (SDLC), champion modern DevSecOps practices, and ensure that security is a first-class citizen in everything we build and operate. This role reports directly to the Chief Technology Officer (CTO) and maintains a dotted-line relationship with … Threat Modeling & Risk Assessment - Conduct regular architecture and code-level reviews, drive remediation plans, and present risk posture to leadership. Tooling & Automation - Evaluate, select, and integrate security tooling (SAST, DAST, SCA, container scanners, CSPM, CWPP) and champion IaC/Terraform modules for reusable controls. Collaboration & Mentorship - Act as a trusted advisor to engineering squads, provide security training, and More ❯

an outsized impact, you'll thrive here at Zopa, so join us, and make it count.Want to see us in action? Follow us on The team: Zopa's Product Security team ensures security is baked into our products from the very start of their lifecycles, all the way to the end. We provide the more pre-emptive, design … team of 18. Our current projects include ongoing security assessments and threat models of new, in-house created AI-based systems, improving our security tools - such as SAST and SCA, refining a SLSA strategy, helping to roll out an upcoming bounty program and more! We pride ourselves in being able to collaborate and integrate seamlessly with an engineering … avoid Integrating security tooling, stitching together CI steps, scripts, and small tools to automate security controls and visualise their results in a helpful manner. This could include SAST, SCA, DAST, secrets scanning, vulnerability scanning, or other tooling Being guardians of our Secure Development Lifecycle, ensuring security controls are baked in and "pushed left" as much as reasonably More ❯

Senior Security Engineer - Build, Secure, and Scale in a Cloud-Native Environment Location: Hybrid (UK-based) Salary: Competitive + Excellent Benefits Employment Type: Full-time, Permanent Are you a seasoned Security Engineer with a passion for protecting infrastructure at scale? A rapidly growing technology-driven organisation is looking for a Senior Security Engineer to play a pivotal … You'll join a high-performing Platform Engineering team, working alongside cloud specialists, DevOps professionals, and software engineers to build secure, scalable platforms. This is more than a pure security role - it's an opportunity to be hands-on in architecture, engineering, and compliance, while leading the charge on modern, cloud-first security strategy. Responsibilties: Designing and implementing … Hands-on expertise in cloud security (preferably AWS), including securing hybrid and multi-region architectures. Practical knowledge of security tooling: IDS/IPS, SIEM, vulnerability scanners, encryption, SAST/DAST tools, OWASP ZAP, etc. Strong understanding of network security protocols and best practices. Scripting and automation experience (e.g. Python). Proven experience with incident response and threat More ❯

we're enabling the fully automated enterprise-but innovation must be secure to be transformative. That's where you come in. We're looking for a Field Chief Information Security Officer (Field CISO) to serve as a strategic security advisor to our customers and partners, guiding them through the complex landscape of compliance, governance, and secure development of … Automations and Agentic AI. You'll work at the intersection of customer success, product innovation, and cybersecurity thought leadership-translating strategic security insights into real-world impact. What you'll do Act as the primary security advisor for clients, assessing their needs, and providing strategic recommendations. Conduct security risk assessments and design tailored strategies that align with … knowledge of security frameworks (e.g., NIST, ISO 27001) and compliance standards (e.g., GDPR, HIPAA, PCI-DSS). Strong expertise in secure SDLC, and application security tooling (SAST, DAST, SCA). Excellent communication skills with the ability to influence executive and technical stakeholders. Experience advising on or implementing security strategies in enterprise environments. Familiarity with software development More ❯

global, market-leading insurance organisation that's shaping the future of digital health and technology. This is your opportunity to be part of an innovative, forward-thinking environment where security, engineering excellence, and customer impact are at the heart of everything we do! What you'll do: Provide hands-on technical expertise in secure software development within a product … improve secure CI/CD pipelines and modern security practices. Ensure risk management, security, and quality are embedded in software delivery. Implement and manage security tooling (SAST, DAST) to support development and testing. Adhere to best practices in architecture, design, coding standards, and SDLC. Mentor and support continuous improvement within the engineering community. What you'll bring … Technical leadership with strong decision-making and prioritisation skills. Expertise in secure systems design and infrastructure. Experience securing CI/CD pipelines and using security tools. Expertise in key technologies such as .NET/C#, Azure PaaS, Javascript, and Salesforce APEX, and in frameworks such as React, Node, React-Native, Playwright, etc Holds the right to work in the More ❯