1 to 25 of 35 Permanent Static Application Security Testing Jobs in London

London, United Kingdom Posted on 24/02/2025 Job Description: Security Testing Engineer Location: Remote with occasional travel as required Employment Type: Permanent About the Role Scrumconnect Consulting is looking for a Security Testing Engineer to ensure the security, resilience, and compliance of … GOV.UK digital services . This role involves identifying vulnerabilities, mitigating security risks, and ensuring adherence to government security policies and DDAT frameworks . You will work closely with developers, security architects, and business stakeholders to embed security testing into Agile development workflows and DevSecOps pipelines. … comprehensive security test plans for GOV.UK digital services. Identify security vulnerabilities through static and dynamic application security testing (SAST & DAST) . Ensure security testing is seamlessly integrated into CI/CD pipelines and DevSecOps processes. Define security requirements and best practices More ❯

Senior Security Engineer - Application Security London, UK Senior Security Engineer - Application Security Samsara's Mission Improve the safety, efficiency, and sustainability of the operations that power the global economy. Samsara (NYSE: IOT) is the pioneer of the Connected Operations Cloud, which is a platform … strategy, covering both product and internal systems. Collaborate on the design and implementation of scalable security controls including static code analysis (SAST), software composition analysis (SCA), and secret scanning pipelines. Perform in-depth threat models of critical systems and features, working with engineering and infrastructure teams to … Python or Go security best practices. Demonstrated ability to perform and lead threat modeling exercises and translate risks into actionable recommendations. Experience with SAST/SCA tools such as Semgrep, CodeQL, or Snyk, and integrating them into developer workflows. Hands-on knowledge of vulnerability management tools and workflows, including More ❯

Engineering - Tech Risk Advisory - Associate - London Job Description WHO WE ARE Led by the Chief Information Security Officer (CISO), Technology Risk secures Goldman Sachs against hackers and other cyber threats. We are responsible for detecting and preventing attempted cyber intrusions against the firm, helping the firm develop more secure … and design secure products and services, embedding implementation reviews as part of the SDLC and CI/CD pipeline via code analysis and penetration testing, and guiding technology innovation in terms of security and control across Goldman Sachs. The team plays a critical role in designing and assessing … impact, accuracy etc.), develop and customise detection capability of one or more of the following solutions: Static Application Security Testing (SAST) Dynamic/Interactive Application Security Testing (DAST/IAST) Software Composition Analysis (SCA) Infrastructure as Code (IaC) Container Security Mobile Security More ❯

a real impact on shaping a better, more sustainable future. We are very excited to be building a small and efficient Cyber and Information Security team at Octopus Energy Group. We're hiring for both Mid-Level and Senior Security Engineers . We are looking for ambitious, knowledgeable … and experienced Security Engineers to join our team, to grow with the rest of the company, and ensure we continue to do so in a secure and safe way. You will be a key partner in defining what Security is at Octopus Energy Group. We will be shaping … with security tools and technologies, such as web application firewalls (WAFs), and static and dynamic application security testing (SAST/DAST) tools Experience in endpoint (e.g., EDR and ZTNA) and cloud (e.g., CSPM and CNAPP) security tooling Experience with security SaaS solutions More ❯

Our consultancy client are currently looking for a couple of experienced Security/DevSecOps engineers to join their business. They operate in the FS and energy space so experience in banking or insurance or energy is a must for these roles. Working across clients you will develop and execute … strategies to fortify infrastructure, networks, and cloud environments. Lead security initiatives across the SDLC, integrating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Container scanning using tools such as CheckmarxOne, Prisma Cloud, or equivalents. Collaborate … will have strong knowledge of application security, secure coding practices, and tools like CheckmarxOne, Prisma Cloud, or similar platforms. With proficiency in SAST, DAST, SCA, and Container scanning, with hands-on experience integrating these tools into development pipelines. Extensive experience in endpoint security, cloud security, and More ❯

a job. View more categories View less categories Sector Engineering Role Specialist Contract Type Permanent Hours Full Time All the details Summary The Specialist Application Security Engineer will play a pivotal role in ensuring the integrity and security of our applications across various platforms. You will lead … ll do Focused on application security initiatives across cloud and on-premises environments, employing a diverse suite of tools including Semgrep for SAST, Snyk for SCA, GHAS for secret scanning, Burp Suite for DAST, and scripting for automation. Forge partnerships with external vendors to optimize and seamlessly integrate … hands-on experience in application security, with a track record of leadership or significant contributions in similar roles. Proficiency in Semgrep for SAST, Snyk for SCA, GHAS for secret scanning, Burp Suite for DAST, and automation scripting. Understanding of application security principles and best practices. Experience More ❯

treasury solutions, empowering investment firms with cutting-edge technology to optimize financial performance, enhance liquidity, and mitigate risk. As part of our commitment to security and innovation, we are expanding our Information Security Team and seeking a DevSecOps Engineer to drive security automation and best practices across … our cloud infrastructure and IT operations. Job Overview As a DevSecOps Engineer , you will play a pivotal role in integrating security practices into our DevOps pipeline and IT operations . Working at the intersection of operations, security, and development , you will collaborate closely with internal teams to safeguard … alerts across Infosec, servers, firewalls, and applications. Conduct continuous monitoring of internal and third-party information security controls. Threat & Vulnerability Management: Assess SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) scans. Implement remediation and mitigation strategies in collaboration More ❯

treasury solutions, empowering investment firms with cutting-edge technology to optimize financial performance, enhance liquidity, and mitigate risk. As part of our commitment to security and innovation, we are expanding our Information Security Team and seeking a DevSecOps Engineer to drive security automation and best practices across … our cloud infrastructure and IT operations. Job Overview As a DevSecOps Engineer , you will play a pivotal role in integrating security practices into our DevOps pipeline and IT operations . Working at the intersection of operations, security, and development , you will collaborate closely with internal teams to safeguard … alerts across Infosec, servers, firewalls, and applications. Conduct continuous monitoring of internal and third-party information security controls. Threat & Vulnerability Management: Assess SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) scans. Implement remediation and mitigation strategies in collaboration More ❯

Cloud Application Security Engineer/Cloud Security Engineer - AWS/AppSec/IAM (Okta) Application Security Engineer/AWS Security Engineer/CloudSec Location: Hybrid London (2 days per week onsite) Ready to drive secure engineering at scale in a leading fintech? Were looking … platforms. Youll work with DevOps and engineering teams to build secure-by-design solutions in AWS using tools like IAM, Okta, AWS Shield, and SAST/DAST. This is a high-impact role with a focus on AppSec, cloud security architecture, observability and secure software development . Key Responsibilities … practices across teams What You Bring Deep knowledge of AWS security tools & IAM Experience with Okta , service mesh, observability tooling Hands-on with SAST/DAST , secure development and vulnerability testing Familiar with ISO 27001, NIST, CIS Benchmarks, OWASP Top 10 Comfortable with Python, JavaScript or similar scripting More ❯

Application Security Consultant – Remote Not sure what skills you will need for this opportunity Simply read the full description below to get a complete picture of candidate requirements. CSSLP, CISSP, OSWE, GWAPT, CREST CRT/CCT App A leading Technology consultancy is looking for an Application Security Consultant to play a key role in embedding security into the heart of modern software development practices. The role: You’ll work closely with engineering teams to champion secure coding, guide remediation of vulnerabilities, and integrate AppSec controls across the DevOps pipeline. This role … is especially focused on cloud-native development in AWS environments. Key responsibilities include: Embedding secure coding practices and supporting design/code reviews Implementing SAST, DAST, SCA, and other security checks into DevOps workflows Supporting secure API design and cloud-native architecture Acting as a key escalation point for More ❯

on, delivery-focused role where you will embed DevSecOps principles into engineering pipelines, guide secure software development lifecycle (SSDLC) practices, and advise on adopting security tooling across cloud and hybrid environments. You will work closely with development, DevOps, and platform teams to uplift security maturity, enabling secure and … scalable software delivery aligned with industry standards and compliance requirements. Responsibilities Embed security practices into software development pipelines by integrating DevSecOps principles, automation tools, and governance controls. Support the definition, implementation, and continuous improvement of secure software development lifecycle (SSDLC) processes across internal and client delivery teams. Advise on … platforms. Experience collaborating with developers, DevOps, architects, and platform teams to design and implement secure software solutions. Exposure to application security tooling (SAST, DAST, SCA), cloud security services, and infrastructure-as-code security practices. Familiarity with agile or DevOps-based delivery models and working across multiple More ❯

JIRA, Confluence). Awareness of CI/CD tooling such as Jenkins, GitLab or similar. Knowledge of Hashicorp Terraform and Hashicorp Vault. Awareness of SAST Security Testing - GitLab, Checkmarx, Veracode. Awareness of DAST Security Testing - GitLab, Veracode. Awareness of SCA/IAST Security Testing - Checkmarx, GitLab, Veracode. Awareness of Vulnerability Management - PA Prisma. Awareness of QA Testing - Selenium. Certifications in Gitlab, Terraform and Vault would be preferable. About us With over 20,000 employees across the globe, we work at the heart of digitisation, advising organisations on IT strategy, implementing the most More ❯

Security Systems Engineer - DevSecOps - Remote - Amazing role - to £70,0000 + Bens Once in a life time opportunity to join a scaling up tech company who are disrupting the digital security sector. My customer are an incredibly innovative scaling up tech company who are looking to recruit a … Security Systems Engineer with experience of DevSecOps, AWS, and terraform who is looking for a new challenge. Excellent salary - Up to 70k + pension + health + share scheme + flexible working + 25 days holidays. Complete remote role with quarterly meet-ups and customer site visits. Position Overview … Collaborate with development and operations teams to ensure secure coding practices and configurations. Implement and manage security tools within the DevOps toolchain (e.g., SAST, DAST, SCA tools). Infrastructure Security Oversight: Design and oversee the implementation of secure infrastructure solutions, both on-premises and in the cloud. Ensure More ❯

consistently updating our job descriptions to ensure we continue to lead in banking innovation. How you will contribute and key responsibilities: As a Senior Security Engineer, you will be instrumental in designing and implementing security measures for our mobile applications, services, and websites to meet the highest security standards. Your expertise will help us continuously analyse and improve our security systems, ensuring that our products and services are not only secure by design but also comply with internal and external regulatory requirements. Other responsibilities include: Security Analysis and Improvement: Continuously analyse our security systems … and monitoring, networks, firewalls, load balancers, DNS, CDNs Working knowledge of agile DevSecOps environments, and CI/CD (Git, Concourse, Terraform) Working knowledge of SAST, DAST, RASP, and IAST tools and building security into existing SDLC processes Knowledge of cloud Security Architecture of public clouds (such as AWS More ❯

this position, you'll spearhead Cyber projects with plans to build your own team in 2025 The role combines two dynamic elements: Core IT Security: Leverage your deep technical expertise to maintain the security of our infrastructure, servers, and systems. From leading our Managed Security Service Providers … all new systems and services. Drive application and platform security by conducting penetration tests, running audits, and managing automated scans like SCA, SAST, and DAST. Maintain a strong Cloud Security Posture by continuously improving infrastructure, processes, and policies. Risk & Compliance Own vulnerability and threat management, identify risks … VNets, application gateways, private and service endpoints, and firewalls. Secure Software Development: Deep experience implementing effective secure coding practices (e.g., OWASP Top 10, SAST, DAST, SonarCloud). You can seamlessly integrate security into the SDLC with a shift-left approach. Cloud Security Tools: Practical experience with Azure More ❯

We have a great career opportunity for an experienced Mid-level Product Security Engineer with a background in cloud-based (AWS & Azure) & on-prem infrastructures and automation to join one of the most prestigious e-commerce and tech companies. Multi-million £ brand with a firm lead in their market … it's not even close) Multi-award-winning platform on an extraordinary journey. Oversee, maintain, and upkeep customer/client data. Utilise your advanced security knowledge. Manage cloud-based & on-prem infrastructures. Be the risk manager and automation advocate we need. Help us safeguard customer/client data with … metrics from security tools. Expertise in securing microservices and APIs. Deep understanding of secure coding, SDLC, and engineering integration. Hands-on experience with SAST/DAST in CI/CD. Knowledge of WAFs, vulnerability scanners, and security tools. Understanding of cryptography, authentication, and authorisation. Next Steps: Please note More ❯

Overview: Additional Information: Please note, this role requires working full-time onsite, five days per week. NON Negotiable We are seeking an experienced IT Security Engineer to become a vital part of a growing IT Department. This critical role will focus on protecting our information assets through robust cybersecurity … measures, ensuring adherence to best practices, international standards, and local regulations. Ideally suited to candidates who possess expert knowledge of security frameworks including NIST 800, ISO 27001, and cybersecurity guidelines from PRA, FCA, and ICO. Candidates with at least 3 years' relevant experience in finance or banking, particularly as … and disposal. Conduct security evaluations on network and firewall policies and manage application security in both development and testing phases (SAST, DAST). Liaise with internal audit teams and international cybersecurity operations centres to implement security policies and controls. Provide cybersecurity training to ensure staff More ❯

Overview: Additional Information: Please note, this role requires working full-time onsite, five days per week. NON Negotiable We are seeking an experienced IT Security Engineer to become a vital part of a growing IT Department. This critical role will focus on protecting our information assets through robust cybersecurity … measures, ensuring adherence to best practices, international standards, and local regulations. Ideally suited to candidates who possess expert knowledge of security frameworks including NIST 800, ISO 27001, and cybersecurity guidelines from PRA, FCA, and ICO. Candidates with at least 3 years' relevant experience in finance or banking, particularly as … and disposal. Conduct security evaluations on network and firewall policies and manage application security in both development and testing phases (SAST, DAST). Liaise with internal audit teams and international cybersecurity operations centres to implement security policies and controls. Provide cybersecurity training to ensure staff More ❯

About this Role Writer is seeking a highly skilled and experienced Security Engineer to join our dynamic and innovative team. The Security Engineer will play a crucial role in enhancing our information security and privacy posture by engaging with engineering and operations teams to perform security reviews, threat modeling, and other critical security activities. This role requires a deep understanding of information security principles, a strong technical background, and the ability to collaborate effectively across various teams. The Security Engineer will report to the Head of Information Security & Compliance, and will … and existing applications, ensuring that all potential attack vectors are identified and mitigated. Develop and maintain security automation scripts and tools, such as SAST/DAST, to detect and respond to threats; automate security monitoring and alerting using Splunk, ELK, or Chronicle; develop security-as-code practices More ❯

Senior Product Security Engineer Location: London Salary: £200,000+ A leading global quantitative investment firm is seeking a Senior Product Security Engineer to strengthen the security of its trading systems, cloud infrastructure, and business applications. This is a hands-on, high-impact role working across a modern … tech stack in a fast-paced environment. Key Responsibilities Implement and maintain security controls across low-latency systems and multi-cloud platforms (AWS, Azure, Alibaba Cloud) Collaborate with engineering teams to integrate … secure coding practices into the SDLC Conduct threat modeling, vulnerability assessments, and code reviews Automate security processes through CI/CD integration using SAST, DAST, and related tools Assess third-party vendors and enforce security standards Mentor teams on security architecture and best practices What We’re More ❯

Senior Product Security Engineer Location: London Salary: £200,000+ A leading global quantitative investment firm is seeking a Senior Product Security Engineer to strengthen the security of its trading systems, cloud infrastructure, and business applications. This is a hands-on, high-impact role working across a modern … tech stack in a fast-paced environment. Key Responsibilities Implement and maintain security controls across low-latency systems and multi-cloud platforms (AWS, Azure, Alibaba Cloud) Collaborate with engineering teams to integrate … secure coding practices into the SDLC Conduct threat modeling, vulnerability assessments, and code reviews Automate security processes through CI/CD integration using SAST, DAST, and related tools Assess third-party vendors and enforce security standards Mentor teams on security architecture and best practices What We’re More ❯

innovation continuously drives our ambition to deliver high quality returns for our investors. Your future role within QRT QRT is hiring a Senior Product Security Engineer to protect diverse tech systems across cloud, business apps, and core infrastructure. In this role, you'll drive automated security processes, influence … architecture, and lead strategic security projects. Working closely with IT, cloud, and engineering teams, you'll implement security solutions for low-latency systems and multi-cloud platforms, including AWS, Azure, and Alibaba Cloud. You'll also secure hybrid infrastructures across Python, C++, and Kotlin/Java environments, ensuring … vendor security reviews to assess third-party security practices and ensure compliance with QRT's standards. Integration of security scanning tools (SAST, DAST, etc.) into CI/CD pipelines and runtime environments to ensure continuous security monitoring and threat detection across Alibaba Cloud, AWS, Azure, and More ❯

are seeking a Platform Operations Engineer to join our leading financial services client on a permanent basis. The role involves supporting development, architecture, and application security teams in implementing and maintaining Application Cyber Security strategies, with a focus on governance and security process rigor. Skills … as Jira, Confluence, Bitbucket, Nexus, Zephyr Monitoring and logging expertise with Grafana, Prometheus, Splunk, Dynatrace, Datadog Nice to have: Security capabilities including SCA, SAST, DAST If interested and qualified, please submit your CV for consideration. McGregor Boyall is an equal opportunity employer and does not discriminate on any grounds. More ❯

infrastructure that enables institutions to navigate and thrive in the crypto economy. As they continue to scale, the firm is seeking a Senior Product Security Engineer to help shape and secure the backbone of their platform. This is a high-impact role for someone who blends deep development expertise … with strong security instincts-someone who can partner across engineering, product, and infrastructure teams to embed security into everything they build. Responsibilities: Lead secure architecture and design reviews for critical products and digital finance infrastructure Conduct threat modeling, risk … assessments, and security controls reviews across trading, custody, and DeFi platforms Build and implement security test plans and pipelines using modern tools (SAST, DAST, SCA, IaC scanning) Drive secure coding standards and perform hands-on code reviews for high-assurance systems Design and operationalize core security features More ❯

infrastructure that enables institutions to navigate and thrive in the crypto economy. As they continue to scale, the firm is seeking a Senior Product Security Engineer to help shape and secure the backbone of their platform. This is a high-impact role for someone who blends deep development expertise … with strong security instincts-someone who can partner across engineering, product, and infrastructure teams to embed security into everything they build. Responsibilities: Lead secure architecture and design reviews for critical products and digital finance infrastructure Conduct threat modeling, risk … assessments, and security controls reviews across trading, custody, and DeFi platforms Build and implement security test plans and pipelines using modern tools (SAST, DAST, SCA, IaC scanning) Drive secure coding standards and perform hands-on code reviews for high-assurance systems Design and operationalize core security features More ❯