12 of 12 Permanent Application Security Jobs in Scotland

Application Security Engineer Edinburgh - 3 days a week on site £90,000 + great benefits An impressive financial services business is looking to hire an Application Security Engineer to support this team with the risk and remediation activities. This business is going through a big technology transformation programme that is estimated to take 3 -5 years. … The successful Application Security Engineer will be part of this journey and have great technical exposure and the ability to rapidly progress. Working closely in one of transformation projects, the successful Application Security Engineer will work closely with the wider security and technology teams to define the strategy and roadmap of technology changes moving forward. … Application Security Engineer Duties and Responsibilities The successful Application Security Engineer will: Provide security input into solution design to ensure that security principles are incorporated at both the platform and software level Automate tooling to run security fixes over a variety of repo's Ensure that security requirement input is provided across More ❯

Description Reporting to the Application Security Team Lead, this role provides product security expertise to digital product and engineering teams as part of the Cyber Security function. This is a hands-on engineering position - not just advisory. You'll actively contribute to code, set up and integrate security tooling, respond to product-related security incidents, and work directly on solutions. The aim is to take as much of the security burden off product and engineering teams as possible, while embedding best practices throughout. You'll be integrated into multiple engineering squads, acting as their dedicated security expert and trusted partner. Day to day, that means building strong relationships with stakeholders, demonstrating … the value of security, and influencing positive outcomes-all while enabling teams to move quickly and deliver safely. Beyond supporting individual products, you'll also play a pivotal role in raising our overall software security maturity-helping to shape governance, champion secure development practices, and drive Motability Operations toward operational excellence in application security. Qualifications You are More ❯

AppSec Engineer I'm partnering with a purpose-led organisation that exists to improve the lives of others to find an Application Security Engineer to join their Cyber Security function and take ownership of product security across a diverse digital estate. This is ideal for someone with a strong technical background in secure software development or … offensive security testing. You'll be joining at a key point in their transformation journey, with the freedom to shape how application security is delivered. They're looking for someone who's hands-on, passionate about protecting customer data, and confident embedding security practices directly into engineering teams. They're specifically interested in candidates who have … experience: Familiarity with software such as JAVA Applying the Secure Software Development Lifecycle (SSDLC) Freedom and support for application security function Driving cyber maturity uplift across multiple products Communicating technical risks to non-technical stakeholders Details: Location: Bristol or Edinburgh Salary: up to £80,000-£90,000 Benefits: Generous benefits package! If this sounds like something you'd More ❯

controls specialists, or as part of a wider Oracle Finance/Supply Chain/HR Transformation programme; Assessing, designing and implementing Oracle controls across areas including: business process controls, application security/role based access controls, segregation of duties, IT general controls, programme management controls, etc; Assessing, designing and implementing Oracle Risk Management and Compliance (RMC) modules; Applying … the practice; and Leading and shaping the strategy and team. Connect to your skills and professional experience Knowledge of Oracle Cloud (e.g. ERP/EPM/SCM/HCM) application security and role design, automated configured controls and Oracle Risk Management & Compliance (RMC) modules Background assessing, designing and/or implementing controls in an external audit, internal audit … teams across multiple locations. Excellent people management and development skills with a strong focus on team development. Experience working in organisations subject to SOX requirements. Knowledge of other common application technologies e.g. S/4 Hana, MS Dynamics, Blackline, Workday Knowledge of common infrastructure technologies e.g. AWS, Google Cloud, Azure, SQL Database, Oracle database Experience of assessing AI risks More ❯

controls specialists, or as part of a wider Oracle Finance/Supply Chain/HR Transformation programme; Assessing, designing and implementing Oracle controls across areas including: business process controls, application security/role based access controls, segregation of duties, IT general controls, programme management controls, etc; Assessing, designing and implementing Oracle Risk Management and Compliance (RMC) modules; Applying … the practice; and Leading and shaping the strategy and team. Connect to your skills and professional experience Knowledge of Oracle Cloud (e.g. ERP/EPM/SCM/HCM) application security and role design, automated configured controls and Oracle Risk Management & Compliance (RMC) modules Background assessing, designing and/or implementing controls in an external audit, internal audit … teams across multiple locations. Excellent people management and development skills with a strong focus on team development. Experience working in organisations subject to SOX requirements. Knowledge of other common application technologies e.g. S/4 Hana, MS Dynamics, Blackline, Workday Knowledge of common infrastructure technologies e.g. AWS, Google Cloud, Azure, SQL Database, Oracle database Experience of assessing AI risks More ❯

operational excellence. Key Responsibilities: Leadership & Team Management Lead a team responsible for managing enterprise KCS infrastructure. Assign tasks, monitor performance, and provide mentorship and training. Foster a culture of security, accountability, and continuous improvement. Operational Oversight Oversee the deployment, monitoring, and maintenance of key management systems (KMS), certificate authorities (CA), and secrets management platforms. Manage Certificate Authorities (CAs), Registration … OCSP responders, CRLs, and HSMs. Ensure timely rotation and renewal of certificates and secrets to prevent outages or vulnerabilities. Manage access controls and audit trails for all cryptographic assets. Security & Compliance Ensure KCS operations comply with internal policies and external standards (e.g., NIST, ISO 27001, PCI-DSS). Support internal and external audits by maintaining accurate documentation and logs. … the escalation point for KCS-related incidents. Lead root cause analysis and remediation efforts for certificate expirations, key compromise, or misconfigurations. Collaboration & Reporting Work closely with DevOps, Infrastructure, and Application Security teams to integrate KCS best practices into CI/CD pipelines and cloud environments. Provide regular reports on KCS health, risk posture, and compliance metrics to senior More ❯

and working on development tooling or toolkits Extensive knowledge of CI/CD and building pipelines Kubernetes experience (Docker, Rancher, OpenShift) Cloud experience (Azure or AWS) Azure DevOps experience Application security To apply for this role as Principal DevOps Engineer/Lead, please click apply online and upload an updated copy of your CV.Candidate Source Ltd is an … advertising agency. Once you have submitted your application it will be passed to the third party Recruiter who is responsible for processing your application. This will include holding and sharing your personal data, our legal basis for this is legitimate interest subject to your declared interest in a job. Our privacy policy can be found on our website and … we can be contacted to confirm who your application has been forwarded to. More ❯

Contract: Security Engineer - WAF SME Start Date: ASAP Duration: 3 months (extendable) Location: Remote Rate: Negotiable depending on experience (deemed inside IR35) Reference: 19542 The primary role is to tune WAF accurately and safely Immediate contract for experienced WAF engineers to help augment the internal Efficacy and Security Engineering teams with hands-on consultancy focused on WAF tuning … SOC/Threat/Forensics or CSIRT backgrounds - very experienced with analysing security logs to quickly ascertain TP/FP conviction and the techniques to except Ideally some AppSec/DevSecOps or Ethical Hacking experience - need a good understanding of Web Application attacks and security; they must have deep knowledge of the OWASP Top 10 If they … or infra setup. Efficacy testing in partnership with the internal team - recommend adjustments based on findings. Well-rounded profiles with real-world exposure -not theoretical or solely vendor-trained. Security Engineering skills too, this a bonus Background check completion prior to contract commencement will be required Must be eligible to work in UK for duration of the project Networking More ❯

Contract: Security Engineer - WAF SME Start Date: ASAP Duration: 3 months (extendable) Location: Remote Rate: Negotiable depending on experience (deemed inside IR35) Reference: 19542 The primary role is to tune WAF accurately and safely Immediate contract for experienced WAF engineers to help augment the internal Efficacy and Security Engineering teams with hands-on consultancy focused on WAF tuning … SOC/Threat/Forensics or CSIRT backgrounds - very experienced with analysing security logs to quickly ascertain TP/FP conviction and the techniques to except Ideally some AppSec/DevSecOps or Ethical Hacking experience - need a good understanding of Web Application attacks and security; they must have deep knowledge of the OWASP Top 10 If they … or infra setup. Efficacy testing in partnership with the internal team - recommend adjustments based on findings. Well-rounded profiles with real-world exposure -not theoretical or solely vendor-trained. Security Engineering skills too, this a bonus Background check completion prior to contract commencement will be required Must be eligible to work in UK for duration of the project Networking More ❯

Contract: Security Engineer - WAF SME Start Date: ASAP Duration: 3 months (extendable) Location: Remote Rate: Negotiable depending on experience (deemed inside IR35) Reference: 19542 The primary role is to tune WAF accurately and safely Immediate contract for experienced WAF engineers to help augment the internal Efficacy and Security Engineering teams with hands-on consultancy focused on WAF tuning … SOC/Threat/Forensics or CSIRT backgrounds - very experienced with analysing security logs to quickly ascertain TP/FP conviction and the techniques to except Ideally some AppSec/DevSecOps or Ethical Hacking experience - need a good understanding of Web Application attacks and security; they must have deep knowledge of the OWASP Top 10 If they … or infra setup. Efficacy testing in partnership with the internal team - recommend adjustments based on findings. Well-rounded profiles with real-world exposure -not theoretical or solely vendor-trained. Security Engineering skills too, this a bonus Background check completion prior to contract commencement will be required Must be eligible to work in UK for duration of the project Networking More ❯

Embedded Systems) Chinese/English bilingual Location: Edinburgh, Scotland (Office-Based) Experience Level: Entry to Mid-Level (1-3 years)Are you ready to shape the future of mobile security? Or innovative, award winning tech client is looking for a Software Engineer with a passion for embedded systems and mobile security.This is an exciting opportunity to work on cutting … edge technology, researching how mobile apps interact with operating systems to enhance security solutions. If you're fluent in Chinese and English and love tackling complex security challenges, this role is for you! What You'll Be Doing: Security-Driven Development - Enhance and extend mobile app security solutions using system-level insights. Mobile OS Research - Dive … into Android, iOS, and HarmonyOS Next to analyse system behaviours. Reverse Engineering & Security Testing - Utilise white hat techniques, including penetration testing and reverse engineering, to identify and address threats. Collaboration & Innovation - Work closely with the team in an office-based setting, contributing to design reviews and security improvements. What You Bring: Bilingual Skills: Fluent in Chinese & English (to More ❯

Embedded Systems) Chinese/English bilingual Location: Edinburgh, Scotland (Office-Based) Experience Level: Entry to Mid-Level (1-3 years) Are you ready to shape the future of mobile security? Or innovative, award winning tech client is looking for a Software Engineer with a passion for embedded systems and mobile security. This is an exciting opportunity to work on … cutting-edge technology, researching how mobile apps interact with operating systems to enhance security solutions. If you're fluent in Chinese and English and love tackling complex security challenges, this role is for you! What You'll Be Doing: Security-Driven Development - Enhance and extend mobile app security solutions using system-level insights. Mobile OS Research … Dive into Android, iOS, and HarmonyOS Next to analyse system behaviours. Reverse Engineering & Security Testing - Utilise white hat techniques, including penetration testing and reverse engineering, to identify and address threats. Collaboration & Innovation - Work closely with the team in an office-based setting, contributing to design reviews and security improvements. What You Bring: Bilingual Skills: Fluent in Chinese & English More ❯