1 to 25 of 27 Permanent OWASP Jobs in the South East

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator - able to engage More ❯

. Proficient in Git or other version control systems. Desirable Knowledge, Skills and Experience: Certifications in OCI or other cloud platforms (AWS, GCP). Experience with security tools like OWASP ZAP, Burp Suite, etc. Familiarity with Jira, Confluence, or similar tools. Knowledge of compliance frameworks (e.g., GDPR, HIPAA, ISO 27001, ISO 13485). Background in start-up or scale-up More ❯

CD pipelines, Docker/Kubernetes, and IaC tools. Ops mindset: Proficiency with monitoring/observability tools (Prometheus, Grafana, ELK, Splunk). Security awareness: Knowledge of secure coding practices and OWASP considerations in Java applications. Financial acumen: Able to manage budgets and optimise spend on tools/services. Client-facing ability: Comfortable explaining technical issues in plain language to non-technical More ❯

/CD pipelines, plus scripting languages such as PowerShell, YAML, or JSON Knowledge of application security tools, threat modelling, and risk assessments Familiarity with standards/frameworks such as OWASP, NIST SSDF, ISO27001, NCSC Experience guiding engineering teams and influencing security culture Excellent communication skills, able to engage confidently with developers and senior leadership Why join them? You'll be More ❯

command-line interfaces or scripting tools in cloud environments is a plus Cloud Security skills (desired) Secure software development practices, including SecDevOps Sound knowledge of applicable frameworks & standards, including OWASP, MITRE ATT@CK & D3FEND, CIS, NIST CSF, CSA CCM & ISO 27107 Relevant industry certifications including CSCP Understanding of cyber risk frameworks or industry standards such as 800-53, ISO More ❯

command-line interfaces or scripting tools in cloud environments is a plus Cloud Security skills (desired) Secure software development practices, including SecDevOps Sound knowledge of applicable frameworks & standards, including OWASP, MITRE ATT@CK & D3FEND, CIS, NIST CSF, CSA CCM & ISO 27107 Relevant industry certifications including CSCP Understanding of cyber risk frameworks or industry standards such as 800-53, ISO More ❯

at mkodo ✨ 📝 What You'll Be Doing... Technical Leadership Define and evolve backend architecture to ensure scalability, maintainability, and performance. Set coding standards and champion secure development practices (e.g. OWASP). Influence technology choices, frameworks, and tools to support engineering excellence. Oversee improvements to CI/CD pipelines, build processes, and operational workflows. Can clearly and confidently articulate risk of More ❯

at mkodo ✨ 📝 What You'll Be Doing... Technical Leadership Define and evolve backend architecture to ensure scalability, maintainability, and performance. Set coding standards and champion secure development practices (e.g. OWASP). Influence technology choices, frameworks, and tools to support engineering excellence. Oversee improvements to CI/CD pipelines, build processes, and operational workflows. Can clearly and confidently articulate risk of More ❯

at mkodo ✨ 📝 What You'll Be Doing... Technical Leadership Define and evolve backend architecture to ensure scalability, maintainability, and performance. Set coding standards and champion secure development practices (e.g. OWASP). Influence technology choices, frameworks, and tools to support engineering excellence. Oversee improvements to CI/CD pipelines, build processes, and operational workflows. Can clearly and confidently articulate risk of More ❯

AZ-104, AZ-400, AZ-500 Excellent communication and documentation skills Nice to Have: Experience with Puppet, Wiz, GitHub, Jitterbit Exposure to AWS Familiarity with ISO 27001, NIST, CIS, OWASP, SOC 2 AI-102 certification Recruitment Process: Stage 1: Interview via Teams (theoretical knowledge) Stage 2: Onsite interview in Reigate, including a presentation This is a fantastic opportunity to join More ❯

AZ-104, AZ-400, AZ-500 Excellent communication and documentation skills Nice to Have: Experience with Puppet, Wiz, GitHub, Jitterbit Exposure to AWS Familiarity with ISO 27001, NIST, CIS, OWASP, SOC 2 AI-102 certification Recruitment Process: Stage 1: Interview via Teams (theoretical knowledge) Stage 2: Onsite interview in Reigate, including a presentation This is a fantastic opportunity to join More ❯

the business. Actively contribute to incident response, security training, supplier reviews, and client security assurance Stay ahead of evolving threats, and help shape our strategy using frameworks such as OWASP, SASE, and Zero Trust. What We're Looking For Essential: Proven experience in cyber security engineering, including vulnerability management, SIEM, WAFs, and secure infrastructure design. Strong knowledge of TCP/ More ❯

Contribute to a collaborative and pragmatic security culture, documenting risks and communicating trade-offs to the business. 🛠️ What They’re Looking For Strong knowledge of application and product security (OWASP Top 10, secure coding practices). Experience with CI/CD pipelines, IaC, and SAST tools . Cloud security expertise - AWS preferred (Azure, GCP also welcome). Some software development More ❯

Contribute to a collaborative and pragmatic security culture, documenting risks and communicating trade-offs to the business. 🛠️ What They’re Looking For Strong knowledge of application and product security (OWASP Top 10, secure coding practices). Experience with CI/CD pipelines, IaC, and SAST tools . Cloud security expertise - AWS preferred (Azure, GCP also welcome). Some software development More ❯

Contribute to a collaborative and pragmatic security culture, documenting risks and communicating trade-offs to the business. 🛠️ What They’re Looking For Strong knowledge of application and product security (OWASP Top 10, secure coding practices). Experience with CI/CD pipelines, IaC, and SAST tools . Cloud security expertise - AWS preferred (Azure, GCP also welcome). Some software development More ❯

Proven commercial experience in a penetration testing role. Deep technical knowledge of networking protocols, operating systems (Windows, Linux), and common infrastructure vulnerabilities. Strong experience in web application penetration testing (OWASP Top 10). Proficiency with common penetration testing tools (e.g., Burp Suite Pro, Metasploit, Nmap, Cobalt Strike, etc.). Excellent written and verbal communication skills, with a proven ability to More ❯

evolving threat landscape What we’re looking for Strong understanding of risk, and how security interacts with different platforms and projects. Experience with frameworks like ISO, NIST, CIS, PCI, OWASP, OSINT Technical know-how (cloud, apps, networks, or systems) Excellent communicator who can bridge the gap between tech and business Why join us? Salary up to £80,000 Hybrid working More ❯

evolving threat landscape What we’re looking for Strong understanding of risk, and how security interacts with different platforms and projects. Experience with frameworks like ISO, NIST, CIS, PCI, OWASP, OSINT Technical know-how (cloud, apps, networks, or systems) Excellent communicator who can bridge the gap between tech and business Why join us? Salary up to £80,000 Hybrid working More ❯

evolving threat landscape What we’re looking for Strong understanding of risk, and how security interacts with different platforms and projects. Experience with frameworks like ISO, NIST, CIS, PCI, OWASP, OSINT Technical know-how (cloud, apps, networks, or systems) Excellent communicator who can bridge the gap between tech and business Why join us? Salary up to £80,000 Hybrid working More ❯

implement secure software development practices Integrate security gates into CI/CD pipelines following DevSecOps principles Establish security quality gates and acceptance criteria Develop secure coding standards based on OWASP guidelines Create security architecture patterns and reference implementations Security Code Reviews & Testing Conduct in-depth security code reviews for critical features Implement automated security testing (SAST, DAST, IAST, SCA) Configure … and tune security scanning tools (Aquasec, Trivy, Dependabot, etc) Review cryptographic implementations against industry standards Validate authentication and authorization implementations Ensure compliance with OWASP ASVS (Application Security Verification Standard) Threat Modeling & Risk Assessment Lead threat modeling sessions using STRIDE, PASTA, or similar frameworks Create threat models for new products and architectural changes Identify attack vectors specific to web and mobile … Develop abuse cases and security test scenarios Maintain threat intelligence for fintech-specific risks Document security requirements derived from threat models Platform-Specific Security Web Applications: Implement defenses against OWASP Top 10 vulnerabilities Mobile Applications: Apply OWASP MASVS and platform-specific guidelines (iOS App Transport Security, Android Network Security Config) APIs: Implement API security best practices (rate limiting, authentication, input More ❯

implement secure software development practices Integrate security gates into CI/CD pipelines following DevSecOps principles Establish security quality gates and acceptance criteria Develop secure coding standards based on OWASP guidelines Create security architecture patterns and reference implementations Security Code Reviews & Testing Conduct in-depth security code reviews for critical features Implement automated security testing (SAST, DAST, IAST, SCA) Configure … and tune security scanning tools (Aquasec, Trivy, Dependabot, etc) Review cryptographic implementations against industry standards Validate authentication and authorization implementations Ensure compliance with OWASP ASVS (Application Security Verification Standard) Threat Modeling & Risk Assessment Lead threat modeling sessions using STRIDE, PASTA, or similar frameworks Create threat models for new products and architectural changes Identify attack vectors specific to web and mobile … Develop abuse cases and security test scenarios Maintain threat intelligence for fintech-specific risks Document security requirements derived from threat models Platform-Specific Security Web Applications: Implement defenses against OWASP Top 10 vulnerabilities Mobile Applications: Apply OWASP MASVS and platform-specific guidelines (iOS App Transport Security, Android Network Security Config) APIs: Implement API security best practices (rate limiting, authentication, input More ❯

implement secure software development practices Integrate security gates into CI/CD pipelines following DevSecOps principles Establish security quality gates and acceptance criteria Develop secure coding standards based on OWASP guidelines Create security architecture patterns and reference implementations Security Code Reviews & Testing Conduct in-depth security code reviews for critical features Implement automated security testing (SAST, DAST, IAST, SCA) Configure … and tune security scanning tools (Aquasec, Trivy, Dependabot, etc) Review cryptographic implementations against industry standards Validate authentication and authorization implementations Ensure compliance with OWASP ASVS (Application Security Verification Standard) Threat Modeling & Risk Assessment Lead threat modeling sessions using STRIDE, PASTA, or similar frameworks Create threat models for new products and architectural changes Identify attack vectors specific to web and mobile … Develop abuse cases and security test scenarios Maintain threat intelligence for fintech-specific risks Document security requirements derived from threat models Platform-Specific Security Web Applications: Implement defenses against OWASP Top 10 vulnerabilities Mobile Applications: Apply OWASP MASVS and platform-specific guidelines (iOS App Transport Security, Android Network Security Config) APIs: Implement API security best practices (rate limiting, authentication, input More ❯

reports. Security Recommendations: Provide actionable guidance to mitigate risks and improve the organization's security posture. Compliance and Standards: Ensure testing aligns with industry regulations and security standards (e.g., OWASP, PCI-DSS). Continuous Research: Stay updated on emerging threats, tools, and techniques to enhance testing methodologies. Skills and Experience Required: Must have graduated/currently studying at a Russell More ❯

reports. Security Recommendations: Provide actionable guidance to mitigate risks and improve the organization's security posture. Compliance and Standards: Ensure testing aligns with industry regulations and security standards (e.g., OWASP, PCI-DSS). Continuous Research: Stay updated on emerging threats, tools, and techniques to enhance testing methodologies. Skills and Experience Required: Must have graduated/currently studying at a Russell More ❯

determining the materiality of AI initiatives. Material projects undergo in-depth risk analysis, with high-risk items escalated to governance committees. Analysts will use frameworks such as the AI OWASP Top 10 to identify and assess security risks beyond standard assessments. Key Responsibilities: Perform AI-specific risk assessments to ensure regulatory compliance. Evaluate AI solutions for prohibited use cases and … with AI Governance and local risk management teams. Requirements: Strong IT and cybersecurity background. Expertise in AI technologies, including model development and deployment. Experience in risk assessment frameworks (eg, OWASP AI Top 10). Must be based in London More ❯