1 to 25 of 55 Permanent OWASP Jobs in the UK

secure coding and SDLC practices Experience working within CI/CD and DevSecOps environments Knowledge of security frameworks such as: NCSC, NIST, CIS, OWASP, ISO27001, PCI DSS/GDPR Strong understanding of common attack vectors (e.g. XSS, SQL injection) Scripting or programming capability across Linux/Windows environments Strong communication ...

segmentation, and host security. Hands on experience with the following security products Trellix, Ivanti, ClearSwift, Yubikey Understanding of secure coding practices and common vulnerabilities (OWASP Top 10, SANS Top 25). Expertise in identity and access management (IAM), including RBAC, ABAC, JWT and Cookie based authentication. Incident detection and response ...

Guidance: Act as the primary security resource for development teams, providing technical advice on vulnerability fixes and secure coding practices (e.g., adherence to the OWASP Top 10). Threat Modelling: Conduct formal threat modelling exercises for new features and application architectures to proactively identify and mitigate design flaws. B. Systems ...

Guidance: Act as the primary security resource for development teams, providing technical advice on vulnerability fixes and secure coding practices (e.g., adherence to the OWASP Top 10). Threat Modelling: Conduct formal threat modelling exercises for new features and application architectures to proactively identify and mitigate design flaws. B. Systems ...

Secure architecture design and secure-by-design principles Risk assessment, threat modelling, and vulnerability management Security frameworks: ISO 27001, NIST 800-30/53, OWASP Cloud security architecture (AWS, Azure, GCP) Incident response, penetration testing, and remediation concepts Persuasive communication skills across technical and non-technical stakeholders Excellent analytical, documentation ...

everything listed, but exposure to some of the following would be highly beneficial: Testing & Automation: JUnit, Playwright, Selenium, Cucumber, Postman Non-Functional Testing: Gatling, OWASP ZAP DevOps & Platforms: Git/GitLab, Docker, Kubernetes, Azure and/or AWS Accessibility: WCAG, WAVE, Axe About you You’ll be someone ...

Excellent communication and coaching skills Stakeholder engagement and collaboration Experience with some of the following is highly desirable: JUnit, Playwright, Selenium, Cucumber Postman, Gatling, OWASP ZAP Docker/Kubernetes Azure and/or AWS Accessibility standards and tooling (WCAG, Wave, Axe) About you Passionate about quality and engineering excellence Comfortable ...

platforms (AWS preferred). Familiarity with microservices and containerisation. Experience with DevSecOps tooling (e.g. GitLab, Jenkins, Atlassian). Understanding of security best practices and OWASP principles. Experience with relational and NoSQL databases (e.g. PostgreSQL, Oracle, MongoDB) is beneficial. ...

conducting threat modelling (e.g. STRIDE, attack trees) and risk analysis Strong understanding of security frameworks and best practice such as ISO 27001, NIST, CIS, OWASP, NCSC guidance Experience working in the UK Public Sector and associated security standards and guidance including GovAssure/NCSC CAF, HMG Security Policy Framework. Knowledge ...

these practices to accelerate delivery and improve quality Desirable Skills In‐depth knowledge of industry security frameworks and web/API security standards e.g., OWASP Top 10, MITRE ATT&CK, OAuth 2.0, OpenID Connect, SAML – to guide secure design and development practices Deep expertise in security architecture and secure ...

Proven, hands-on experience working specifically in Application Security, Penetration Testing, or as a Security-Focused Software Engineer. Vulnerability Expertise : Absolute fluency in the OWASP Top 10. You must be able to explain how vulnerabilities work, how they are exploited, and exactly how to remediate them. Developer Collaboration : Demonstrable experience ...

experience as an IT Security Architect or secure systems engineer in complex cloud environments, creating technical designs for Azure security architecture, application security (e.g., OWASP, DevSecOps), and network segmentation. Strong knowledge of Azure-specific security tools (e.g., Azure Security Center, Key Vault, Policy, Private Link), threat modelling, secure SDLC ...

Operations role within a large or complex enterprise environment. Strong understanding of cybersecurity standards and frameworks, including ISO 27001, NIST 800 53, CIS Controls, OWASP, and SOC1/2. ...

testing experience Strong understanding of web application and infrastructure testing methodologies Experience with tools such as Burp Suite, Nmap, Nessus, Metasploit, etc. Understanding of OWASP Top 10 and common attack vectors Strong report writing and communication skills Consultancy/client-facing experience beneficial Additional certifications such as CPSA or cloud ...

DDoS mitigation, web proxy, vulnerability management) Understanding of Information Security principles, frameworks and regulatory requirements (e.g. ISO27001, FCA, PRA, ICO) Working knowledge of OWASP Top 10 and build/integration tools (e.g. Maven, Jenkins, Chef, TFS) Effective communication skills, including the ability to explain technical concepts and impacts ...

across diverse teams and projects. Experience in managing and mentoring technical security professionals. Desirable Familiarity with secure development practices and application security frameworks (e.g. OWASP). Experience with using Akamai. Knowledge of Zero Trust architecture principles. Certifications such as CISSP, CCSP, or SABSA. Additional Responsibilities Drive security architecture reviews ...

assurance/risk/governance roles Proven background in secure cloud or infrastructure design (Azure/M365) Experience with risk frameworks (ISO 31000, NIST, OWASP etc.) Knowledge of GovAssure, CAF, ISO27001, Cyber Essentials Entra ID/Azure/M365 SIEM/EDR/vulnerability management tools Access control models (RBAC ...

with mobile analytics, crash reporting, and APM tools (eg Firebase Crashlytics, Dynatrace, App Center) Understanding of secure coding practices and mobile security frameworks (eg OWASP Mobile) Experience with mobile device management (MDM) or enterprise distribution Familiarity with cross-platform considerations, even if primarily native-focused Scope & Accountability Responsible for hands ...

fintech knowledge (reconciliation, idempotency, auditability, ledger concepts). Experience with distributed systems patterns (queues, background jobs, retries, rate limiting). Security experience (threat modelling, OWASP-style concerns, secure API design). Familiarity with Terraform. Why join us? £60k salary + equity 40 days holiday (incl. bank holidays) Pension scheme ...

fintech knowledge (reconciliation, idempotency, auditability, ledger concepts). Experience with distributed systems patterns (queues, background jobs, retries, rate limiting). Security experience (threat modelling, OWASP-style concerns, secure API design). Familiarity with Terraform. Why join us? £60k salary + equity 40 days holiday (incl. bank holidays) Pension scheme ...

fintech knowledge (reconciliation, idempotency, auditability, ledger concepts). Experience with distributed systems patterns (queues, background jobs, retries, rate limiting). Security experience (threat modelling, OWASP-style concerns, secure API design). Familiarity with Terraform. Why join us? £60k salary + equity 40 days holiday (incl. bank holidays) Pension scheme ...

fintech knowledge (reconciliation, idempotency, auditability, ledger concepts). Experience with distributed systems patterns (queues, background jobs, retries, rate limiting). Security experience (threat modelling, OWASP-style concerns, secure API design). Familiarity with Terraform. Why join us? £60k salary + equity 40 days holiday (incl. bank holidays) Pension scheme ...

fintech knowledge (reconciliation, idempotency, auditability, ledger concepts). Experience with distributed systems patterns (queues, background jobs, retries, rate limiting). Security experience (threat modelling, OWASP-style concerns, secure API design). Familiarity with Terraform. Why join us? £60k salary + equity 40 days holiday (incl. bank holidays) Pension scheme ...

deploying and operating containerised services in cloud environments (Azure preferred) Strong understanding of distributed systems, scalability, and system resilience Knowledge of secure coding practices, OWASP principles, and regulatory/compliance considerations Hands-on experience with CI/CD pipelines, observability tooling, and incident management Ability to write clear technical documentation ...

framework, and security maturity models such as OpenSAMM and C2M2. Strong working knowledge of recognised security frameworks and standards, including NIST Cybersecurity Framework, OWASP, SANS Top 25, and regulatory requirements such as GDPR and PCI DSS. Demonstrated technical expertise across modern technologies and architectures, including virtualisation, cloud computing, and serverless ...