1 to 25 of 118 Permanent Secure Coding Jobs in the UK

implement secure software development practices Integrate security gates into CI/CD pipelines following DevSecOps principles Establish security quality gates and acceptance criteria Develop secure coding standards based on OWASP guidelines Create security architecture patterns and reference implementations Security Code Reviews & Testing Conduct in-depth security code reviews for critical features Implement automated security testing … security linters and pre-commit hooks Create automated vulnerability tracking and remediation workflows Implement secret scanning and dependency checking Build security dashboards and metrics reporting Create secure coding guidelines for different technology stacks Develop a security champions program aligned with OWASP SAMM Conduct security training on platform-specific vulnerabilities Provide hands-on guidance during security incidents Build … years of application security experience Deep understanding of security vulnerabilities across web and mobile platforms Hands-on experience with security testing tools and methodologies Expertise in secure coding practices and design patterns Experience with modern development frameworks (React, Angular, ReactNative, Flutter) Security Domain Knowledge Expert knowledge of OWASP standards (Top 10, ASVS, SAMM, MASVS) Understanding of cryptographic More ❯

proactive Application Security Engineer to embed secure development practices across its software delivery lifecycle. This role is critical in reducing application-layer risks, implementing secure coding standards, and ensuring that threat modelling and architecture reviews are consistently applied across all development efforts. You will work closely with engineering, and platform teams to integrate security into … ISO 27001, FCA, and NIST standards. Contribute to audit readiness and support compliance automation platforms such as Drata Collaboration & Training Work with engineering teams to promote secure coding practices. Support the rollout of role-based security training and awareness initiatives. Act as a security champion within development squads and mentor junior engineers. Requirements Broad experience in application … security or secure software development. Strong understanding of OWASP Top 10, secure coding techniques, and threat modelling. Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners. Familiarity with cloud platforms (Azure or AWS), CI/CD pipelines, and DevOps practices. Knowledge of regulatory frameworks (ISO 27001, FCA, NIST). Excellent communication skills More ❯

APIs, microservices, and web applications. Conduct detailed threat modeling workshops and architectural risk assessments, identifying vulnerabilities early and collaborating on risk mitigation strategies. Define and enforce secure coding standards and architectural best practices aligned with industry benchmarks such as OWASP Top 10 and API Security Top 10. Partner with cloud engineers and developers to embed security controls … based on business impact, exploitability, and regulatory implications, and work with engineering teams to implement timely fixes. Conduct regular security code reviews and support developers in secure coding practices to reduce vulnerabilities proactively. Governance, Compliance & Training Ensure that application security architecture and practices comply with relevant regulatory and industry standards such as PCI-DSS, SOC 2, ISO … SCA, and integrating these into automated build and deployment pipelines. Practical expertise with threat modeling methodologies such as STRIDE, PASTA, or Attack Trees. Strong knowledge of secure coding standards and common vulnerabilities (OWASP Top 10, API Security Top 10) and how to mitigate them. Familiarity with Google Cloud Platform (GCP) security features and best practices, including IAM More ❯

editorial standards, but also on the security, reliability and resilience of the systems behind every stream, story and service. In Engineering Enablement , we're the team that makes secure, high-velocity delivery possible. We build shared cloud platforms, developer tooling and guardrails that let hundreds of product teams ship confidently and sustainably. We're hiring a Principal Software … across the BBC. You'll work hands-on with engineering teams, applying InfoSec-led policies and architecture in delivery contexts. You'll support threat modelling, promote secure coding practices, and help scale Secure SDLC across the organisation - without reinventing governance or duplicating policy. It's a high-trust role with real impact: translating strategic security … security policy and architectural guidance. Promote secure SDLC practices across engineering teams, collaborating with InfoSec on shared tooling, templates and enablement. Help teams adopt secure coding standards and integrate automated security checks (SAST, DAST, dependency scanning) into CI/CD pipelines. Participate in threat modelling using InfoSec-led methodologies and coordinate validation and review workflows. More ❯

In this key role, you will be a key contributor to Funding Circle's cloud and application security posture. You will leverage your deep expertise in AWS security, secure software development lifecycle (SSDLC) practices, and CI/CD security to implement and champion robust security solutions. You will act as a subject matter expert and mentor, collaborating closely … as fast, hassle free processes to deliver an unbeatable customer experience. The role Define, champion, and embed secure software development lifecycle (SSDLC) practices and secure coding standards across engineering teams through collaboration, training, and tooling. Architect, build, and maintain automated security controls, tooling, and "security rails" within CI/CD pipelines to ensure secure … CI, Jenkins, GitHub Actions). Strong track record of defining, implementing, measuring, and supporting the adoption of secure software development lifecycle (SSDLC) practices and secure coding standards within engineering organizations. Strong understanding of web application security vulnerabilities (OWASP Top 10 and beyond), attack vectors, and mitigation techniques. Significant experience securing Infrastructure as Code (IaC) , particularly More ❯

Mentor and guide junior engineers, fostering continuous learning and growth Stay updated on industry trends and emerging technologies, contributing to internal tech communities Ensure adherence to secure coding standards to protect sensitive data and reduce vulnerabilities Develop and maintain robust unit tests to guarantee software reliability and maintainability Drive architectural decisions and long-term technology strategy aligned … to engage technical and non-technical stakeholders alike Confidence in navigating, integrating, and developing solutions across multiple systems Solid understanding of software architecture, design patterns, and secure coding best practices Hands-on experience with cloud platforms (AWS, Azure, Google Cloud) and CI/CD pipelines is a plus Familiarity with SQL/NoSQL databases and version control More ❯

our products. You will play a important role in safeguarding all digital channels that collectively generate billions of pounds in annual ticket sales, ensuring that our systems stay secure, resilient, and innovative in the face of evolving threats. As a Senior Product Security Engineer at Trainline, you will be responsible for Security in the Development Lifecycle : Drive the … are mitigated effectively and implement permanent fixes to prevent reoccurrence. Training and Security Advocacy : Develop and deliver training programs to enhance the organisation's understanding of secure coding and deployment practices. Serve as a security mentor and advocate, fostering a culture of security awareness across engineering and business teams. Compliance and Standards : Ensure product security practices align … risks in application designs, code, and deployed products. Experience managing and using security testing tools such as SAST, DAST, and vulnerability scanning solutions. Strong grasp of secure coding practices and proficiency in integrating security into the Software Development Lifecycle (SDLC). Technical Knowledge and Implementation experience: Direct experience with threat modelling, security reviews, and penetration testing. Proven More ❯

WTW. This is a global function, supporting all WTW colleagues. An experienced candidate will be responsible for bringing technical Cybersecurity training skills, such as DevSecOps, Network, Cloud and Secure Code training, to the EAC team - helping to expand and elevate our Cybersecurity culture. The candidate will be a part of a mission-driven team, focused on continuous learning … via E-learning modules, to WTW's technology community Creating and managing educational events such as tournaments and hackathons to facilitate learning and adopt new techniques in a secure way Creating a community environment to facilitate the sharing of threat landscapes, TTPs, and other intelligence Delivering a global Cybersecurity cultural awareness uplift to colleagues across the technology community … the Education, Awareness and Communication team to ensure deliverables are met The Requirements: Skills: Experience in creating and delivering technical Cybersecurity training such as DevSecOps and Secure Coding Strong understanding of Security principles and technologies; Network security, Information Security, Firewalls, Endpoint Detection, Cloud security Strong understanding of secure coding practices such as OWASP top More ❯

with cross-functional teams to define technical requirements and translate business goals into elegant technical solutions. Drive code quality through reviews, unit testing, and adherence to secure coding standards. Contribute to architectural decisions and help set engineering direction across teams. Mentor and support junior engineers, promoting a culture of excellence and continuous learning. Stay informed on emerging … history demonstrating stability, technical growth, and progression. Preferred Skills & Experience: Experience with cloud platforms such as AWS, Azure, or GCP. Familiarity with CI/CD pipelines, secure coding, and performance optimisation. Proficiency with relational and NoSQL databases. Exposure to large-scale, enterprise environments, with a mindset for innovation and change. Senior Software Engineer Key Benefits: Competitive salary More ❯

UK SC clearance Are you ready to lead a high-impact security development and testing function? We’re looking for a Security Development and Test Director to oversee secure software development lifecycle, DevSecOps integration, and security testing at scale within a fast-growing security team. This is a unique opportunity to drive operational excellence and shape secure … Drive secure architecture standards and embed security controls into DevOps pipelines Oversee implementation and optimisation of security tooling (SAST, DAST, SCA, container security) Champion secure coding, threat modelling, and DevSecOps maturity improvements Manage budgets, profitability, and resource utilisation for your function Mentor and develop high-performing engineering and testing teams Key Responsibilities Support sales with … technical expertise and solution design Own service delivery quality and client satisfaction Define and enforce secure architecture and coding standards Lead DevSecOps integration with automated security testing in CI/CD Drive continuous process improvements and automation adoption Monitor and report on KPIs like vulnerability remediation, tool adoption, and training uptake Collaborate cross-functionally with architects, engineers More ❯

UK SC clearance Are you ready to lead a high-impact security development and testing function? We’re looking for a Security Development and Test Director to oversee secure software development lifecycle, DevSecOps integration, and security testing at scale within a fast-growing security team. This is a unique opportunity to drive operational excellence and shape secure … Drive secure architecture standards and embed security controls into DevOps pipelines Oversee implementation and optimisation of security tooling (SAST, DAST, SCA, container security) Champion secure coding, threat modelling, and DevSecOps maturity improvements Manage budgets, profitability, and resource utilisation for your function Mentor and develop high-performing engineering and testing teams Key Responsibilities Support sales with … technical expertise and solution design Own service delivery quality and client satisfaction Define and enforce secure architecture and coding standards Lead DevSecOps integration with automated security testing in CI/CD Drive continuous process improvements and automation adoption Monitor and report on KPIs like vulnerability remediation, tool adoption, and training uptake Collaborate cross-functionally with architects, engineers More ❯

sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008. We're seeking a Product Security Engineer to support secure development across our engineering teams. In this hands-on role, you'll help identify and mitigate product risks by participating in security reviews, improving tooling, and supporting vulnerability remediation. … a global team in a dynamic, fast-paced environment. Collaboration across time zones and geographies is a key part of our culture and success. How will you contribute? Secure SDLC Integration: Embed security within the software development lifecycle, ensuring security is considered at every phase-from design to deployment. Threat Modeling & Security Design Reviews: Conduct structured threat modeling … will you bring? 7+ years of experience in Product Security, Application Security, or a related security engineering role. Deep expertise in secure software development, secure coding practices, and OWASP Top 10/CWE 25. Strong technical proficiency in modern programming languages (e.g., Python, Java, JavaScript, Go, or C#). Experience with cloud-native security (AWS More ❯

or Cambridge Salary: £70,000 - £120,000 (depending on experience and clearance) We are looking for a Full Stack Developer to join a growing public sector team delivering secure, high-impact digital services across Defence & Security. This is a unique opportunity to use your development expertise to help solve real-world challenges for government and national security clients. … collaborative and supportive engineering team, working alongside technical leads, project managers, and stakeholders to deliver robust and scalable solutions. What you'll be doing: Designing, developing and deploying secure, high-performing web applications for government clients Working across the full software development lifecycle, from requirements through to production Building responsive user … interfaces using modern front-end technologies Developing scalable server-side functionality with appropriate frameworks and languages Creating and maintaining RESTful APIs for integration across platforms Following secure coding practices and supporting compliance with government security standards Conducting security reviews and supporting remediation of vulnerabilities Translating technical requirements into delivery plans and code Communicating effectively with both technical More ❯

or Cambridge Salary: £70,000 - £120,000 (depending on experience and clearance) We are looking for a Full Stack Developer to join a growing public sector team delivering secure, high-impact digital services across Defence & Security. This is a unique opportunity to use your development expertise to help solve real-world challenges for government and national security clients. … collaborative and supportive engineering team, working alongside technical leads, project managers, and stakeholders to deliver robust and scalable solutions. What you'll be doing: Designing, developing and deploying secure, high-performing web applications for government clients Working across the full software development lifecycle, from requirements through to production Building responsive user … interfaces using modern front-end technologies Developing scalable server-side functionality with appropriate frameworks and languages Creating and maintaining RESTful APIs for integration across platforms Following secure coding practices and supporting compliance with government security standards Conducting security reviews and supporting remediation of vulnerabilities Translating technical requirements into delivery plans and code Communicating effectively with both technical More ❯

or Cambridge Salary: £70,000 - £120,000 (depending on experience and clearance) We are looking for a Full Stack Developer to join a growing public sector team delivering secure, high-impact digital services across Defence & Security. This is a unique opportunity to use your development expertise to help solve real-world challenges for government and national security clients. … collaborative and supportive engineering team, working alongside technical leads, project managers, and stakeholders to deliver robust and scalable solutions. What you'll be doing: Designing, developing and deploying secure, high-performing web applications for government clients Working across the full software development lifecycle, from requirements through to production Building responsive user … interfaces using modern front-end technologies Developing scalable server-side functionality with appropriate frameworks and languages Creating and maintaining RESTful APIs for integration across platforms Following secure coding practices and supporting compliance with government security standards Conducting security reviews and supporting remediation of vulnerabilities Translating technical requirements into delivery plans and code Communicating effectively with both technical More ❯

or Cambridge Salary: £70,000 - £120,000 (depending on experience and clearance) We are looking for a Full Stack Developer to join a growing public sector team delivering secure, high-impact digital services across Defence & Security. This is a unique opportunity to use your development expertise to help solve real-world challenges for government and national security clients. … collaborative and supportive engineering team, working alongside technical leads, project managers, and stakeholders to deliver robust and scalable solutions. What you'll be doing: Designing, developing and deploying secure, high-performing web applications for government clients Working across the full software development lifecycle, from requirements through to production Building responsive user … interfaces using modern front-end technologies Developing scalable server-side functionality with appropriate frameworks and languages Creating and maintaining RESTful APIs for integration across platforms Following secure coding practices and supporting compliance with government security standards Conducting security reviews and supporting remediation of vulnerabilities Translating technical requirements into delivery plans and code Communicating effectively with both technical More ❯

integrating security tools and processes into our CI/CD workflows to enhance the developer experience Champion a security-first mindset within the development team, promoting secure coding practices and providing guidance on secure development methodologies Create security focused DevSecOps policies and standards and provide training and awareness to the development team Develop Key Risk More ❯

execute the Holland & Barrett application security strategy. Collaborate with both tech and non-tech teams to integrate security principles into the early stages of product design and development. Secure SLDC: Establish a secure Software Development Lifecycle (SDLC) that enables development teams to deliver high-quality applications quickly while implementing essential controls for software integrity, authenticity, and … Own the creation and maintenance of tailored security standards and guidelines, developing reusable resources for various development teams. Team Support: Provide guidance and support to development teams on secure software production practices and flaw mitigation … strategies. Key Requirements: Essential: 5+ years of experience in application security, with at least 3+ years in software development. Strong understanding of application security concepts, including secure coding practices, threat modeling, vulnerability management, and access control mechanisms. Experience with AWS, Kubernetes, Service Mesh, and API Security (including authentication and authorization). Proficiency in programming languages such as More ❯

DevOps Engineer leads the design and implementation of advanced DevOps practices and infrastructure solutions. They mentor other DevOps Engineers and collaborate with technical teams to deliver highly automated, secure, and scalable platforms that support software delivery at pace. Key Responsibilities: Take an active role in defining and delivering platform improvement initiatives that enhance reliability, scalability, and developer experience. … decision-making and prioritisation. Lead the design, development, and optimisation of advanced CI/CD pipelines that meet the evolving needs of multiple development teams. Ensure pipelines are secure, efficient, and reliable, and promote automation of testing, security checks, and deployment across environments. Provide technical leadership in implementing and maintaining infrastructure as code solutions using Terraform, Ansible, and … into CI/CD pipelines, ensuring that security is embedded throughout the software delivery lifecycle. Collaborate with security and compliance teams to manage vulnerabilities and enforce secure coding and deployment practices. Lead technical risk assessments to evaluate platform and pipeline vulnerabilities. Support internal and external audits, ensuring that systems and processes meet regulatory, security, and organisational compliance More ❯

Stack Engineer, you will be instrumental in developing cloud-native platforms and modern web applications. You will collaborate closely with multidisciplinary teams and clients to design and build secure, scalable solutions using the latest tools in JavaScript, cloud, and DevOps technologies. Key Responsibilities: Develop RESTful microservices with Node.js Build responsive front-end applications using JavaScript/TypeScript with … as Code tools such as Terraform Knowledge of NoSQL databases (e.g., MongoDB) and SQL databases (e.g., Postgres) Understanding of accessibility standards, web development best practices, and secure coding principles Bonus Skills: Experience building microservices in languages such as C# or Java Integration experience with large language models using tools like LangChain or Vercel AI Familiarity with the More ❯

tech providers, they're redefining how enterprise-grade security is built, deployed, and continuously improved. They're now seeking a Security Development and Test Director to lead their secure software engineering function, drive DevSecOps maturity, and embed security across the development lifecycle. This is a client-facing, commercially strategic position – ideal for a security leader who thrives at … the intersection of technical delivery and business growth. Why join? Shape and scale a modern secure-by-design function in a high-growth global firm Strategic autonomy to influence architecture standards, DevSecOps integration, and engineering culture Engage directly with major enterprise clients and shape security roadmaps that matter Be part of a company recognised for its DEI leadership … CI/CD workflows Owning security tooling strategy (SAST, DAST, SCA, container scanning) and driving adoption across development pipelines Building and mentoring high-performing teams in secure coding, DevSecOps, and threat modelling Leading engagements with major clients during pre-sales, delivery and review phases Managing financials, resource planning, and service maturity across the Secure SDLC More ❯

tech providers, they're redefining how enterprise-grade security is built, deployed, and continuously improved. They're now seeking a Security Development and Test Director to lead their secure software engineering function, drive DevSecOps maturity, and embed security across the development lifecycle. This is a client-facing, commercially strategic position - ideal for a security leader who thrives at … the intersection of technical delivery and business growth. Why join? Shape and scale a modern secure-by-design function in a high-growth global firm Strategic autonomy to influence architecture standards, DevSecOps integration, and engineering culture Engage directly with major enterprise clients and shape security roadmaps that matter Be part of a company recognised for its DEI leadership … CI/CD workflows Owning security tooling strategy (SAST, DAST, SCA, container scanning) and driving adoption across development pipelines Building and mentoring high-performing teams in secure coding, DevSecOps, and threat modelling Leading engagements with major clients during pre-sales, delivery and review phases Managing financials, resource planning, and service maturity across the Secure SDLC More ❯

execute the Holland & Barrett application security strategy. Collaborate with both tech and non-tech teams to integrate security principles into the early stages of product design and development. Secure SLDC: Establish a secure Software Development Lifecycle (SDLC) that enables development teams to deliver high-quality applications quickly while implementing essential controls for software integrity, authenticity, and … Own the creation and maintenance of tailored security standards and guidelines, developing reusable resources for various development teams. Team Support: Provide guidance and support to development teams on secure software production practices and flaw … mitigation strategies. Key Requirements: 5+ years of experience in application security, with at least 3+ years in software development. Strong understanding of application security concepts, including secure coding practices, threat modeling, vulnerability management, and access control mechanisms. Experience with AWS, Kubernetes, Service Mesh, and API Security (including authentication and authorization). Familiarity with Agile methodologies like SCRUM More ❯

capability Work with the customer and appropriate agencies to develop new policies, design processes, and procedures, and develop technical designs Assess system vulnerabilities, implement risk mitigation strategies, validate secure systems, and test security products and systems to detect security weakness Maintain and support security enforcing functions Core Skills Experience working in MOD or Home Office project environments Strong … system security, including firewalls, IDS/IPS, micro-segmentation, and host security. Hands on experience with the following security products Trellix, Ivanti, ClearSwift, Yubikey Understanding of secure coding practices and common vulnerabilities (OWASP Top 10, SANS Top 25). Expertise in identity and access management (IAM), including RBAC, ABAC, JWT and Cookie based authentication. Incident detection and … pod security standards, secrets management). Knowledge of container runtime security (e.g., container escapes, rootless containers, sandboxing). Image security best practices, including scanning, signing, and provenance verification. Secure deployment patterns using Tanzu & Kubernetes. Runtime security monitoring. DevSecOps & CI/CD Security Secure CI/CD pipeline design with security testing using like Git and SonarQube. More ❯

who isn't just an expert in application security tooling but is also a visionary leader capable of shaping our organization's approach to open-source security and secure development practices across a global engineering footprint. You'll be instrumental in evolving our application security posture, acting as a subject matter expert and a champion for best practices … and processes as needed; Participate in security reviews, threat modeling, and architecture discussions to identify and mitigate security risks early in the development process; Advise on secure coding guidelines and standards. Operational Excellence: Establish and report on key metrics and KPIs related to SCA and SAST program effectiveness for the entire organization; Automate security processes and tooling … s degree in Computer Science, Information Security, or a related field, or equivalent practical experience; 5+ years of progressive experience in application security, with a strong focus on secure software development lifecycle (SSDLC); Demonstrable expert-level experience (5+ years) specifically implementing, configuring, tuning, and optimizing SCA for large, complex organizations. This includes deep expertise with SCA and a More ❯