1 to 25 of 29 Permanent Static Application Security Testing Jobs in the UK

passionate Senior Application Security Engineer to lead our Software Composition Analysis (SCA) and Static Application Security Testing (SAST) initiatives, with a primary focus on driving the strategic implementation and optimization of our SCA tool. This is a pivotal, corporate-level role for an individual … that benefit the vast majority of our engineering teams, ensuring scalable and effective security measures before addressing niche requirements. Key Responsibilities SCA and SAST Leadership & Global Strategy: Serve as the primary technical lead and subject matter expert for SCA across Trimble, including SAST (if applicable); Drive the strategic vision ...

scope to infrastructure and cloud environments as maturity grows. Continuously simulate attacker techniques to validate product resilience. Ø Tooling & Automation Drive adoption of SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) solutions, with emphasis on Java and web application … continuous improvement. Knowledge, Skills and Abilities : Ø Strong knowledge of secure development practices, threat modeling, and vulnerability management. Ø Hands-on experience with SAST/DAST tools and CI/CD integration. Ø Excellent communication skills to engage developers, auditors, and executives. Ø Proven experience leading teams in agile/ ...

About the role The position will be based at our Tesco Technology offices in London. About the Security Partners team We are the trusted security advisors for Tesco Technology. Our purpose is to collaborate seamlessly with the product and engineering stakeholders, leveraging our deep expertise in cyber security … designing security/privacy controls to mitigate risks. Experience in application security, supply chain security, and using tools such as SAST, DAST, SCA, and IAC. • Experience in reviewing code to spot weaknesses and suggesting mitigations. Experience applying industry standards like OWASP ASVS (Application Security ...

About the role The position will be based at our Tesco Technology offices in London. About the Security Partners team We are the trusted security advisors for Tesco Technology. Our purpose is to collaborate seamlessly with the product and engineering stakeholders, leveraging our deep expertise in cyber security … designing security/privacy controls to mitigate risks. Experience in application security, supply chain security, and using tools such as SAST, DAST, SCA, and IAC. • Experience in reviewing code to spot weaknesses and suggesting mitigations. Experience applying industry standards like OWASP ASVS (Application Security ...

About the role An exciting opportunity to join a leading company and play an influential part in their continued dedication to Application Security. At Tesco, the application security team's strategy is to provide security tooling that fits seamlessly into software engineering teams ways of working … application security (Web, API, Mobile) • An understanding of microservices and container orchestration • Solid grasp of Application Security Tooling (SCA/SAST/DAST/IaC Security) • Knowledge of OWASP Top 10, Mitre Top 25 and CVSS frameworks, mapping to business risk • Experience in implementing security ...

About the role An exciting opportunity to join a leading company and play an influential part in their continued dedication to Application Security. At Tesco, the application security team's strategy is to provide security tooling that fits seamlessly into software engineering teams ways of working … application security (Web, API, Mobile) • An understanding of microservices and container orchestration • Solid grasp of Application Security Tooling (SCA/SAST/DAST/IaC Security) • Knowledge of OWASP Top 10, Mitre Top 25 and CVSS frameworks, mapping to business risk • Experience in implementing security ...

INFORMATION SECURITY SPECIALIST KEY POINTS * Hybrid working model (Stoke-on-Trent) - up to £55,000 p/a* Focus on application security, code analysis, threat modelling and penetration testing* Work closely with Software Development teams across a large technical environment* Opportunity to influence secure development practices … client in conjunction with this vacancy only. KEY SKILLS Application Security, AppSec, OWASP, Threat Modelling, Secure Development Lifecycle, Code Review, DAST, SAST, CI/CD, Penetration Testing, Supply Chain Security, Risk Assessment, Software Security, Automation ...

Title: Senior Application Security EngineerSalary: £70,000Location: Reading/remote About the Organisation Join a fast-growing UK technology and consulting firm that's investing heavily in cutting-edge cyber security. With a strong focus on innovation, collaboration, and professional development, this company empowers its people to shape … software are secure by design. Drive vulnerability management and implement a risk-based approach across the technology stack. Perform security testing (SAST, DAST, SCA) and work with developers to remediate findings. Support cloud security controls (primarily Azure, including cloud-native apps). Champion secure development, threat modelling ...

Title: Senior Application Security EngineerSalary: £70,000Location: Reading/remote About the Organisation Join a fast-growing UK technology and consulting firm that's investing heavily in cutting-edge cyber security. With a strong focus on innovation, collaboration, and professional development, this company empowers its people to shape … software are secure by design. Drive vulnerability management and implement a risk-based approach across the technology stack. Perform security testing (SAST, DAST, SCA) and work with developers to remediate findings. Support cloud security controls (primarily Azure, including cloud-native apps). Champion secure development, threat modelling ...

Title: Senior Application Security Engineer Salary: £70,000 Location: Reading/remote About the Organisation Join a fast-growing UK technology and consulting firm that's investing heavily in cutting-edge cyber security. With a strong focus on innovation, collaboration, and professional development, this company empowers its people … software are secure by design. Drive vulnerability management and implement a risk-based approach across the technology stack. Perform security testing (SAST, DAST, SCA) and work with developers to remediate findings. Support cloud security controls (primarily Azure, including cloud-native apps). Champion secure development, threat modelling ...

Stratford) Key Skills and Responsibilities: Design, deliver, and support secure and scalable AWS infrastructure using services like EC2, S3, ECS, and FARGATE Integrate SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools into CI/CD pipelines to enforce secure ...

SIEM, 24x7 monitoring, incident response) EDR (Endpoint Detection & Response) DLP (Data Loss Prevention) IAM (Identity & Access Management) Application Security (AppSec testing, SAST/DAST, secure SDLC, code review) Responsibilities include: Understanding customer security posture, pain points, compliance requirements, and risk appetite. Working with presales/SMEs … managed endpoint security DLP technologies and data protection strategies IAM (SSO, MFA, PAM, lifecycle management) Application security concepts and tools (SAST, DAST, code review, DevSecOps) Familiarity with compliance and regulatory frameworks (e.g. ISO 27001, SOC2, GDPR, PCI-DSS) is a plus. Comfort dealing with complex, multi-stakeholder ...

show how much they can achieve. Our success is truly a collective effort - we succeed when all our people succeed. Softcat's Information Security team is seeking an Application Security Engineer with a strong emphasis on cloud security & secure development practice. This role … clear guidelines and best practices for secure coding and assist developers in implementing them across multiple languages (Java, C#, .NET, Python) Ensuring technologies like SAST, DAST and SCA are utilised effectively Establish and communicate metrics to help us understand effectiveness and measure improvement Support teams in developing, implementing and maintaining ...

Cyber Security Consultant £30,000 - £45,000 per annum Melton Mowbray Role Summary Our client is a growing MSP based in Melton Mowbray, helping organisations of all sizes strengthen their security posture and achieve recognised certifications. They are looking for a skilled Cyber Security Consultant specialising … CCRT/CCT or CHECK Team Member . OSCP/OSWE/OSEP/GPEN/eCPPT/similar. Experience with secure code review, SAST/DAST pipelines, or DevSecOps. Familiarity with ISO 27001 or wider GRC frameworks. What Our Client Offers: Competitive salary and annual performance bonus. Training budget ...

sources, machine learning and AI to make machines do the heavy lifting About The Role We are looking for a hands-on Staff Cyber Security Engineer to join our InfoSec team and help secure our growing platform and products. This role requires an engineer who can bridge … Development: Work directly with engineering teams to embed security best practices throughout the SDLC. Automation: Implement, maintain, and tune DevSecOps tools and pipelines (SAST, DAST, SCA) to automatically identify and remediate security flaws in code and infrastructure. Threat Modelling: Conduct and facilitate threat modelling sessions for new features ...

unrivalled - though this isn't for the feint of heart, an established Business in growth phase and a true Unicorn. The Role: The Senior Security Engineer will provide hands-on technical leadership within the UK, ensuring that cyber security strategy and architecture defined by Group are implemented effectively … have an initial teams/zoom with those selected. Keywords: Security Engineer, Senior Security Engineer, Palo Alto, SOC, SOC 2, ISO27001, CIS, SAST, DAST, VPN, Vulnerability, Pen Testing, InfoSec, CyberSec ...

About the role As a Cloud Security Engineer within the Run and Operate chapter at Tesco Mobile, you'll play a key role in securing and optimising our cloud platforms—primarily AWS and Azure. You'll help design, manage, and deploy secure solutions across a variety of environments, maintaining … Proven track record of delivering cloud and SaaS security improvement projects. Familiarity with CI/CD pipelines and integrating security tooling (e.g., SAST). Experience with infrastructure validation, threat identification, and risk mitigation. Nice to have: GitHub and GitHub Actions experience. Hands-on experience with Azure cloud security ...

Cloud & Security Engineer Hybrid - Belfast | Full-time About the Role: Our client is a leading organisation in the digital asset space, supporting institutional partners with secure, innovative technology solutions. They are seeking a Cloud & Security Engineer to help design, implement, and maintain secure multi-cloud environments while strengthening … Policy). Build security automation and IaC-driven deployments using Terraform or CloudFormation. Integrate security testing into CI/CD pipelines (SAST, DAST, IaC scanning). Ensure cloud infrastructure meets internal policies and regulatory standards. Configure cloud-native logging, monitoring, and incident response workflows. Collaborate with DevOps ...

About the role Shape the Future of Cloud Security at Tesco Mobile Tesco Mobile is the UK’s largest virtual mobile network, powered by O2 and backed by the strength of Tesco. We’re known for doing things differently — winning awards for customer satisfaction and bringing the best … using PowerShell or Azure CLI Infrastructure as Code experience (Terraform) Experience with SIEM tools and log management CI/CD pipeline security integration SAST and secure coding practices A collaborative attitude and eagerness to learn Bonus skills: Exposure to AWS environments GitHub & GitHub Actions Splunk (data streams, dashboards, ingestion ...

Agile Scrum and design meetings Governance of web application CI/CD pipelines Governance of web application software quality (e.g. unit tests, SAST, SCA) Design and development of web application security Technical mentorship of frontend engineers What you'll need: At least 6 years of experience … similar modern JS framework) Experience mentoring and leading engineering team Experience with test libraries, such as Jest Practical knowledge of modern web application deployment infrastructures Fluency in English, written and verbal Strong knowledge of SDLC Benefits: Competitive salary Company Pension & Life Assurance Schemes On-site parking Hybrid Working Subsidised ...

client within Investment Banking are looking for a DevSecOps SME to join their team. The role will be working on the integration of security practices … into our DevOps pipelines Requirements Design, implement, and maintaining secure CI/CD pipelines. Integrate security tools and practices into DevOps workflows (e.g., SAST, DAST, SCA, secrets management). Collaborate with development, operations, and security teams to implement and ensure secure coding and deployment practices. Advise on threat ...

automated compliance workflows. Key Responsibilities Design & implement a backend platform that schedules ingestion, normalization, storage, and historical tracking of security artifacts (BOMs, SAST/SCA findings, fuzzing results) in a scalable, tool-agnostic fashion. Develop and maintain ETL pipelines and database schemas for high-throughput ingestion and historical trend … document data schemas, APIs, and dashboard usage. “Nice to Have” Skills and Experience Experience with Grafana, Prometheus, or similar observability platforms. Familiarity with SAST and SCA tools (e.g., Coverity, Black Duck) and experience understanding their findings. Experience defining and visualizing key security and performance metrics within dashboard solutions. Experience ...

client is a fast-growing cyber-defence and threat-intelligence company committed to protecting organisations from sophisticated cyber threats. They combine advanced security analytics, automation and human expertise to deliver real-time defence across modern cloud and on-prem environments. They are expanding their engineering team and looking … across cloud and on-prem environments. +Build and manage Infrastructure-as-Code (Terraform, Ansible, CloudFormation, etc.). +Integrate security tooling into development workflows: SAST, DAST, dependency scanning, secrets management, etc. +Collaborate with engineering teams to perform threat modelling and ensure secure system design. Key Skills and Experience: +Strong experience ...

Please note that the role requires frequent travel to Nottingham. Are you ready to shape the future of security in a cutting-edge, multi-cloud environment? We're looking for a Principal Security Architect to define and lead the end-to-end security architecture for a complex … Privacy & Compliance: Map data flows, define ROPA, and embed privacy-by-design controls aligned to GDPR, HIPAA, and PCI DSS. Drive DevSecOps Excellence: Integrate SAST/DAST, IaC scanning, SBOM generation, and secure release governance into delivery pipelines. Monitor & Respond: Build detection use cases, integrate logs into SIEM, and establish ...

Cloud infrastructure fluency (AWS, Azure or GCP) Hands-on experience with Docker, Kubernetes, CI/CD, Git, build tools Solid AppSec experience with SCA, SAST, SBOM, Container Security Ability to build full DevOps pipelines If you originally started in a software development role, then even better. Your Role: Working ...