and CI/CD pipelines (Travis CI, GitLab, Jenkins, GoCD); Experience with domain-specific languages like Chef, Ansible, Salt, or Puppet; Experience with deployment and configuration management; Knowledge of staticcodeanalysis and code quality practices; Understanding of security considerations; Awareness of Non-Functional Requirements (NFRs); Experience with Docker and Kubernetes; Understanding of deploying mobile apps More ❯
Cardiff, Wales, United Kingdom Hybrid / WFH Options
BBC Group and Public Services
science and MLOps/LLMOps workflows. Collaborate with Data Scientists to deploy, serve, and monitor LLMs in real-time and batch environments using Amazon SageMaker, Bedrock Implement Infrastructure-as-Code with AWS CDK, CloudFormation to provision and manage cloud environments. Build and maintain CI/CD pipelines using GitHub Actions, AWS CodePipeline, CodeBuild, Jenkins. Integrate monitoring and observability tools … CloudWatch, Prometheus, Grafana for infrastructure and model health tracking. Ensure software quality through Test-Driven Development (TDD), unit testing frameworks (e.g., pytest, unittest), and automated integration tests. Conduct regular code reviews, participate in pair programming, and advocate for clean code, modular design, and maintainable architecture. Collaborate with architects and stakeholders to design high-level system architecture for cloud … integrated products. Enforce security best practices (IAM, encryption, VPC configuration, audit logging) using AWS native services and third-party tools. Embed security throughout the software development lifecycle by integrating static and dynamic codeanalysis, vulnerability scanning, and policy-as-code tools into CI/CD pipelines—ensuring DevSecOps principles are applied from design to deployment. Promote More ❯
seeking a highly experienced Application Security Consultant to conduct a comprehensive security review of a web-based application. This is a non-invasive, review-only assignment — no remediation or code modifications are required. You’ll work independently to assess application code and related configurations, identify any security vulnerabilities, and deliver a detailed, evidence-based security audit report . … Key Responsibilities Perform staticcodeanalysis and security audit of a web application. Identify potential vulnerabilities in logic, data handling, authentication, and access control. Assess the application against OWASP Top 10 and other secure coding standards. Review third-party dependencies for known issues. Produce a professional security report with risk ratings, findings, and recommendations. Required Skills & Experience … 4+ years in Application Security , AppSec consulting , or Secure Code Review roles. Familiarity with tools like Snyk , Checkmarx , Veracode , or Burp Suite (passive scanning) . Knowledge of OWASP , CWE , and general secure software development principles. Strong technical writing and communication skills. Preferred certifications: OSCP , CSSLP , GWAPT , CEH , or equivalent. Executive summary for non-technical stakeholders. Technical breakdown of findings More ❯
seeking a highly experienced Application Security Consultant to conduct a comprehensive security review of a web-based application. This is a non-invasive, review-only assignment — no remediation or code modifications are required. You’ll work independently to assess application code and related configurations, identify any security vulnerabilities, and deliver a detailed, evidence-based security audit report . … Key Responsibilities Perform staticcodeanalysis and security audit of a web application. Identify potential vulnerabilities in logic, data handling, authentication, and access control. Assess the application against OWASP Top 10 and other secure coding standards. Review third-party dependencies for known issues. Produce a professional security report with risk ratings, findings, and recommendations. Required Skills & Experience … 4+ years in Application Security , AppSec consulting , or Secure Code Review roles. Familiarity with tools like Snyk , Checkmarx , Veracode , or Burp Suite (passive scanning) . Knowledge of OWASP , CWE , and general secure software development principles. Strong technical writing and communication skills. Preferred certifications: OSCP , CSSLP , GWAPT , CEH , or equivalent. Executive summary for non-technical stakeholders. Technical breakdown of findings More ❯
