1 to 25 of 663 Permanent OWASP Jobs

tools, including: Jenkins GitLab CI/CD Security Tools Experience with security tools, including: Static Application Security Testing (SAST) tools (e.g., Sonare) Dynamic Application Security Testing (DAST) tools (e.g., OWASP ZAP, Burp Suite) Container security tools (e.g., Docker, Kubernetes) Cloud security tools (e.g., AWS IAM, Azure Security Center) Cloud Platforms Knowledge of cloud platforms, including: Amazon Web Services (AWS) Microsoft … pipelines, including: Jenkins Pipelines GitLab CI/CD Pipelines CircleCI Pipelines Azure DevOps Pipelines Security Frameworks and Compliance: Knowledge of security frameworks and compliance regulations, including: NIST Cybersecurity Framework OWASP Security Cheat Sheet Minimum Education Requirements: BA/BS or MA/MS preferred Clearance Requirements: TS/SCI Here's your chance to join a small but growing team More ❯

tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and guide teams on secure development practices. Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in … on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development More ❯

tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and guide teams on secure development practices. Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in … on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development More ❯

and architectural risk assessments, identifying vulnerabilities early and collaborating on risk mitigation strategies. Define and enforce secure coding standards and architectural best practices aligned with industry benchmarks such as OWASP Top 10 and API Security Top 10. Partner with cloud engineers and developers to embed security controls specific to GCP, such as workload identity, IAM policy enforcement, VPC Service Controls … these into automated build and deployment pipelines. Practical expertise with threat modeling methodologies such as STRIDE, PASTA, or Attack Trees. Strong knowledge of secure coding standards and common vulnerabilities (OWASP Top 10, API Security Top 10) and how to mitigate them. Familiarity with Google Cloud Platform (GCP) security features and best practices, including IAM, Cloud Armor, Security Command Center, and More ❯

automation and integration. Proficiency with static code analysis, dynamic application security testing (DAST), and vulnerability scanning tools like Fortify and Acunetix. Knowledge: In-depth understanding of security frameworks (e.g., OWASP, NIST) and best practices for mitigating vulnerabilities. Familiarity with common threat vectors and experience addressing them in development and operations environments. Additional Information GoldenTech is a systems integrator firm, focusing More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS...), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of cryptography including encryption More ❯

Acunetix, and Prisma Cloud • Proficiency in scripting languages (e.g., Python, Bash) for automation and tool integration. • Knowledge of security best practices, common vulnerabilities, and exposure to security frameworks (e.g., OWASP, NIST). • Strong problem-solving skills and the ability to work effectively in a fast-paced, collaborative environment. • Excellent communication skills, both written and verbal, with the ability to convey More ❯

GCP, including securing cloud-based applications. Advanced scripting skills in Python, Bash, or similar languages for automation. Knowledge: In-depth understanding of security best practices, vulnerabilities, and frameworks like OWASP and NIST. Additional Information GoldenTech is a systems integrator firm, focusing on solving complex problems in the areas of DevOps, Cloud and Cyber domains. In addition to offering Cloud based More ❯

applications (e.g. content management systems, application servers, databases, etc.) and how to leverage them in an assessment Good understanding of web technologies and how they are commonly subverted (e.g. OWASP Top 10) At least a basic understanding of development frameworks (.NET, Java,...) Ability to remain calm and methodical under pressure PROFESSION COMPETENCIES Adversarial Thinking Cloud Security Assessment Exploitation Techniques More ❯

strong focus on securing cloud architectures. Solid understanding of data security principles and mechanisms, including encryption and masking. Familiarity with major security standards and frameworks (e.g., ISO 27001, NIST, OWASP). Experience with programming languages like Python, Go, or Java. Excellent communication skills to work effectively across technical and business teams. Preferred Qualifications Bachelor's or Master's degree in More ❯

languages and Infrastructure as Code (Terraform, CloudFormation) Familiarity with Jira or other ticketing systems – essential Technical architecture design and review skills – essential Ability to identify vulnerabilities using CWE or OWASP Knowledge of operating systems and their hardening techniques Understanding of development concepts such as CICD, Pipelines, and SDLC Penetration testing knowledge is also super useful Familiarity with Cloud Development Kit More ❯

Knowledge of cloud security frameworks Rest API knowledge Scripting and Infrastructure as Code (Terraform, CloudFormation) Experience with Jira or similar ticketing systems Technical architecture review skills Vulnerability identification (CWE, OWASP) Operating systems and hardening techniques Development concepts like CICD, Pipelines, SDLC Penetration testing knowledge (useful) Familiarity with Cloud Development Kit (CDK), GitOps Experience in DevOps/agile environments Docker, Kubernetes More ❯

vendors and coordinate feedback with teams to ensure actions are followed to mitigate identified risks Skills: Software engineering background is a must with knowledge of Application Security Frameworks e.g. OWASP SAMM/DSOMM etc Hands-on knowledge of information security processes such as security design review, threat modelling, OWASP Top 10, risk analysis, and software testing techniques Strong understanding of … activities - identifying, assessing and providing remediation options for application and technology risks Knowledge of Agile methodologies is a must Knowledge of backend and frontend web application vulnerabilities Knowledge of OWASP Top 10, SANS Top 25 etc Experience working in AWS/Azure/GCP would be beneficial Knowledge of Ci/CD pipelines Thorough understanding of SAST, DAST (including fuzzing More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of cryptography including encryption More ❯

What skills are essential: You have an in-depth knowledge of security principles, technologies, best practices and threat detection and mitigation strategies Knowledge of common attack vectors and methodologies (OWASP Top 10, Mitre ATT&CK Framework and social engineering tactics The ability to identify potential threats, attack vectors, and vulnerabilities in systems and applications Ability to document security requirements from More ❯

supporting CI/CD pipeline tools such as Jira, Confluence, Bitbucket, Jenkins, Artifactory, and GitLab Exposure to cloud-based web services, particularly AWS Knowledge of secure coding practices, including OWASP, secrets management, and vulnerability remediation Strong understanding of networking concepts and architectures Experience working with scanning tools, such as Nessus, Fortify, and Anchore Broad infrastructure knowledge, including computer, networking, storage More ❯

operations teams on bug fixes, retesting, and verifying patches in staging and production-mirroring environments. Quality & Best Practices • Champion infrastructure and security testing best practices, including vulnerability scanning (e.g., OWASP ZAP, Nessus), compliance checks, and disaster-recovery validations. • Contribute to continuous improvement by proposing new testing tools, frameworks, and process enhancements to raise overall system reliability and observability. Agile & Cross More ❯

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

in Computer Science, Computer Engineering, or related field, or equivalent work experience Coding skills in at least one primary language, such as Java or Python and React Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards Utilize Static Application Security Testing tools (i.e. Checkmarx) to identify and remediate code vulnerabilities 1+ years More ❯

You will also have: Experience creating application security strategies, standards, and best practices. Experience working with security issues in software architecture, development, including static/dynamic analysis, dependency checks, OWASP Top10, and threat modeling. Experience in an Agile environment with modern CI/CD tools like GitHub, Jenkins, Bamboo. Ability to translate security policies into effective security controls. Knowledge of … more. Remote working, training, career progression, and family-friendly policies. Keywords Senior Software Security Architect, SDLC, Secure by Design, Application Security, Architecture, Software Development, DevOps, InfoSec, Security, Programming Languages, OWASP, Agile, Cloud, Azure, GDPR, ISO 27001, NIST. Due to high application volumes, only suitable candidates will be contacted. We promote equality and diversity in the workplace. Additional Details Seniority level More ❯

SCCM or enterprise patch management tools Experience with Qualys or enterprise Vulnerability Management and Compliance toolsets. Security legislation and regulatory frameworks exposure and awareness • Industry best practices such as OWASP, Cyber security framework and NCSC guidance • Information Security Management System (Infrastructure Security Operations and Incident Management). • NIST Cyber Security Framework • ISO 27001 - Information Security Management System (ISMS) • CIS - Center More ❯

of defining, implementing, measuring, and supporting the adoption of secure software development lifecycle (SSDLC) practices and secure coding standards within engineering organizations. Strong understanding of web application security vulnerabilities (OWASP Top 10 and beyond), attack vectors, and mitigation techniques. Significant experience securing Infrastructure as Code (IaC) , particularly Terraform, and implementing relevant security checks. Solid experience with container security and securing … communication and influencing skills, with the ability to articulate complex security concepts clearly to technical audiences. Strong knowledge of relevant security frameworks and standards (e.g., NIST CSF, CIS Benchmarks, OWASP ASVS). Exposure and knowledge of the MITRE ATT&CK framework. Experience effectively coordinating external penetration testing engagements and managing remediation efforts. Nice to have Relevant advanced security certifications (e.g. More ❯