1 to 25 of 59 Remote Permanent OWASP Jobs

firewalls, IDS/IPS, micro-segmentation, and host security. Hands on experience with the following security products Trellix, Ivanti, ClearSwift, Yubikey Understanding of secure coding practices and common vulnerabilities (OWASP Top 10, SANS Top 25). Expertise in identity and access management (IAM), including RBAC, ABAC, JWT and Cookie based authentication. Incident detection and response in MOD environments. Security compliance More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of cryptography including encryption More ❯

Knowledge of cloud security frameworks Rest API knowledge Scripting and Infrastructure as Code (Terraform, CloudFormation) Experience with Jira or similar ticketing systems Technical architecture review skills Vulnerability identification (CWE, OWASP) Operating systems and hardening techniques Development concepts like CICD, Pipelines, SDLC Penetration testing knowledge (useful) Familiarity with Cloud Development Kit (CDK), GitOps Experience in DevOps/agile environments Docker, Kubernetes More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

well as in vulnerability mitigations/remediation planning, for identified systems, network, application and database vulnerabilities Ability to architect, design, troubleshoot, maintain, and deploy vulnerability scanning solutions such as (OWASP, Fortify, Sonarqube, Tenable, etc.) Experience with XACTA, EMass, or similar tool Strong in-depth understanding of including Microsoft Windows and Linux/UNIX operating systems Experience with middleware/web More ❯

teams and business stakeholders is essential. Experience working with security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency check, OWASP Top10 testing, application threat modelling. In-depth experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and … Security Architect, SDLC, Secure by Design, Architecture, Software Development, Engineering, DevOps, InfoSec, Security, Security Strategy, Best Practice, Programming, Code, C++, C#, C, .NET Core, Java, JavaScript, Node.js, Angular, React, OWASP, Agile, Application Threat Modelling, Security Policy, Security Controls, ISO 27001, NIST, GDPR, Cloud, Azure. Please note that due to a high level of applications, we can only respond to applicants More ❯

and Azure DevOps (CI/CD) - Familiar with scripting languages like PowerShell, YAML, JSON - Expertise in application security tools and DevSecOps processes - Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) - Experience with threat modelling, risk assessments, and secure design reviews - Comfortable owning security strategy and tooling across complex, modern product landscapes - Strong communicator - able to engage More ❯

and Azure DevOps (CI/CD)- Familiar with scripting languages like PowerShell, YAML, JSON- Expertise in application security tools and DevSecOps processes- Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC)- Experience with threat modelling, risk assessments, and secure design reviews- Comfortable owning security strategy and tooling across complex, modern product landscapes- Strong communicator - able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator - able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator - able to engage More ❯

Security Testing. Working knowledge of at least 5 of the following security tools and technologies: Burp Suite (including Burp Scanner) - for web application vulnerability scanning and manual security testing. OWASP ZAP - for DAST and automated security regression testing. Postman or SOAP UI - for API testing with a security focus (e.g. injection, authorisation, token misuse). OAuth2/OpenID Connect - for … systems (e.g. Git) - for secure code handling and integration with secrets scanners. Static Application Security Testing (SAST) tools - e.g. SonarQube, Checkmarx, Semgrep. Dynamic Application Security Testing (DAST) tools - e.g. OWASP ZAP, Burp Suite Pro. Infrastructure-as-Code (IaC) scanning tools - e.g. tfsec, Checkov. Threat modelling methodologies - e.g. STRIDE, PASTA, or creating risk-based test charters. Familiarity with the OWASP Top More ❯

application security Experience working with large-scale multi-cloud, multi-account architecture CISSP, CISM, AWS Solutions Architect Professional, Azure Solutions Architect, or equivalent certification, is preferred Thorough understanding of OWASP Top 10 and Secure Development Expertise in automating security tools and integrations, including simple scripting Experience with application security tools (SAST, DAST, IAST and SCA) Strong technical knowledge of development More ❯

pure product or application security Strong expertise in offensive security techniques and methodologies, including ethical security testing Deep understanding of secure coding practices, common vulnerabilities and risk scoring methodologies (OWASP Top 10, CWE, CVSS scoring etc.) Strong experience communicating to stakeholders of varying technical skill levels Your experience should include: Using offensive security tooling, including tools such as Burp Suite More ❯

and cloud security vulnerabilities (e.g., XSS, SSRF, CSRF, CORS, SQL Injection, broken authentication/authorization, encryption flaws). Provide expert guidance on secure coding practices, common vulnerability classes (e.g., OWASP Top 10), and threat modeling for modern web applications. Conduct security reviews of design and architecture documents; lead threat modeling exercises using frameworks such as STRIDE, PASTA, MITRE ATT&CK … developers, write clear documentation, and engage stakeholders. Nice to have: Certifications such as OSCP, GCIH, GWAPT, or CISSP. Familiarity with security frameworks such as NIST CSF, MITRE ATT&CK, OWASP ASVS, or ISO 27001. Experience with commercial security tools such as EDR, SIEM, CSPM, CNAPP, vulnerability scanners, bug bounty platforms, WAFs, or compliance automation platforms. Prior experience driving security engineering More ❯

audit and privacy policies and regulations General knowledge of security technology Nice to have: Experience with PowerBI Programming skills and experience (python, java, SQL) Technical network skills Knowledge of OWASP, SANS, NIST, ISO 27001, ISF or other security-related practices Previous Banking/Financial Industry experience CISSP, CISA, CRISC, CSSLP, SABSA certifications Skills & Competencies: Vulnerability management Risk reporting Programming Data More ❯

the following technical competencies: Solid grounding in OS and network fundamentals (Linux, Windows, Mac, TCP/IP stack). Knowledge of common attack techniques and mitigations (MITRE ATT&CK, OWASP Top 10). Familiarity with scripting and automation using Python, Bash, or PowerShell. Strong understanding of Active Directory attack chains and common privilege escalation paths. Experience interpreting logs and event More ❯

Docker, Kubernetes, Terraform, and Helm. Hands-on experience developing modern web applications with Angular and TypeScript. Familiarity with Azure DevOps for backlog management and project tracking. Working knowledge of OWASP security best practices. Exposure to FedRAMP compliance standards and processes. What is it in for you? Opportunities for career growth Skills development Team collaboration Private Health Insurance Equity Tracking Award More ❯

junior team members and support collaborative delivery of projects. Occasionally support the creation of marketing materials such as research papers and articles. Skills/Must have: Strong knowledge of OWASP methodologies and offensive testing across black/grey/white-box approaches. Proficiency in tools like Burp Suite, Kali, Nmap, Nessus, Qualys, Metasploit. Familiarity with cloud platform security testing (AWS More ❯

containerised applications using technologies such as AWS Lambda, Spring Boot, NodeJS, Python FastAPI, Oracle, PostgreSQL and MongoDB Contributing to DevSecOps delivery pipelines, using tooling such as Atlassian, Jenkins, GitLab, OWASP and AWS services Applying Site Reliability Engineering principles to ensure solutions are resilient, reliable and cost-effective Supporting clients and end users in making technical product decisions by clearly explaining More ❯

solving skills and attention to detail. 3+ years of professional PHP development experience. Solid understanding of object-oriented programming and SOLID principles. Solid knowledge of secure coding practices (e.g. OWASP). Experience with modern PHP frameworks (preferably Laravel or Symfony). Familiarity with relational databases (MySQL) and writing performant queries. Comfortable working with Git, Composer and modern development workflows. Strong More ❯

Security Engineer/Cloud/DSOMM/OWASP/Salesforce Permanent Hybrid - 2 or 3 days p/w on-site Leeds FPSG have a fantastic opportunity to join a large-scale digital transformation programme aimed at uniting multiple internal business units under a new, secure, cloud digital platform. Ideal for a hands-on Security Engineer who enjoys embedding security … maturity frameworks such as DSOMM, including hands-on delivery (code, configuration, documentation, tooling) Designing, building, operate, monitoring secure solutions across complex platforms Ensuring internal and industry security standards (e.g. OWASP CI/CD, SAMM) are adhered to across systems Managing and improving cloud security posture (Azure Defender, Prisma Cloud etc) Implementing and optimising observability platforms for holistic system monitoring Supporting … software estates, including deployment pipelines, rollback strategies, and uptime monitoring Practical experience building automated security test suites into CI/CD workflows Familiarity with security frameworks such as DSOMM, OWASP, and SAMM Suitability: This role is a technical hands-on security engineering role, it is NOT GRC focused. It would be well-suited to experienced Security Engineers or Developers with More ❯

record of successes. Understanding of security compliance standards relevant to the SaaS industry, such as PCI, GDPR, ISO 27001, SOC2, NIST. An understanding of application security principals, best practices, OWASP/related standards. Knowledge of security frameworks & controls, hardening standards & security best practices. An understanding of network protocols & practices, firewalls, intrusion detection/prevention systems and WAFs. We look for More ❯

maturity frameworks such as DSOMM, including hands-on delivery (code, configuration, documentation, tooling) Designing, building, operate, monitoring secure solutions across complex platforms Ensuring internal and industry security standards (e.g. OWASP CI/CD, SAMM) are adhered to across systems Managing and improving cloud security posture (Azure Defender, Prisma Cloud etc) Implementing and optimising observability platforms for holistic system monitoring Supporting … software estates, including deployment pipelines, rollback strategies, and uptime monitoring Practical experience building automated security test suites into CI/CD workflows Familiarity with security frameworks such as DSOMM, OWASP, and SAMM Suitability: This role is a technical hands-on security engineering role, it is NOT GRC focused. It would be well-suited to experienced Security Engineers or Developers with … annual leave with buy/sell options + Private healthcare + Extensive Wellbeing services and employee discounts Key Technical Terms Security Engineering, Cybersecurity Engineer, Information Security Specialist, Salesforce, Azure, OWASP CI/CD, DSOMM, SAMM, Cloud Security Posture Management, Prisma Cloud, Azure Defender, Snyk, Checkmarx, OpenZAP, Qualys, DAST, SAST, CI/CD, Infrastructure Security, Auth0, Secure APIs, Networking Protocols, DevSecOps More ❯

maturity frameworks such as DSOMM, including hands-on delivery (code, configuration, documentation, tooling) Designing, building, operate, monitoring secure solutions across complex platforms Ensuring internal and industry security standards (e.g. OWASP CI/CD, SAMM) are adhered to across systems Managing and improving cloud security posture (Azure Defender, Prisma Cloud etc) Implementing and optimising observability platforms for holistic system monitoring Supporting … software estates, including deployment pipelines, rollback strategies, and uptime monitoring Practical experience building automated security test suites into CI/CD workflows Familiarity with security frameworks such as DSOMM, OWASP, and SAMM Suitability: This role is a technical hands-on security engineering role, it is NOT GRC focused. It would be well-suited to experienced Security Engineers or Developers with … annual leave with buy/sell options + Private healthcare + Extensive Wellbeing services and employee discounts Key Technical Terms Security Engineering, Cybersecurity Engineer, Information Security Specialist, Salesforce, Azure, OWASP CI/CD, DSOMM, SAMM, Cloud Security Posture Management, Prisma Cloud, Azure Defender, Snyk, Checkmarx, OpenZAP, Qualys, DAST, SAST, CI/CD, Infrastructure Security, Auth0, Secure APIs, Networking Protocols, DevSecOps More ❯