276 to 300 of 660 Permanent OWASP Jobs

risk and impact of discovered vulnerabilities. Requirements: 5+ years of hands-on experience in application security and secure software development. Strong knowledge of secure coding practices and common vulnerabilities (OWASP) Experience with SAST, DAST, and IAST tools and integrating them into CI/CD pipelines. Proficiency in writing and reviewing code (JavaScript, Java, Python) with an emphasis on secure patterns. More ❯

risk and impact of discovered vulnerabilities. Requirements: 5+ years of hands-on experience in application security and secure software development. Strong knowledge of secure coding practices and common vulnerabilities (OWASP) Experience with SAST, DAST, and IAST tools and integrating them into CI/CD pipelines. Proficiency in writing and reviewing code (JavaScript, Java, Python) with an emphasis on secure patterns. More ❯

Security Engineer/Cloud/DSOMM/OWASP/Salesforce Permanent Hybrid - 2 or 3 days p/w on-site Leeds FPSG have a fantastic opportunity to join a large-scale digital transformation programme aimed at uniting multiple internal business units under a new, secure, cloud digital platform. Ideal for a hands-on Security Engineer who enjoys embedding security … maturity frameworks such as DSOMM, including hands-on delivery (code, configuration, documentation, tooling) Designing, building, operate, monitoring secure solutions across complex platforms Ensuring internal and industry security standards (e.g. OWASP CI/CD, SAMM) are adhered to across systems Managing and improving cloud security posture (Azure Defender, Prisma Cloud etc) Implementing and optimising observability platforms for holistic system monitoring Supporting … software estates, including deployment pipelines, rollback strategies, and uptime monitoring Practical experience building automated security test suites into CI/CD workflows Familiarity with security frameworks such as DSOMM, OWASP, and SAMM Suitability: This role is a technical hands-on security engineering role, it is NOT GRC focused. It would be well-suited to experienced Security Engineers or Developers with More ❯

assessment. Familiarity with Android security frameworks, libraries, and APIs. Experience with threat modeling, risk assessment, and security architecture design. Knowledge of secure coding practices and common vulnerabilities such as OWASP Top 10. Proficiency in using security tools for vulnerability scanning and code analysis. Excellent problem-solving skills and attention to detail. Strong communication and collaboration abilities, with a passion for More ❯

particularly Scrum, and applying supporting practices. Experience with frontend frameworks and libraries, particularly React.js. Server-side web development experience, particularly in C# or PHP. Knowledge and experience working to OWASP ASVS or equivalent application security standards. Knowledge and experience working with accessibility standards. Experience in developing and containerizing applications with Docker and using orchestration such as Kubernetes. Experience in using More ❯

with other teams to drive improvements in security across our entire organisation. What you'll have: Excellent security and technology background Strong understanding of web application security concepts, including OWASP Top 10 vulnerabilities, secure coding practices, and application security testing tools Experience with security tools and technologies, such as web application firewalls (WAFs), and static and dynamic application security testing More ❯

Experience working with ISO 27001, Cyber Essentials, and preferably NIST CSF, SOC 2, or SWIFT frameworks. Strong understanding of security in the context of software development and application security (OWASP, SDLC, DevSecOps). Hands-on, pragmatic approach with the ability to operate in a lean, fast-paced environment. Excellent communication skills, with the ability to engage both technical and non More ❯

experience in mobile application development, with proficiency in Kotlin or Android SDK A solid understanding of security protocols, encryption, and authentication mechanisms Knowledge of relevant security frameworks, such as OWASP MASVS Expertise implementing and bypassing controls like certificate pinning, facial recognition, and biometric authentication controls Experience with secure coding practices and familiarity with industry standards (e.g., ISO 27001, NIST) Background More ❯

experience in InfoSec within fintech, SaaS, or regulated tech environments. Deep knowledge of cloud (AWS), DevSecOps, and secure SDLC practices. Strong understanding of compliance frameworks (PCI, GDPR, NIST, ISO, OWASP). Proven ability to manage audits, incidents, cross-functional teams, and regulators. Excellent interpersonal, leadership, and cross-functional collaboration skills. Demonstrated ability to operate effectively in a flat, fast-paced More ❯

record of successes. Understanding of security compliance standards relevant to the SaaS industry, such as PCI, GDPR, ISO 27001, SOC2, NIST. An understanding of application security principals, best practices, OWASP/related standards. Knowledge of security frameworks & controls, hardening standards & security best practices. An understanding of network protocols & practices, firewalls, intrusion detection/prevention systems and WAFs. We look for More ❯

record of successes. Understanding of security compliance standards relevant to the SaaS industry, such as PCI, GDPR, ISO 27001, SOC2, NIST. An understanding of application security principals, best practices, OWASP/related standards. Knowledge of security frameworks & controls, hardening standards & security best practices. An understanding of network protocols & practices, firewalls, intrusion detection/prevention systems and WAFs. We look for More ❯

experience Minimum 10 years of experience in cybersecurity, preferably in enterprise or financial environments Strong knowledge of: IAM, PKI, network & platform security, application security, CI/CD security automation, OWASP, SAST/DAST Familiar with security frameworks (e.g. ISO 27001, NIST, DORA, GDPR) Able to bridge the gap between business objectives and technical solutions Languages: Professional level of English is More ❯

contribute to the security engineering of our Salesforce platform especially in the context of APEX code , API design, and secure development lifecycle. Apply the DSOMM (DevSecOps Maturity Model) and OWASP security principles to assess and uplift Salesforce security maturity. Own and improve pipeline security including static code analysis (SAST), dynamic application security testing (DAST), dependency checks, and secure deployment patterns. … understanding of how engineering and security intersect. Strong grasp of secure coding practices and experience running DAST/SAST on Salesforce environments. Exposure to or working knowledge of DSOMM , OWASP, and threat modelling methodologies. Experience integrating security into CI/CD pipelines , especially in complex enterprise platforms. Ability to approach platform security from an engineering-first mindset , not just compliance. More ❯

contribute to the security engineering of our Salesforce platform especially in the context of APEX code , API design, and secure development lifecycle. Apply the DSOMM (DevSecOps Maturity Model) and OWASP security principles to assess and uplift Salesforce security maturity. Own and improve pipeline security including static code analysis (SAST), dynamic application security testing (DAST), dependency checks, and secure deployment patterns. … understanding of how engineering and security intersect. Strong grasp of secure coding practices and experience running DAST/SAST on Salesforce environments. Exposure to or working knowledge of DSOMM , OWASP, and threat modelling methodologies. Experience integrating security into CI/CD pipelines , especially in complex enterprise platforms. Ability to approach platform security from an engineering-first mindset , not just compliance. More ❯

contribute to the security engineering of our Salesforce platform especially in the context of APEX code , API design, and secure development lifecycle. Apply the DSOMM (DevSecOps Maturity Model) and OWASP security principles to assess and uplift Salesforce security maturity. Own and improve pipeline security including static code analysis (SAST), dynamic application security testing (DAST), dependency checks, and secure deployment patterns. … understanding of how engineering and security intersect. Strong grasp of secure coding practices and experience running DAST/SAST on Salesforce environments. Exposure to or working knowledge of DSOMM , OWASP, and threat modelling methodologies. Experience integrating security into CI/CD pipelines , especially in complex enterprise platforms. Ability to approach platform security from an engineering-first mindset , not just compliance. More ❯

contribute to the security engineering of our Salesforce platform especially in the context of APEX code , API design, and secure development lifecycle. Apply the DSOMM (DevSecOps Maturity Model) and OWASP security principles to assess and uplift Salesforce security maturity. Own and improve pipeline security including static code analysis (SAST), dynamic application security testing (DAST), dependency checks, and secure deployment patterns. … understanding of how engineering and security intersect. Strong grasp of secure coding practices and experience running DAST/SAST on Salesforce environments. Exposure to or working knowledge of DSOMM , OWASP, and threat modelling methodologies. Experience integrating security into CI/CD pipelines , especially in complex enterprise platforms. Ability to approach platform security from an engineering-first mindset , not just compliance. More ❯

contribute to the security engineering of our Salesforce platform especially in the context of APEX code , API design, and secure development lifecycle. Apply the DSOMM (DevSecOps Maturity Model) and OWASP security principles to assess and uplift Salesforce security maturity. Own and improve pipeline security including static code analysis (SAST), dynamic application security testing (DAST), dependency checks, and secure deployment patterns. … understanding of how engineering and security intersect. Strong grasp of secure coding practices and experience running DAST/SAST on Salesforce environments. Exposure to or working knowledge of DSOMM , OWASP, and threat modelling methodologies. Experience integrating security into CI/CD pipelines , especially in complex enterprise platforms. Ability to approach platform security from an engineering-first mindset , not just compliance. More ❯

contribute to the security engineering of our Salesforce platform especially in the context of APEX code , API design, and secure development lifecycle. Apply the DSOMM (DevSecOps Maturity Model) and OWASP security principles to assess and uplift Salesforce security maturity. Own and improve pipeline security including static code analysis (SAST), dynamic application security testing (DAST), dependency checks, and secure deployment patterns. … understanding of how engineering and security intersect. Strong grasp of secure coding practices and experience running DAST/SAST on Salesforce environments. Exposure to or working knowledge of DSOMM , OWASP, and threat modelling methodologies. Experience integrating security into CI/CD pipelines , especially in complex enterprise platforms. Ability to approach platform security from an engineering-first mindset , not just compliance. More ❯

contribute to the security engineering of our Salesforce platform especially in the context of APEX code , API design, and secure development lifecycle. Apply the DSOMM (DevSecOps Maturity Model) and OWASP security principles to assess and uplift Salesforce security maturity. Own and improve pipeline security including static code analysis (SAST), dynamic application security testing (DAST), dependency checks, and secure deployment patterns. … understanding of how engineering and security intersect. Strong grasp of secure coding practices and experience running DAST/SAST on Salesforce environments. Exposure to or working knowledge of DSOMM , OWASP, and threat modelling methodologies. Experience integrating security into CI/CD pipelines , especially in complex enterprise platforms. Ability to approach platform security from an engineering-first mindset , not just compliance. More ❯

maturity frameworks such as DSOMM, including hands-on delivery (code, configuration, documentation, tooling) Designing, building, operate, monitoring secure solutions across complex platforms Ensuring internal and industry security standards (e.g. OWASP CI/CD, SAMM) are adhered to across systems Managing and improving cloud security posture (Azure Defender, Prisma Cloud etc) Implementing and optimising observability platforms for holistic system monitoring Supporting … software estates, including deployment pipelines, rollback strategies, and uptime monitoring Practical experience building automated security test suites into CI/CD workflows Familiarity with security frameworks such as DSOMM, OWASP, and SAMM Suitability: This role is a technical hands-on security engineering role, it is NOT GRC focused. It would be well-suited to experienced Security Engineers or Developers with … annual leave with buy/sell options + Private healthcare + Extensive Wellbeing services and employee discounts Key Technical Terms Security Engineering, Cybersecurity Engineer, Information Security Specialist, Salesforce, Azure, OWASP CI/CD, DSOMM, SAMM, Cloud Security Posture Management, Prisma Cloud, Azure Defender, Snyk, Checkmarx, OpenZAP, Qualys, DAST, SAST, CI/CD, Infrastructure Security, Auth0, Secure APIs, Networking Protocols, DevSecOps More ❯

contribute to the security engineering of our Salesforce platform especially in the context of APEX code , API design, and secure development lifecycle. Apply the DSOMM (DevSecOps Maturity Model) and OWASP security principles to assess and uplift Salesforce security maturity. Own and improve pipeline security including static code analysis (SAST), dynamic application security testing (DAST), dependency checks, and secure deployment patterns. … understanding of how engineering and security intersect. Strong grasp of secure coding practices and experience running DAST/SAST on Salesforce environments. Exposure to or working knowledge of DSOMM , OWASP, and threat modelling methodologies. Experience integrating security into CI/CD pipelines , especially in complex enterprise platforms. Ability to approach platform security from an engineering-first mindset , not just compliance. More ❯

record of successes. Knowledge of security compliance standards relevant to the SaaS industry, such as PCI, GDPR, ISO 27001, SOC2, NIST. An understanding of application security principles, best practices, OWASP/related standards. Some knowledge/experience in scoping/undertaking internal pen testing and creation of external penetration testing scopes. Knowledge of security frameworks & controls, hardening standards & security best More ❯

with securing network and enterprise cloud applications - ideally GCP, Azure or AWS You have strong knowledge of security frameworks, such as ISO/IEC 27001, NIST 800-53 or OWASP You have knowledge of host hardening, auditing, logging and monitoring, network security, SEIM deployments, security analytics, anomaly detections, PKI You have proven implementation of cloud security models, particularly identity, network More ❯

with GRC (Governance, Risk, and Compliance) and SA&A (Security Assessment & Authorization) tools such as Archer, or similar platforms. Familiarity with cloud compliance requirements and privacy regulations. Knowledge of OWASP Top 10 and modern application security best practices. Understanding of adversary TTPs (Tactics, Techniques, and Procedures) and frameworks such as MITRE ATT&CK. Ability to work independently and manage priorities More ❯

suit your work/life balance. Qualifications 8+ years of experience in IoT security, preferably in the medical device or the pharmaceutical industry. Proficiency in security frameworks (e.g., NIST, OWASP, MITRE ATT&CK, PASTA, STRIDE) and standards such as FDA cybersecurity guidance. Experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and determining residual More ❯