1 to 25 of 37 OWASP Jobs in England

Docker and/or Kubernetes Development Practices - Mandatory RESTful API design, development, and life cycle management Secure development - SAST/DAST tooling, code review, OWASP awareness Technical documentation to a high standard On-site in Taunton, Somerset - 2 days per week minimum Desirable Skills & Experience Legacy Windows technologies - Win32 ...

/CD pipelines, version control (Git), and modern deployment practices. Familiarity with security best practices relevant to web and mobile applications (e.g. OWASP Top 10). Excellent communication skills, able to articulate technical decisions clearly to both technical and non-technical stakeholders. Experience working within Agile or cross-functional delivery ...

conducting threat modelling (e.g. STRIDE, attack trees) and risk analysis Strong understanding of security frameworks and best practice such as ISO 27001, NIST, CIS, OWASP, NCSC guidance Experience working in the UK Public Sector and associated security standards and guidance including GovAssure/NCSC CAF, HMG Security Policy Framework. Knowledge ...

conducting threat modelling (e.g. STRIDE, attack trees) and risk analysis Strong understanding of security frameworks and best practice such as ISO 27001, NIST, CIS, OWASP, NCSC guidance Experience working in the UK Public Sector and associated security standards and guidance including GovAssure/NCSC CAF, HMG Security Policy Framework. Knowledge ...

Working with shared/common government tech stacks (Node.js, PostgreSQL, Redis) Investigating and resolving technical issues across the stack Applying secure development practices, including OWASP principles and vulnerability management Collaborating with stakeholders and communicating technical concepts clearly Tech stack includes: Node.js, HAPI (web framework) API development (REST, OpenAPI) PostgreSQL, MongoDB ...

wireless, and mobile security testing. Experience leading security teams and managing the delivery of offensive security engagements. Deep understanding of penetration testing methodologies including OWASP Testing Guide, PTES, and OSSTMM. Experience working within Red Team, Blue Team, and Purple Team environments. Strong knowledge of common attack techniques, threat emulation, vulnerability ...

SAML, OAuth, OpenID Connect, Active Directory, LDAP, ADFS) Secure application development (Java or .NET) Agile delivery environments API-driven architectures Security frameworks and principles (OWASP, NCSC guidance) Data protection and GDPR-compliant design Desirable Experience Defence, central government or highly regulated environments SC cleared environments Data architecture and modern data ...

automated testing using tools such as NUnit, Jasmine and Selenium Good knowledge of SOLID principles Desirable Skills: Containers (docker, K8s) Security best practice (OWASP top ten) OpenIDConnect/Identity server MS SQL Server Azure DevOps, TeamCity Infrastructure as Code (Bicep, ARM templates, Terraform) Please apply now or contact for more ...

decisions aligning with organisational priorities. Desirable Criteria Experience of working in the energy sector. Experience in automated security testing. Experience with frameworks such as OWASP, NIST, ISO 27001, and CAF. Application Security Architect - SC cleared ...

Microsoft Purview • Background in eComm, marketplace, or retail technology • Scripting (Python, PowerShell), Terraform, or detection-as-code experience • Familiarity with NIST CSF, ISO 27001, OWASP LLM Top 10, or similar frameworks What's on Offer for the Security Engineer • Real ownership — a genuine mandate to drive change, with the tooling ...

government standards Writing clean, maintainable, and reusable code/configuration Supporting issue investigation, resolution, and continuous improvement Applying secure development practices, including awareness of OWASP principles Collaborating with stakeholders and clearly communicating technical concepts Tech and environment: Microsoft Power Platform (Power Apps, Power Automate, Dataverse) Integration with wider enterprise systems ...

architecture principles Leading Infrastructure as Code implementation using Bicep Driving CI/CD maturity (Bitbucket preferred) with strict SDK and dependency version control Ensuring OWASP-aligned secure coding practices and GDPR compliance Collaborating with QA to support automated and manual test strategies Documenting architectural decisions (ADRs) and maintaining clear technical ...

ViTest) Contributing to CI/CD pipeline improvements and secure deployment practices Participating in architecture and technical design reviews Ensuring all development aligns with OWASP security best practices Tech Stack & Environment Core technologies: .NET 10/ASP.NET Core Angular 21 (mandatory) DevExpress DevExtreme v25 (mandatory) Entity Framework Core TypeScript/ ...

Awareness of AI/ML in security operations and AI-specific threats (e.g. prompt injection, sensitive-data exposure via GenAI), with awareness of the OWASP LLM Top 10 and MITRE ATLAS. Exposure to cloud detection across Azure, AWS, and/or GCP and to cloud and identity log sources (e.g. ...

management and application monitoring. Knowledge of advanced agent orchestration protocols (eg, A2A communication) and Model Context Protocols (MCPs). Familiarity with secure development frameworks (OWASP, NIST, ISO 27001). Background working in Defence, GovTech, aerospace, or similarly regulated sectors. ...

management and application monitoring. Knowledge of advanced agent orchestration protocols (e.g., A2A communication) and Model Context Protocols (MCPs). Familiarity with secure development frameworks (OWASP, NIST, ISO 27001). Background working in Defence, GovTech, aerospace, or similarly regulated sectors. ...

proficiency Strong communication and coaching abilities Quality-focused mindset Stakeholder management Preferred Skills Testing tools (JUnit, Playwright, Selenium, Cucumber), performance tools (Gatling), security tools (OWASP Zap), containerization (Docker, Kubernetes), cloud (AWS), and accessibility testing (WCAG, Wave, Axe). ...

proficiency Strong communication and coaching abilities Quality-focused mindset Stakeholder management Preferred Skills Testing tools (JUnit, Playwright, Selenium, Cucumber), performance tools (Gatling), security tools (OWASP Zap), containerization (Docker, Kubernetes), cloud (AWS), and accessibility testing (WCAG, Wave, Axe). ...

InsightVM/InsightIDR, SentinelOne, Cloudflare, OneTrust, Microsoft Purview, or KnowBe4 Background in e‐commerce, marketplace, or retail technology Familiarity with NIST CSF, ISO 27001, OWASP LLM Top 10, or similar frameworks What We Offer Remote/hybrid working, UK‐based, with flexible London office presence A clear mandate to drive ...

secure design pattern development Experience designing and applying security controls across cloud and distributed systems Strong understanding of security frameworks and best practices (OWASP, NIST, CIS, etc.) Ability to work closely with engineering teams in fast-paced delivery environments Familiarity with common developer tools (GitLab, Azure DevOps, Terraform, YAML/ ...

strong attention to detail A solid understanding of how web applications work including security, session management, and best development practices Full understanding of the OWASP framework. Enforcement of the framework throughout all coding Create, maintain and coordinate backup mechanisms for the purposes of business continuity while maintaining a high level ...

DAST, and SCA tooling - Snyk, Checkmarx, Semgrep, Burp Suite, or similar Threat modelling - comfortable running sessions with engineering and product teams Solid understanding of OWASP Top 10 and how to actually remediate real-world vulnerabilities API security - REST, GraphQL, and the common attack vectors around them Knowledge of secure SDLC ...

attack types (e.g. SQL injection, phishing, malware) Experience with log analysis and incident investigation Familiarity with Windows and/or Linux environments Understanding of OWASP Top 10 security risks Ability to work in a fast-paced, incident-driven environment Desirable Security certifications such as CompTIA Security+, GIAC GSEC, or ISC2 ...

attack types (e.g. SQL injection, phishing, malware) Experience with log analysis and incident investigation Familiarity with Windows and/or Linux environments Understanding of OWASP Top 10 security risks Ability to work in a fast-paced, incident-driven environment Desirable Security certifications such as CompTIA Security+, GIAC GSEC, or ISC2 ...

direction, embedding automation, and confidently challenging stakeholders and delivery teams. Tech: AWS (Kubernetes), Java/Spring Boot, React, GitLab CI/CD, Playwright, OWASP, Gatling Role: Lead QA strategy and delivery across multiple teams Drive automation and modern QA practices Embed repeatable frameworks and standards Own test planning, risk ...