bristol, south west england, United Kingdom Hybrid / WFH Options
Matchtech
ISO/IEC 27001/2, ISO27005/31000, NIST 800-30, NIST 800-53. Strong understanding of security standards and frameworks including OWASP, Secure by Design principles, and MOD-specific guidelines (e.g., JSP, Def Stan 05-138/139). Familiarity with HMG security principles and assurance frameworks More ❯
documentation, and service levels Minimum Requirements: 3-5 years' experience in DevSecOps or related roles Knowledge and working experience of security frameworks and tools - OWASP, Snyk, etc. Good team player and able to work on own initiative Proven experience in mentoring other team members Proven ability of establishing strong, effective More ❯
West Midlands, United Kingdom Hybrid / WFH Options
Arthur J. Gallagher & Co
experience in an IT (Helpdesk/IT Support) with a solid understanding of networking, Windows Active Directory, and Windows/Linux systems. Knowledge of OWASP vulnerabilities and experience in webapp and infrastructure pentesting. Must have or be working towards OSCP/CRT or equivalent. Enthusiastic about cybersecurity, excellent communication skills More ❯
of i nformation security audit and assurance Familiarity with formal information security frameworks and certifications such as SOC 2 , ISO27001 , CE+, CIS top 20, OWASP Experience with contract review of information security schedules and terms Excellent verbal, written and interpersonal communication skills. Listens and communicates technical subjects to both technical More ❯
Non-Functional Security Testing Conduct penetration testing, API security testing, and infrastructure security assessments . Perform risk-based security testing to identify and mitigate OWASP Top Ten vulnerabilities . Validate the effectiveness of security controls such as RBAC (Role-Based Access Control), MFA (Multi-Factor Authentication), and API security mechanisms … cases, methodologies, and tools used . Required Skills & Experience Proven experience in security testing for web applications, APIs, and cloud environments. Strong knowledge of OWASP Top Ten, CVE vulnerabilities, and threat modeling techniques . Hands-on experience with security testing tools such as OWASP ZAP, Burp Suite, Nessus, Metasploit, Nikto More ❯
also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ) Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2) Working More ❯
experience with AWS and Cloudflare and be comfortable working with Infrastructure as Code tools like Terraform. A strong understanding of common vulnerabilities and the OWASP Top 10 is essential, as is the ability to write and review code in Python, Scala or Go. Working on mobile-first platforms will also More ❯
Nice-to-Have (But Not Required) : • Exposure to tools like Wireshark, Nmap, Burp Suite, or Splunk • Basic scripting (Python, Bash, or PowerShell) • Knowledge of OWASP Top 10 or CIS benchmarks • Personal/home lab or project (even simulated) Perks & Benefits : • 1:1 mentorship from cybersecurity professionals • Real-world exposure to More ❯
Nice-to-Have (But Not Required) : • Exposure to tools like Wireshark, Nmap, Burp Suite, or Splunk • Basic scripting (Python, Bash, or PowerShell) • Knowledge of OWASP Top 10 or CIS benchmarks • Personal/home lab or project (even simulated) Perks & Benefits : • 1:1 mentorship from cybersecurity professionals • Real-world exposure to More ❯
Nice-to-Have (But Not Required) : • Exposure to tools like Wireshark, Nmap, Burp Suite, or Splunk • Basic scripting (Python, Bash, or PowerShell) • Knowledge of OWASP Top 10 or CIS benchmarks • Personal/home lab or project (even simulated) Perks & Benefits : • 1:1 mentorship from cybersecurity professionals • Real-world exposure to More ❯
Core Skills & Experience: Proven experience in secure system design, architecture, and cyber resilience. Strong knowledge of current cyber threats, vulnerabilities, and mitigation strategies (including OWASP). Expertise across infrastructure, network, application, and cloud security architecture. Excellent stakeholder engagement skills – able to influence, guide, and advise senior leaders. Familiarity with securityMore ❯
Core Skills & Experience: Proven experience in secure system design, architecture, and cyber resilience. Strong knowledge of current cyber threats, vulnerabilities, and mitigation strategies (including OWASP). Expertise across infrastructure, network, application, and cloud security architecture. Excellent stakeholder engagement skills – able to influence, guide, and advise senior leaders. Familiarity with securityMore ❯
managing a bug bounty program is a plus but not required). 3 years experience manual Web App testing experience. Strong technical knowledge of OWASP top 10. Comfortable using security testing tools including Burpsuite. Excellent written and verbal communication skills. Experience using frameworks such as CVSS. Self-motivated and able More ❯
Experience with API development (SOAP, RESTful) and databases (e.g., MS SQL Server, Oracle Endeca). Expertise in web performance optimization and secure development practices (OWASP). Knowledge of relational databases (e.g., MS SQL Server) and document-oriented databases (e.g., Oracle Endeca). More ❯
testing activities •Building and leading effective security teams Excellent technical expertise in: •Application and infrastructure security principles •Frameworks & methodologies such as CVSS, CIS Benchmarking, OWASP Beneficial qualifications include: •CISSP •CISA At WTW, we believe difference makes us stronger. We want our workforce to reflect the different and varied markets we More ❯
Who You Are You are an expert with skills in: Designing secure systems and enabling risk-based decisions. Knowledge of current cyber threats and OWASP standards. Specifying security controls across various architectures. Writing actionable cyber security advice and delivering training. Security Clearance You must meet the requirements for achieving SecurityMore ❯
ISN 23/09 Secure by Design Knowledge of security frameworks, such as ISO/IEC 27001, NIST 800-30, NIST 800-53 or OWASP Working with risk management frameworks and methodologies (e.g., ISO 27001/2, ISO27005/31000, NIST 800-30, NIST 800-53) If this all sounds More ❯
similar, web servers. Experience in developing secure frontend code (strong understanding of common security vulnerabilities like cross-site scripting, cross-site request forgery, other OWASP risks and best practices for testing & mitigating them) Good understanding of frontend-backend integration, e.g. familiarity with AJAX or other methods for making asynchronous backend More ❯
Reading, Berkshire, South East, United Kingdom Hybrid / WFH Options
Bowerford Associates
essential. Experience working with security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency check, OWASP Top10 testing, application threat modelling. In-depth experience working in an Agile software development environment, with classic applications as well as microservices, using modern code … Design, Architecture, Software Development, Engineering, DevOps, InfoSec, Security, Security Strategy, Best Practice, Programming, Code, C++, C#, C, .NET Core, Java, JavaScript, Node.js, Angular, React, OWASP, Agile, Application Threat Modelling, Security Policy, Security Controls, ISO 27001, NIST, GDPR, Cloud, Azure. Please note that due to a high level of applications, we More ❯
Manchester, Lancashire, United Kingdom Hybrid / WFH Options
The MRJ Group
Competitive salary available upon request Hybrid working from a Manchester office (must be based in the UK without visa/sponsorship requirements) Permanent We are awaze, the largest managed vacation rentals and holiday resorts business in Europe, which brings together More ❯
SDLC) processes Works with engineering and development team to ensure in-house technologies comply with relevant security standards, regulations, and industry certifications, such as OWASP, CIS, PCI-DSS, ISO27001 to ensure security is prioritised throughout the development lifecycle Maintains current understanding of policy, regulations, and compliance standards that affect assigned … senior technology and information security executives and in influencing stakeholders to achieve strategic objectives Experience in working with industry frameworks and standards such as OWASP, PCIDSS, ISO27001/27002, CIS and NIST Information Security (CISSP, CISA, Security +) and cloud certification (preferably GCP/AWS) What’s In It For More ❯
