17 of 17 Static Application Security Testing Jobs in England

Senior Cyber Security Analyst (OWASP/SAST/DAST - Banking Client Application Security | Secure Design | Threat Modelling | DevSecOps Locations: London | Paris | Brussels | Amsterdam Rate: Flexible Duration: 12 months We are looking for a Cyber Security Analyst specialising in Application Security and Secure Architecture … implementing secure coding practices aligned with OWASP guidelines . Security Testing & DevSecOps Define and review security testing activities including SAST, DAST and software composition analysis (SCA) . Work with engineering teams to integrate security scanning into CI/CD pipelines . Analyse vulnerability scan results ...

practices, assess vulnerabilities, and strengthen our application security posture. Day-to-day of the role: Manage and optimise SCA (Software Composition Analysis), SAST (Static Application Security Testing), and DAST (Dynamic Application Security Testing) tooling to ensure effective scanning and remediation. Support … progress and highlight gaps. Required Skills & Qualifications: In-depth knowledge of web application security (OWASP Top 10) and experience with SCA, SAST, and DAST tools. A degree in Computer Science, Information Security, or a related discipline (STEM preferred) or demonstrable experience. Experience in software development ...

development practices to their processes, to assess vulnerabilities, and strengthen their application security posture. The role will involve: Managing and optimising SCA, SAST, and DAST tooling to ensure effective scanning and remediation. Supporting engineering teams with triage, vulnerability management, and secure coding best practices. Ensuring adherence … someone who has the following experience and knowledgebase: - In-depth knowledge of web application security ( OWASP Top 10 ) and experience with SCA, SAST, and DAST tools. A degree in Computer Science, Information Security, or a related discipline ( STEM preferred ) or demonstrable experience. Experience in software development ...

development practices to their processes, to assess vulnerabilities, and strengthen their application security posture. The role will involve: Managing and optimising SCA, SAST, and DAST tooling to ensure effective scanning and remediation. Supporting engineering teams with triage, vulnerability management, and secure coding best practices. Ensuring adherence … someone who has the following experience and knowledgebase: - In-depth knowledge of web application security ( OWASP Top 10 ) and experience with SCA, SAST, and DAST tools. A degree in Computer Science, Information Security, or a related discipline ( STEM preferred ) or demonstrable experience. Experience in software development ...

Cloudflare Chef , Ansible and Redhat IDM Docker (Dockerfile, docker-compose, docker-cli) Github Administration, Github Actions (Workflows), AWS Code Build Github Advance Security (SAST, DAST) Awareness about AWS Sec Tools and KMS management Key Duties Github Administration, Github Actions (Workflows), AWS Code BuildSolution Delivery Design, deliver, and support secure … scalable AWS infrastructure using services like EC2, S3, ECS, and FARGATE Security & Compliance Integrate SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) tools into CI/CD pipelines to enforce secure development practices Infrastructure Automation Automate infrastructure provisioning using ...

Role Title: Application Security Specialist Duration: contract to run until 30/11/2026 Location: Knutsford, Hybrid 3 days per week onsite Rate: up to 517.78 p/d Umbrella inside IR35 Role purpose/summary We are looking for an Application Security Specialist … Conduct security reviews, threat modelling, and vulnerability assessments. Support secure coding practices and provide guidance to development teams. Operate security scanning tools (SAST/DAST/IAST). Validate remediation of vulnerabilities and track risk reductions. Contribute to secure design standards and best practices. Work with DevOps ...

Role Title: Application Security Specialist Duration: contract to run until 30/11/2026 Location: Knutsford, Hybrid 3 days per week onsite Rate: up to £517.78 p/d Umbrella inside IR35 Role purpose/summary We are looking for an Application Security Specialist … Conduct security reviews, threat modelling, and vulnerability assessments. Support secure coding practices and provide guidance to development teams. Operate security scanning tools (SAST/DAST/IAST). Validate remediation of vulnerabilities and track risk reductions. Contribute to secure design standards and best practices. Work with DevOps ...

Cloud Security Pre-Sales Consultant - Cloud, Security, AWS, AzureSalary: £60,000 - £65,000 (Depending on Experience)Location: London/Hybrid (willingness to travel on-site required)Company OverviewA forward-thinking and entrepreneurial cloud security company, partnering with major organisations and continuing to grow rapidly, is offering … Zero Trust principles.Network & Infrastructure SecurityCloud-native firewalls, WAFs, VPN, ZTNA, API security fundamentals.Container & DevSecOps SecurityBasic exposure to Kubernetes (AKS, EKS, GKE), container scanning, SAST/DAST, IaC security.SIEM & Endpoint SecuritySplunk, Microsoft Sentinel, Elastic Security, CrowdStrike, Defender XDR.Certifications (Nice to Have, Not Essential)Security+, CySA+, CEH, CCSP, CISM, CISSP ...

best practices. # Expertise in Test Driven Development (TDD) and Behaviour Driven Development (BDD) methodologies for backend services. # Strong appreciation and practical application of architectural standards and processes essential in large-scale organisations. # Extensive experience or deep exposure to the following technologies: o Java o Spring Boot … e.g., IntelliJ IDEA) o Fossa (or similar open-source licence compliance tools) o SonarQube (or similar code quality analysis tools) o Checkmarx (or similar static application security testing tools) o Cycode (or similar software supply chain security platforms) Desirable (not essential) Skills: Software Engineer Back ...

Cloud being advantageous. Developing Infrastructure as Code (IaC) and Configuration Management (CM) using tools such as Terraform and Ansible to enhance infrastructure deployments and security configurations. Applying security best practices and compliance benchmarks to cloud infrastructure with IaC and CM tools, using AWS security services to standardise … Kubernetes, Lambda, EKS, and ECS - with experience of Kubernetes/EKS preferred. Implementing and maintaining security controls within the delivery pipeline, including SAST, vulnerability scanning, and code linting tools. Leveraging AWS services like CloudWatch, Athena, Config and CloudTrail to monitor and help secure cloud infrastructure. Supporting ongoing software development ...

feel at home here. Key Responsibilities Design, build, and maintain enterprise-scale CI/CD pipelines across multi-service environments Integrate build, test, security scanning, and deployment workflows Automate cloud infrastructure using Infrastructure as Code (Terraform preferred) Build and manage container platforms using Docker and Kubernetes (AKS/… Deep Infrastructure as Code expertise (Terraform highly preferred) Kubernetes and container orchestration experience Strong scripting skills (Python, Bash, PowerShell) Good understanding of DevSecOps practices (SAST, DAST, secrets management, code scanning) Excellent troubleshooting and systems integration skills Nice to Have Cloud/DevOps certifications (Azure DevOps Engineer, AWS DevOps ...

work done. What You'll Be Doing: Own the DevOps strategy - Design and implement scalable cloud infrastructure, CI/CD, observability, and security-by-default practices that let engineering ship fast and services accessed safely. Standardise how services are built, provisioned, administered, and managed - Provide clear ways of working … Containers and orchestration (Docker, ECS/EKS), frontend build/release familiarity (Vite, React/Vue), and API gateway patterns. Security tooling integration: SAST/DAST/SCA, dependency governance, SBOMs. Experience with GCP services (e.g., BigQuery, Maps, Vertex) and cross‐cloud identity/networking. Led AI governance ...

maintain CI/CD pipelines and automate build, deployment and environment provisioning. - Monitoring and alerting implementation (Azure Monitoring, App Insights, Log Analytics) - Plan testing and release readiness with engineering team, business and external partners - Work closely with Engineering leads and security team to ensure solutions delivered is aligned … Proven hands-on experience with BICEP and ARM - Experience building and securing CI/CD pipelines in Azure DevOps - Integration of security tooling (SAST, DSAT, dependency scanning, secret scanning) and security remediation planning and execution - Identity and access management - Experience of DevSecOps framework design - Experience of incident response ...

Azure technology estate. This is a hands-on contract opportunity suited to someone with strong Azure DevSecOps expertise who enjoys working collaboratively across engineering, security, cloud operations, and external partners to deliver secure and reliable platforms. Location: London - Hybrid (minimum 3 days per week onsite) Rate: Competitive (dependent …/CD pipelines within Azure DevOps Implement DevSecOps frameworks and best practices across the Azure environment Integrate security tooling into pipelines including SAST, DAST, dependency scanning, and secret scanning Develop and maintain Infrastructure as Code using BICEP and ARM Enable secure, automated, and repeatable deployment pipelines across Azure services ...

DevOps Technical Depth (essential): CI/CD pipeline architecture and integrations Git-based platforms (GitHub, GitLab, Bitbucket) DevSecOps tooling and security integrations SCA, SAST, SBOM management Container security Strong understanding of modern cloud and distributed systems Highly desirable: Background in software development Exposure to MLOps You must … equally credible in front of: Heads of DevOps Platform Engineering teams Security leaders C-level technical stakeholders Why This Role Stands Out Global enterprise exposure Complex, intellectually challenging sales cycles Cutting-edge DevSecOps and software supply chain technology High-calibre peer group Strong career progression potential This ...

observability and incident readiness. Day to day, you can expect to be shipping small, frequent changes using trunk-based development and feature flags, embedding security and quality gates directly into CI, and working with colleagues across Release, QE, and Environments to ensure every deployment is traceable, auditable, and safe. … experience, including progressive delivery techniques such as canary releases, blue/green deployments, and automated rollback Solid grasp of secure-by-design practices: SAST, SCA, DAST, IaC scanning, SBOM, WAF configuration, and pipeline attestations Experience building and managing ephemeral, production-like environments with data-on-demand capability Strong observability skills ...

audit-ready evidence. - Design for ephemeral/data-ready environments (idempotent data, test hooks, parity enforcement). - Embed contract/performance/resilience/security tests in CI; elevate squad testability patterns. - Partner with … Release on SLO/error-budget readiness for go/no-go. Secure by design & compliance as code - Ensure every pipeline has push protection, SAST/SCA/DAST, IaC scanning, and secure defaults; implement WAF requirements for external endpoints; maintain SBOM/pipeline attestations where applicable. Release linked observability ...