1 to 25 of 28 Remote Static Application Security Testing Jobs in England

London, United Kingdom Posted on 24/02/2025 Job Description: Security Testing Engineer Location: Remote with occasional travel as required Employment Type: Permanent About the Role Scrumconnect Consulting is looking for a Security Testing Engineer to ensure the security, resilience, and compliance of … GOV.UK digital services . This role involves identifying vulnerabilities, mitigating security risks, and ensuring adherence to government security policies and DDAT frameworks . You will work closely with developers, security architects, and business stakeholders to embed security testing into Agile development workflows and DevSecOps pipelines. … comprehensive security test plans for GOV.UK digital services. Identify security vulnerabilities through static and dynamic application security testing (SAST & DAST) . Ensure security testing is seamlessly integrated into CI/CD pipelines and DevSecOps processes. Define security requirements and best practices More ❯

SOFTWARE APPLICATION SECURITY ENGINEER £90,000 + 15% Bonus + Excellent Staff Benefits including Strong Pension, Life Assurance Hybrid Working ( 2 Days per Week Onsite ) An interesting opportunity has presented itself within one of the UKs largest Independent Software Based Organisations who are one of a major driving … forces behind Innovative Development of Enterprise-Led Internet Technology. They are now looking for an Application Security Engineer to join their existing & high performing In - House Security Team of 35 Staff including SOC & Cyber Analysts through to Experienced Cyber Security Engineers & Security Architects. As an … AppSec Engineer you will focus on the technical side of IT Security, specifically looking at Application Security & Code Analysis, ensuring their Applications are Built Securely. The Information & Cyber Security Team deal with the Security of Closed-Sourced, Open-Source & In-House Developed Applications ensuring that More ❯

A Senior Information Security Specialist, who will focus on the technical side of IT Security, specifically looking at application security and code analysis to ensure applications are built securely. The application security team deals with the security of closed source, open source, and … that is secure and compliant with the Company's regulatory obligations. You will be working closely with the software development function to ensure that application-based vulnerabilities are understood and mitigated. It is therefore important that you possess an understanding of the Secure Software Development Lifecycles and the assessment … of code. This role is part of the broader Information Security department, which is comprised of engineers and analysts with varying backgrounds. Collectively, the team utilises enterprise and bespoke tooling to identify and mitigate threats to safeguard the Business. This role is eligible for inclusion in the Company's More ❯

Who we are looking for A Senior Information Security Specialist, who will focus on the technical side of IT Security, specifically looking at application security and code analysis to ensure applications are built securely. The application security team deal with the security of … that is secure and compliant with the Company’s regulatory obligations. You will be working closely with the software development function, to ensure that application based vulnerabilities are understood and mitigated. It is therefore important that you possess an understanding of the Secure Software Development Lifecycles and the assessment … of code. This role is part of the broader Information Security department, which is comprised of engineers and analysts with varying backgrounds. Collectively, the team utilises enterprise and bespoke tooling to identify and mitigate threats to safeguard the Business. This role is eligible for inclusion in the Company’s More ❯

Who we are looking for A Senior Information Security Specialist, who will focus on the technical side of IT Security, specifically looking at application security and code analysis to ensure applications are built securely. The application security team deal with the security of … that is secure and compliant with the Company’s regulatory obligations. You will be working closely with the software development function, to ensure that application based vulnerabilities are understood and mitigated. It is therefore important that you possess an understanding of the Secure Software Development Lifecycles and the assessment … of code. This role is part of the broader Information Security department, which is comprised of engineers and analysts with varying backgrounds. Collectively, the team utilises enterprise and bespoke tooling to identify and mitigate threats to safeguard the Business. This role is eligible for inclusion in the Company’s More ❯

Application Security Consultant (AppSec) Permanent Role Fully Remote Up to £80K per annum Are you a skilled application security professional with a strong grasp of cloud-native development and a passion for safeguarding software systems? Join an innovative cyber security consultancy working at the forefront … of resilience, supporting clients across the military, government, finance, and tech sectors. As an Application Security Consultant, you'll be the go-to expert on software-level threats and controls. You'll play a key role in embedding security within cloud-native development environments-particularly AWS-by … development teams in secure coding best practices through workshops, threat modelling, and code reviews. Define and enforce security checkpoints across the DevOps lifecycle (SAST, DAST, SCA). Champion secure API design, including robust authentication, authorisation, and validation techniques. Identify and mitigate security vulnerabilities through reviews and penetration test More ❯

UK based, primarily remote working with some travel required to our London Office. Sponsorship is not available for this role. What you will do: Security Integration in CI/CD Pipelines: Implement security controls within CI/CD pipelines using automation and best practices, ensuring vulnerabilities are caught … Incident Response: Develop and maintain monitoring systems and respond to security incidents quickly and effectively. Automated Security Testing: Integrate and manage SAST, DAST, and other security testing tools to identify security issues in code and applications. Compliance and Governance: Develop and manage Azure policies … such as vulnerability scanners, intrusion detection systems, & security information & event management (SIEM) solutions. Knowledge of container management with Azure Container Registry. Experience in SAST, DAST & other techniques to improve code security Desirable: Proficiency in scripting, preferably with PowerShell. Understanding of DotNet development and deployment pipelines. Experience working with More ❯

Principal Product Security Engineer Apply locations CZ - Prague UK - London time type Full time posted on Posted 6 Days Ago job requisition id JR103958 Our Product Security team is seeking a Principal Product Security Engineer to define and lead a secure development strategy and approach in a … fast-paced, agile development environment. You will be responsible for defining and driving security-related initiatives in collaboration with internal stakeholders. You will bring a wealth of technical expertise and industry experience spanning application security, cloud security, DevSecOps and CI/CD. The ideal candidate for … experience with secure software development lifecycle, security testing, vulnerability management. Experience with cloud technologies (AWS, Azure), security testing and automation (SAST, DAST, SCA), and AI/ML technologies. Deep understanding of DevSecOps principles and agile development. Knowledge of secure architecture and design principles, industry standards (NIST More ❯

My growing defence client is seeking a Security Engineer. You'll join a leading organisation that develops cutting edge products and technology. Role Purpose You'll own the security posture across our client's product portfolio—encompassing software, hardware, and services—by embedding robust security controls throughout … vulnerability scans; validate fixes. Oversee third-party security assessments as required. Continuous Improvement Drive security tooling and automation (CI/CD integration, SAST/DAST). Stay ahead of emerging threats and security technologies; evangelise best practices across teams. Qualifications & Experience Proven experience (5+ years) in product … series) and Defence Standards (JSPs, Def Stan 05-138/139). Hands-on experience with security testing tools and techniques (SAST, DAST, penetration testing). Eligible for UK SC clearance; right to work in the UK. Why Join? You'll Gain exposure to cutting-edge defence More ❯

consistently updating our job descriptions to ensure we continue to lead in banking innovation. How you will contribute and key responsibilities: As a Senior Security Engineer, you will be instrumental in designing and implementing security measures for our mobile applications, services, and websites to meet the highest security standards. Your expertise will help us continuously analyse and improve our security systems, ensuring that our products and services are not only secure by design but also comply with internal and external regulatory requirements. Other responsibilities include: Security Analysis and Improvement: Continuously analyse our security systems … and monitoring, networks, firewalls, load balancers, DNS, CDNs Working knowledge of agile DevSecOps environments, and CI/CD (Git, Concourse, Terraform) Working knowledge of SAST, DAST, RASP, and IAST tools and building security into existing SDLC processes Knowledge of cloud Security Architecture of public clouds (such as AWS More ❯

this position, you'll spearhead Cyber projects with plans to build your own team in 2025 The role combines two dynamic elements: Core IT Security: Leverage your deep technical expertise to maintain the security of our infrastructure, servers, and systems. From leading our Managed Security Service Providers … all new systems and services. Drive application and platform security by conducting penetration tests, running audits, and managing automated scans like SCA, SAST, and DAST. Maintain a strong Cloud Security Posture by continuously improving infrastructure, processes, and policies. Risk & Compliance Own vulnerability and threat management, identify risks … VNets, application gateways, private and service endpoints, and firewalls. Secure Software Development: Deep experience implementing effective secure coding practices (e.g., OWASP Top 10, SAST, DAST, SonarCloud). You can seamlessly integrate security into the SDLC with a shift-left approach. Cloud Security Tools: Practical experience with Azure More ❯

London-based Quant Trading fund is looking for a Senior Security Architect to influence architecture and lead strategic security projects during a period of rapid expansion. The incoming Security Architect will work with IT, cloud, and engineering teams to implement security solutions for low-latency systems … and multi-cloud platforms (AWS and Azure). Whilst this is predominantly a security architecture role, the incoming architect will perform an advisor/consulting role, helping to guide and influence technology stakeholders to build secure and robust systems. Role and Responsibilities: Support the implementation of security controls … environments Perform vendor security reviews to assess third-party security practices and ensure compliance with standards Integration of security scanning tools (SAST, DAST, etc.) into CI/CD pipelines and runtime environments to ensure continuous security monitoring and threat detection across Cloud - AWS, Azure, and on More ❯

London-based Quant Trading fund is looking for a Senior Security Architect to influence architecture and lead strategic security projects during a period of rapid expansion. The incoming Security Architect will work with IT, cloud, and engineering teams to implement security solutions for low-latency systems … and multi-cloud platforms (AWS and Azure). Whilst this is predominantly a security architecture role, the incoming architect will perform an advisor/consulting role, helping to guide and influence technology stakeholders to build secure and robust systems. Role and Responsibilities: Support the implementation of security controls … environments Perform vendor security reviews to assess third-party security practices and ensure compliance with standards Integration of security scanning tools (SAST, DAST, etc.) into CI/CD pipelines and runtime environments to ensure continuous security monitoring and threat detection across Cloud - AWS, Azure, and on More ❯

About Us Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks. The company acquired Secureworks in February 2025, bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure … with internal product and engineering teams to identify potential issues in product designs. Assist in the adoption of shared cybersecurity services such as SCA, SAST, and DAST. Participate in the development and adoption of new standards and policies. Impart education to key stakeholders from both technology and business teams regarding … SSDF, ASVS, and other cybersecurity frameworks. Knowledge of cryptographic techniques and implementations. Familiarity with security tooling used to support a SSDLC (SCA/SAST/DAST/container scanning). A strong desire to stay current and understand emerging technologies and risks. Strong project management skills to drive and More ❯

e.g. Java, Go or Python Developing of RESTful API services & understanding of API Gateways (e.g. APIGEE) Building applications utilising container technologies e.g. Docker Managing application deployed to Kubernetes clusters, Istio & Helm Cloud: GCP, GKE, IaC (Terraform) Build Tools & DevOps principles: Git, Maven, Jenkins CI/CD, Nexus, SonarQube It … Experience in Spring Boot and Hibernate Experience of building microservice architecture and event driven systems Experience in Test automation: BDD, mocking, contract testing, Sast Exposure to web technologies, data tooling & infrastructure/networking About working for us Our focus is to ensure we're inclusive every day, building an More ❯

e.g. Java, Go or Python Developing of RESTful API services & understanding of API Gateways (e.g. APIGEE) Building applications utilising container technologies e.g. Docker Managing application deployed to Kubernetes clusters, Istio & Helm Cloud: GCP, GKE, IaC (Terraform) Build Tools & DevOps principles: Git, Maven, Jenkins CI/CD, Nexus, SonarQube It … Experience in Spring Boot and Hibernate Experience of building microservice architecture and event driven systems Experience in Test automation: BDD, mocking, contract testing, Sast Exposure to web technologies, data tooling & infrastructure/networking About working for us Our focus is to ensure we're inclusive every day, building an More ❯

e.g. Java, Go or Python Developing of RESTful API services & understanding of API Gateways (e.g. APIGEE) Building applications utilising container technologies e.g. Docker Managing application deployed to Kubernetes clusters, Istio & Helm Cloud: GCP, GKE, IaC (Terraform) Build Tools & DevOps principles: Git, Maven, Jenkins CI/CD, Nexus, SonarQube It … Experience in Spring Boot and Hibernate Experience of building microservice architecture and event driven systems Experience in Test automation: BDD, mocking, contract testing, Sast Exposure to web technologies, data tooling & infrastructure/networking About working for us Our focus is to ensure we're inclusive every day, building an More ❯

e.g. Java, Go or Python Developing of RESTful API services & understanding of API Gateways (e.g. APIGEE) Building applications utilising container technologies e.g. Docker Managing application deployed to Kubernetes clusters, Istio & Helm Cloud: GCP, GKE, IaC (Terraform) Build Tools & DevOps principles: Git, Maven, Jenkins CI/CD, Nexus, SonarQube It … Experience in Spring Boot and Hibernate Experience of building microservice architecture and event driven systems Experience in Test automation: BDD, mocking, contract testing, Sast Exposure to web technologies, data tooling & infrastructure/networking About working for us Our focus is to ensure we're inclusive every day, building an More ❯

e.g. Java, Go or Python Developing of RESTful API services & understanding of API Gateways (e.g. APIGEE) Building applications utilising container technologies e.g. Docker Managing application deployed to Kubernetes clusters, Istio & Helm Cloud: GCP, GKE, IaC (Terraform) Build Tools & DevOps principles: Git, Maven, Jenkins CI/CD, Nexus, SonarQube It … Experience in Spring Boot and Hibernate Experience of building microservice architecture and event driven systems Experience in Test automation: BDD, mocking, contract testing, Sast Exposure to web technologies, data tooling & infrastructure/networking About working for us Our focus is to ensure we're inclusive every day, building an More ❯

CI/CD patterns suitable for various archetypes (SaaS, Product-Led, Service-Led) and architectures (micro-service, monolithic, layered). Integrating security scans (SAST, SCA, container) and comprehensive testing (unit, functional, integration) within pipelines. Skills & Experience: Strong proficiency with Git Version Control, GitHub Enterprise, and GitHub Actions. Experience … skills and experience and want to hear more about this role 'apply now' to declare your interest in this opportunity with our client. Your application will be observed by our dedicated team. We will respond to all successful applicants ASAP however, please be advised that we will always look More ❯

with agile scrum processes Cost optimization design for solutions Experience with core technical integrations with security and change management tooling such as SNOW, SAST/DAST tooling. Strong communicator and being able to interact with a range of stakeholders such as engineering teams and senior management. Key Skills/… we will reply as soon as possible. Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment … single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds. More ❯

with agile scrum processes Cost optimization design for solutions Experience with core technical integrations with security and change management tooling such as SNOW, SAST/DAST tooling Strong communicator and able to interact with a range of stakeholders such as engineering teams and senior management Key Skills/Experience … we will reply as soon as possible. Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment More ❯

agile scrum processes Cost optimization design for solutions Experience with core technical integrations with security and change management tooling such as SNOW and SAST/DAST tooling. Strong communicator and being able to interact with a range of stakeholders such as engineering teams and senior management. The most exciting More ❯

security hardening: Audit React, GraphQL and FastAPI layers to eliminate XSS/CSRF and strengthen CSP Static analysis remediation: Triage and address SAST findings RBAC rollout: Finalise and implement role-based access controls Audit logging: Structure and surface user action logs in the app 💻 Tech Stack Frontend: React … Apollo GraphQL Backend: FastAPI (Python) Infra/Security: GitHub Actions, SAST tools, Auth0 (or equivalent), RBAC, CSP ✅ What We’re Looking For Must-haves: 5+ years building production-grade web apps (React + Python) CI/CD experience with microservices Hands-on with modern auth providers (Auth0, Kinde, Okta … a must Bonus points for: Experience migrating to managed auth Exposure to Kubernetes, Terraform or Helm Working in early-stage, high-growth startups under security constraints 💬 How We Work You’ll ship iteratively, demo weekly, and document your work for long-term sustainability. We value clean code, proactive ownership More ❯

security hardening: Audit React, GraphQL and FastAPI layers to eliminate XSS/CSRF and strengthen CSP Static analysis remediation: Triage and address SAST findings RBAC rollout: Finalise and implement role-based access controls Audit logging: Structure and surface user action logs in the app 💻 Tech Stack Frontend: React … Apollo GraphQL Backend: FastAPI (Python) Infra/Security: GitHub Actions, SAST tools, Auth0 (or equivalent), RBAC, CSP ✅ What We’re Looking For Must-haves: 5+ years building production-grade web apps (React + Python) CI/CD experience with microservices Hands-on with modern auth providers (Auth0, Kinde, Okta … a must Bonus points for: Experience migrating to managed auth Exposure to Kubernetes, Terraform or Helm Working in early-stage, high-growth startups under security constraints 💬 How We Work You’ll ship iteratively, demo weekly, and document your work for long-term sustainability. We value clean code, proactive ownership More ❯