1 to 25 of 56 OWASP Jobs in London

What will you bring? 7+ years of experience in Product Security, Application Security, or a related security engineering role. Deep expertise in secure software development, secure coding practices, and OWASP Top 10/CWE 25. Strong technical proficiency in modern programming languages (e.g., Python, Java, JavaScript, Go, or C#). Experience with cloud-native security (AWS, Azure, GCP) and securing More ❯

relationship with the VP of TechOps. Responsibilities Security Strategy & Governance - Define and continuously refine the technical security roadmap that aligns with business objectives, industry best practice (e.g., NIST CSF, OWASP SAMM), and compliance frameworks (SOC 2, ISO 27001, GDPR). Secure SDLC & DevSecOps - Build and maintain guardrails for static/dynamic analysis, container and IaC scanning, SBOM management, and supply More ❯

automation testing in an Agile Software environment Close familiarity with some or all of: Network management and optimisation Postgresql Database management and optimisation With common security frameworks CIS, NIST, OWASP Familiarity with Public Cloud Services like AWS GCP Azure Familiarity with co-located physical infrastructure (we're currently hybrid) Solid understanding of Continuous Integration (CI) and Continuous Deployment (CD) Close More ❯

software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards and secure development principles such as NCSC Secure Development & Deployment Guidance, OWASP, NIST Secure Software Development Framework (SSDF - 800-218), Microsoft Azure Secure Development best practices, ISO27001 Experience with Azure cloud infrastructure, particularly Azure PaaS service Experience with Azure DevOps, particularly CI More ❯

in Computer Science, Computer Engineering, or related field, or equivalent work experience Coding skills in at least one primary language, such as Java or Python and React Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards Utilize Static Application Security Testing tools (i.e. Checkmarx) to identify and remediate code vulnerabilities 1+ years More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

training and awareness initiatives. Act as a security champion within development squads and mentor junior engineers. Requirements Broad experience in application security or secure software development. Strong understanding of OWASP Top 10, secure coding techniques, and threat modelling. Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners. Familiarity with cloud platforms (Azure or AWS), CI/CD More ❯

language Experience working with or recommending security tools and technologies Ability to build strong working relationships and influence non-security stakeholders Working knowledge of cybersecurity standards and frameworks (e.g. OWASP, NIST, CIS) Analytical mindset with strong problem-solving skills Excellent written and verbal communication skills Qualifications: 3+ years of experience in information security, with a focus on application and/ More ❯

applications usingDockerand manage deployments onKubernetesclusters (EKS, AKS, on-prem). UseHelm, ingress controllers, and service meshes to manage complex deployments. Security & Compliance Integrate security tools such as Snyk,Trivy,OWASP ZAP, andSonarQubeinto CI/CD pipelines. Manage secrets usingHashiCorp Vault,AWS Secrets Manager, andAzure Key Vault. Operate cloud-native security services likeAzure Defender,AWS GuardDuty,Security Hub,Inspector, andConfig. Monitoring More ❯

applications usingDockerand manage deployments onKubernetesclusters (EKS, AKS, on-prem). UseHelm, ingress controllers, and service meshes to manage complex deployments. Security & Compliance Integrate security tools such as Snyk,Trivy,OWASP ZAP, andSonarQubeinto CI/CD pipelines. Manage secrets usingHashiCorp Vault,AWS Secrets Manager, andAzure Key Vault. Operate cloud-native security services likeAzure Defender,AWS GuardDuty,Security Hub,Inspector, andConfig. Monitoring More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

your background might be better suited to. 8+ years of experience in IoT security, preferably in the medical device or the pharmaceutical industry. Proficiency in security frameworks (e.g., NIST, OWASP, MITRE ATT&CK, PASTA, STRIDE) and standards such as FDA cybersecurity guidance Experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and determining residual More ❯

Integrate security into CI/CD pipelines through SAST, DAST, SCA, container scanning, and automated policy enforcement. Establish and govern secure architecture standards aligned to industry frameworks (e.g. NIST, OWASP, ISO 27001). Champion threat modelling and secure design throughout development lifecycles. Client Engagement & Pre-Sales Support Represent the security development function in client meetings and solution design. Contribute to More ❯

Integrate security into CI/CD pipelines through SAST, DAST, SCA, container scanning, and automated policy enforcement. Establish and govern secure architecture standards aligned to industry frameworks (e.g. NIST, OWASP, ISO 27001). Champion threat modelling and secure design throughout development lifecycles. Client Engagement & Pre-Sales Support Represent the security development function in client meetings and solution design. Contribute to More ❯

strong track record in software engineering with a focus on application and infrastructure security, ideally in agile or DevOps environments. You're fluent in secure development concepts - comfortable with OWASP Top 10, CWE and common secure design patterns. You've helped teams adopt secure SDLC practices, working closely with central security or architecture groups. You know how to embed tools More ❯

Establish frontend testing strategy using tools like Jest, React Testing Library, Cypress, etc. Partner with security teams to implement secure-by-design frontends aligned with SaaS compliance needs (e.g., OWASP, SSO, GDPR). Required Qualifications Bachelor's or Master's in Computer Science, Software Engineering, or equivalent. 10+ years in frontend development with at least 4+ years of React-based More ❯

containerised applications using technologies such as AWS Lambda, Spring Boot, NodeJS, Python FastAPI, Oracle, PostgreSQL and MongoDB Contributing to DevSecOps delivery pipelines, using tooling such as Atlassian, Jenkins, GitLab, OWASP and AWS services Applying Site Reliability Engineering principles to ensure solutions are resilient, reliable and cost-effective Supporting clients and end users in making technical product decisions by clearly explaining More ❯

containerised applications using technologies such as AWS Lambda, Spring Boot, NodeJS, Python FastAPI, Oracle, PostgreSQL and MongoDB Contributing to DevSecOps delivery pipelines, using tooling such as Atlassian, Jenkins, GitLab, OWASP and AWS services Applying Site Reliability Engineering principles to ensure solutions are resilient, reliable and cost-effective Supporting clients and end users in making technical product decisions by clearly explaining More ❯

experience with AWS (or similar cloud platforms) and Cloudflare. Infrastructure as Code: Proficiency with Terraform or similar IaC tools. Vulnerability Knowledge: Solid understanding of common vulnerability classes and the OWASP Top 10. Coding & Scripting: Proficient in reading code (e.g., Python, Scala) and using Git for version control of code and configuration changes. Familiarity with iOS or Android security. Experience of More ❯

junior team members and support collaborative delivery of projects. Occasionally support the creation of marketing materials such as research papers and articles. Skills/Must have: Strong knowledge of OWASP methodologies and offensive testing across black/grey/white-box approaches. Proficiency in tools like Burp Suite, Kali, Nmap, Nessus, Qualys, Metasploit. Familiarity with cloud platform security testing (AWS More ❯

expose DevSecOps capabilities. Package and deploy services to OpenShift/Kubernetes clusters, ensuring scalability and high availability. DevSecOps Toolchain Integration Integrate with and extend APIs for Synopsys BlackDuck, Snyk, OWASP Dependency-Track, JFrog Artifactory, HashiCorp Vault/CyberArk, and more. Drive continuous improvement of our CI pipelines (Jenkins, TeamCity, Tekton), embedding security "shift-left" practices. Developer Enablement & Support Partner with More ❯