1 to 25 of 27 Remote OWASP Jobs in London

relationship with the VP of TechOps. Responsibilities Security Strategy & Governance - Define and continuously refine the technical security roadmap that aligns with business objectives, industry best practice (e.g., NIST CSF, OWASP SAMM), and compliance frameworks (SOC 2, ISO 27001, GDPR). Secure SDLC & DevSecOps - Build and maintain guardrails for static/dynamic analysis, container and IaC scanning, SBOM management, and supply More ❯

in Computer Science, Computer Engineering, or related field, or equivalent work experience Coding skills in at least one primary language, such as Java or Python and React Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards Utilize Static Application Security Testing tools (i.e. Checkmarx) to identify and remediate code vulnerabilities 1+ years More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

your background might be better suited to. 8+ years of experience in IoT security, preferably in the medical device or the pharmaceutical industry. Proficiency in security frameworks (e.g., NIST, OWASP, MITRE ATT&CK, PASTA, STRIDE) and standards such as FDA cybersecurity guidance Experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and determining residual More ❯

Integrate security into CI/CD pipelines through SAST, DAST, SCA, container scanning, and automated policy enforcement. Establish and govern secure architecture standards aligned to industry frameworks (e.g. NIST, OWASP, ISO 27001). Champion threat modelling and secure design throughout development lifecycles. Client Engagement & Pre-Sales Support Represent the security development function in client meetings and solution design. Contribute to More ❯

Integrate security into CI/CD pipelines through SAST, DAST, SCA, container scanning, and automated policy enforcement. Establish and govern secure architecture standards aligned to industry frameworks (e.g. NIST, OWASP, ISO 27001). Champion threat modelling and secure design throughout development lifecycles. Client Engagement & Pre-Sales Support Represent the security development function in client meetings and solution design. Contribute to More ❯

strong track record in software engineering with a focus on application and infrastructure security, ideally in agile or DevOps environments. You're fluent in secure development concepts - comfortable with OWASP Top 10, CWE and common secure design patterns. You've helped teams adopt secure SDLC practices, working closely with central security or architecture groups. You know how to embed tools More ❯

containerised applications using technologies such as AWS Lambda, Spring Boot, NodeJS, Python FastAPI, Oracle, PostgreSQL and MongoDB Contributing to DevSecOps delivery pipelines, using tooling such as Atlassian, Jenkins, GitLab, OWASP and AWS services Applying Site Reliability Engineering principles to ensure solutions are resilient, reliable and cost-effective Supporting clients and end users in making technical product decisions by clearly explaining More ❯

containerised applications using technologies such as AWS Lambda, Spring Boot, NodeJS, Python FastAPI, Oracle, PostgreSQL and MongoDB Contributing to DevSecOps delivery pipelines, using tooling such as Atlassian, Jenkins, GitLab, OWASP and AWS services Applying Site Reliability Engineering principles to ensure solutions are resilient, reliable and cost-effective Supporting clients and end users in making technical product decisions by clearly explaining More ❯

experience with AWS (or similar cloud platforms) and Cloudflare. Infrastructure as Code: Proficiency with Terraform or similar IaC tools. Vulnerability Knowledge: Solid understanding of common vulnerability classes and the OWASP Top 10. Coding & Scripting: Proficient in reading code (e.g., Python, Scala) and using Git for version control of code and configuration changes. Familiarity with iOS or Android security. Experience of More ❯

junior team members and support collaborative delivery of projects. Occasionally support the creation of marketing materials such as research papers and articles. Skills/Must have: Strong knowledge of OWASP methodologies and offensive testing across black/grey/white-box approaches. Proficiency in tools like Burp Suite, Kali, Nmap, Nessus, Qualys, Metasploit. Familiarity with cloud platform security testing (AWS More ❯

internal and external audits where needed. What we're looking for Experience in software engineering, with a strong security mindset Deep understanding of web and API vulnerabilities, including the OWASP Top 10 Proficient in coding, scripting (e.g. Python, Bash), and automating security in CI/CD Hands-on experience with security tools like SAST, DAST, and SCA Familiar with cloud More ❯

VPNs, and VLANs. Basic experience with SIEMs and security logs Understanding of vulnerability management practices Understanding of penetration testing, Threat Hunting, Red Teaming methodologies Familiarity with application security and OWASP Top Ten Scripting languages Experience with capture-the-flags Familiarity with audit principles and different information security compliance standards Soft Skills: Analytical Thinking: Ability to assess risks, detect anomalies, and More ❯

applications in production environments. Common architectural patterns (e.g. layered, hexagonal, clean). Databases (Including concepts like indexes and transaction scopes). Performance and monitoring. Security practices (e.g. understanding of OWASP Top 10). Be comfortable safely refactoring legacy code. Be able to work alongside client-facing support and product owners to analyse business requirements. Be keen to learn new technologies More ❯

looking for Cloud engineering experience with security tooling and cloud workload protection Skilled in DevOps, AWS, Infrastructure as Code (Terraform), and scripting (Python, Bash) Knowledge of secure engineering standards (OWASP, CIS, NIST) and Agile/DevOps practices Experienced with CSPM, CNAPP, security incident response, and SIEM tools Ability to evaluate and recommend new security technologies Clear communicator focused on enhancing More ❯

technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM, antivirus solutions, encryption mechanisms, and vulnerability assessment tools. Hands-on experience in security tools (e.g., SAST, DAST, OWASP ZAP). Relevant security certifications, such as Security+, IAT II/III level, or equivalent. Strong capability in risk assessment, vulnerability management, and data informed decision-making. Solid understanding of More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of cryptography including encryption More ❯

Architecture Background in software and development Proficiency in securing cloud technologies Proficiency in reading, writing, and auditing code and the ability to learn new languages/technologies. Experience with OWASP Top10 or SANS Top 25 Experience breaking down complex systems and applications to identify threats. Excellent ability to communicate, verbally and in writing, complicated technical issues and the risks they More ❯

expertise in cloud security (preferably AWS), including securing hybrid and multi-region architectures. Practical knowledge of security tooling: IDS/IPS, SIEM, vulnerability scanners, encryption, SAST/DAST tools, OWASP ZAP, etc. Strong understanding of network security protocols and best practices. Scripting and automation experience (e.g. Python). Proven experience with incident response and threat mitigation. Familiarity with security compliance More ❯

Stack Overflow). Flexible working hours, willing to participate in a 24x7 support organization. Positive service-oriented personality. Proven technology skills, including proficiency with Mac, Windows, Linux, knowledge of OWASP top 10, web and mobile application security. Nice to haves: Your own bug bounty profile. Certificates such as CEH, CPT, CEPT, CPEN, OSWE, EWPT, or EWPTX are a plus. What More ❯

Experience in vulnerability management, security operations, or infrastructure security (5+ years). Familiarity with vulnerability management lifecycle, tools, and platforms. Ability to coordinate remediation activities effectively. Knowledge of CVSS, OWASP Top 10, and MITRE ATT&CK. Comfort working with cloud environments, containers, and modern infrastructure. Organized with strong reporting skills. Ability to translate scan data into clear, risk-based reports More ❯

of defining, implementing, measuring, and supporting the adoption of secure software development lifecycle (SSDLC) practices and secure coding standards within engineering organizations. Strong understanding of web application security vulnerabilities (OWASP Top 10 and beyond), attack vectors, and mitigation techniques. Significant experience securing Infrastructure as Code (IaC) , particularly Terraform, and implementing relevant security checks. Solid experience with container security and securing … communication and influencing skills, with the ability to articulate complex security concepts clearly to technical audiences. Strong knowledge of relevant security frameworks and standards (e.g., NIST CSF, CIS Benchmarks, OWASP ASVS). Exposure and knowledge of the MITRE ATT&CK framework. Experience effectively coordinating external penetration testing engagements and managing remediation efforts. Nice to have Relevant advanced security certifications (e.g. More ❯