1 to 25 of 113 Remote OWASP Jobs in London

and architectural risk assessments, identifying vulnerabilities early and collaborating on risk mitigation strategies. Define and enforce secure coding standards and architectural best practices aligned with industry benchmarks such as OWASP Top 10 and API Security Top 10. Partner with cloud engineers and developers to embed security controls specific to GCP, such as workload identity, IAM policy enforcement, VPC Service Controls … these into automated build and deployment pipelines. Practical expertise with threat modeling methodologies such as STRIDE, PASTA, or Attack Trees. Strong knowledge of secure coding standards and common vulnerabilities (OWASP Top 10, API Security Top 10) and how to mitigate them. Familiarity with Google Cloud Platform (GCP) security features and best practices, including IAM, Cloud Armor, Security Command Center, and More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS...), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of cryptography including encryption More ❯

Hands-on experience with cloud platforms (AWS strongly preferred), including basic infrastructure and security concepts (e.g., IAM, VPC, Security Groups). Familiarity with core application security principles (e.g., understanding OWASP Top 10 vulnerabilities) Experience with or strong aptitude for learning security tools (e.g., Wiz, SAST, DAST, SCA, vulnerability scanners). Knowledge of or familiarity with Infrastructure as Code (IaC), particularly … Terraform, is a plus. Familiarity with container technologies (Docker, Kubernetes) is a bonus. Good knowledge of relevant security frameworks and standards (e.g., NIST CSF, CIS Benchmarks, OWASP ASVS). Exposure and knowledge of the MITRE ATT&CK framework. Strong communication skills, with the ability to articulate complex security concepts clearly to technical audiences. Strong analytical and problem-solving skills with More ❯

take on a challenge. Preferred Skills: Experience in AI red teaming, adversarial ML, LLM security testing Deep understanding of networking protocols, OS security, and web application security Knowledge of OWASP Top Ten, MITRE ATT&CK, and other security frameworks Experience with web security (HTTP, API security, web scraping, DOM manipulation) Benefits Take part in a part-time, remote, freelance project More ❯

languages and Infrastructure as Code (Terraform, CloudFormation) Familiarity with Jira or other ticketing systems – essential Technical architecture design and review skills – essential Ability to identify vulnerabilities using CWE or OWASP Knowledge of operating systems and their hardening techniques Understanding of development concepts such as CICD, Pipelines, and SDLC Penetration testing knowledge is also super useful Familiarity with Cloud Development Kit More ❯

Knowledge of cloud security frameworks Rest API knowledge Scripting and Infrastructure as Code (Terraform, CloudFormation) Experience with Jira or similar ticketing systems Technical architecture review skills Vulnerability identification (CWE, OWASP) Operating systems and hardening techniques Development concepts like CICD, Pipelines, SDLC Penetration testing knowledge (useful) Familiarity with Cloud Development Kit (CDK), GitOps Experience in DevOps/agile environments Docker, Kubernetes More ❯

and applications. If you have expertise in AWS security, secure coding, Service Mesh/Observability, IAM/Okta, threat modelling and a strong understanding of security frameworks like ISO27001, OWASP or NIST, and the ability to drive secure coding practices, SAST and DAST, we want to hear from you! About the Role As a Cloud Application Security Engineer, you will … Dynamic Application Security Testing) Knowledge of security frameworks such as ISO 27001, NIST, or CIS benchmarks. Experience in application security reviews, vulnerability management, and security controls implementation. Familiarity with OWASP Top 10, CWE, and secure coding practices. Basic coding/scripting skills in Python, JavaScript, or similar. Strong communication skills with the ability to engage technical and non-technical stakeholders. More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS...), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of cryptography including encryption More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ) Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2) Working knowledge of cryptography including encryption More ❯

What skills are essential: You have an in-depth knowledge of security principles, technologies, best practices and threat detection and mitigation strategies Knowledge of common attack vectors and methodologies (OWASP Top 10, Mitre ATT&CK Framework and social engineering tactics The ability to identify potential threats, attack vectors, and vulnerabilities in systems and applications Ability to document security requirements from More ❯

in Computer Science, Computer Engineering, or related field, or equivalent work experience Coding skills in at least one primary language, such as Java or Python and React Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards Utilize Static Application Security Testing tools (i.e. Checkmarx) to identify and remediate code vulnerabilities 1+ years More ❯

tooling. Assist in maintaining security assurance across the SDLC in line with NCSC guidelines. Essential Criteria Penetration testing, ethical hacking, or vulnerability assessments. Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc.). DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub Advanced Security, IaC scanning, etc.). Secure Cloud Infrastructure, specifically AWS and Azure. Scripting and automation More ❯

it will now be based on an Umbrella solution. Essential Skills/experience Required Experience penetration testing, ethical hacking, or completing vulnerability assessments. Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc.). DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub Advanced Security, IaC scanning, etc.). Secure Cloud Infrastructure, specifically AWS and Azure. Scripting and automation More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator - able to engage More ❯

across the SDLC in line with client guidelines. SKILLS/EXPERIENCE OF THE CYBER SECURITY ENGINEER Penetration testing, ethical hacking, or vulnerability assessments. Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc.) DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub Advanced Security, IaC scanning, etc.). Secure Cloud Infrastructure, specifically AWS and Azure. Scripting and automation using More ❯

authorization practices, audit logging, encryption at rest/in transit, and other application security standards. Ensure software and infrastructure meet organizational security and compliance requirements (e.g., GDPR, ISO 27001, OWASP Top 10). Team Management & Culture Build and scale high-performance engineering teams, including backend, frontend, full-stack, data, and security engineers. Define and track KPIs for engineering productivity, quality More ❯

authorization practices, audit logging, encryption at rest/in transit, and other application security standards. Ensure software and infrastructure meet organizational security and compliance requirements (e.g., GDPR, ISO 27001, OWASP Top 10). Team Management & Culture Build and scale high-performance engineering teams, including backend, frontend, full-stack, data, and security engineers. Define and track KPIs for engineering productivity, quality More ❯

AWS security tools & IAM Experience with Okta , service mesh, observability tooling Hands-on with SAST/DAST , secure development and vulnerability testing Familiar with ISO 27001, NIST, CIS Benchmarks, OWASP Top 10 Comfortable with Python, JavaScript or similar scripting Strong communicator technical and non-technical audiences Bonus Points For Fintech or regulated industry background Certifications: OSCP, CISSP, AWS Security Specialty More ❯

been a UK resident for at least 5 years). Experience conducting penetration tests (web, infrastructure, external/internal). Strong knowledge of security testing methodologies and frameworks (e.g., OWASP, NIST). Proficiency with industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, Kali Linux). Excellent written and verbal communication skills. Desirable Skills OSCP, OSWE, or other relevant certifications. Experience More ❯

including but not limited to the following core areas: Build verification Alert and Monitoring Backup and Restore Resilience and Recovery Logging, Audit and House Keeping Release Management Work Instructions OWASP "top ten" security tests Experience with CI/CD pipelines, Jenkins, and test automation frameworks. Knowledge of cloud platforms (AWS/Azure), infrastructure monitoring, and IT service management. Familiarity with More ❯

not limited to the following core areas: Build verification Alert and Monitoring Backup and Restore Resilience and Recovery Logging, Audit and House Keeping Release Management Config Management Work Instructions OWASP "top ten" security tests Experience with CI/CD pipelines, Jenkins, and test automation frameworks. Knowledge of cloud platforms (AWS/Azure), infrastructure monitoring, and IT service management. Familiarity with More ❯

and business stakeholders is essential. Good experience working with security issues in software architecture, software development, e.g static and/or dynamic code analysis and tools, software dependency check, OWASP Top10 testing, application threat modelling etc. Good experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and More ❯

your background might be better suited to. 8+ years of experience in IoT security, preferably in the medical device or the pharmaceutical industry. Proficiency in security frameworks (e.g., NIST, OWASP, MITRE ATT&CK, PASTA, STRIDE) and standards such as FDA cybersecurity guidance Experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and determining residual More ❯

Management, Cosmos DB, and SQL and Cloud networking architecture: VNets, application gateways, private and service endpoints, and firewalls. Secure Software Development: Deep experience implementing effective secure coding practices (e.g., OWASP Top 10, SAST, DAST, SonarCloud). You can seamlessly integrate security into the SDLC with a shift-left approach. Cloud Security Tools: Practical experience with Azure Sentinel, Defender, and tools More ❯

skills including strong verbal and written skills. What We’d Love: Experience of Darktrace, native AWS and Microsoft Security functions. Understanding of Security standards and frameworks, e.g.: NIST, CIS, OWASP, ISO 27001. Awareness of pentesting, threat hunting and red teaming in operational environments. Networking principles including TCP/IP, WAN's, LAN's, and commonly used Internet protocols. Security incident More ❯