1 to 25 of 57 OWASP Jobs in London

What will you bring? 7+ years of experience in Product Security, Application Security, or a related security engineering role. Deep expertise in secure software development, secure coding practices, and OWASP Top 10/CWE 25. Strong technical proficiency in modern programming languages (e.g., Python, Java, JavaScript, Go, or C#). Experience with cloud-native security (AWS, Azure, GCP) and securing More ❯

relationship with the VP of TechOps. Responsibilities Security Strategy & Governance - Define and continuously refine the technical security roadmap that aligns with business objectives, industry best practice (e.g., NIST CSF, OWASP SAMM), and compliance frameworks (SOC 2, ISO 27001, GDPR). Secure SDLC & DevSecOps - Build and maintain guardrails for static/dynamic analysis, container and IaC scanning, SBOM management, and supply More ❯

automation testing in an Agile Software environment Close familiarity with some or all of: Network management and optimisation Postgresql Database management and optimisation With common security frameworks CIS, NIST, OWASP Familiarity with Public Cloud Services like AWS GCP Azure Familiarity with co-located physical infrastructure (we're currently hybrid) Solid understanding of Continuous Integration (CI) and Continuous Deployment (CD) Close More ❯

in Computer Science, Computer Engineering, or related field, or equivalent work experience Coding skills in at least one primary language, such as Java or Python and React Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards Utilize Static Application Security Testing tools (i.e. Checkmarx) to identify and remediate code vulnerabilities 1+ years More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

language Experience working with or recommending security tools and technologies Ability to build strong working relationships and influence non-security stakeholders Working knowledge of cybersecurity standards and frameworks (e.g. OWASP, NIST, CIS) Analytical mindset with strong problem-solving skills Excellent written and verbal communication skills Qualifications: 3+ years of experience in information security, with a focus on application and/ More ❯

training and awareness initiatives. Act as a security champion within development squads and mentor junior engineers. Requirements Broad experience in application security or secure software development. Strong understanding of OWASP Top 10, secure coding techniques, and threat modelling. Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners. Familiarity with cloud platforms (Azure or AWS), CI/CD More ❯

applications usingDockerand manage deployments onKubernetesclusters (EKS, AKS, on-prem). UseHelm, ingress controllers, and service meshes to manage complex deployments. Security & Compliance Integrate security tools such as Snyk,Trivy,OWASP ZAP, andSonarQubeinto CI/CD pipelines. Manage secrets usingHashiCorp Vault,AWS Secrets Manager, andAzure Key Vault. Operate cloud-native security services likeAzure Defender,AWS GuardDuty,Security Hub,Inspector, andConfig. Monitoring More ❯

applications usingDockerand manage deployments onKubernetesclusters (EKS, AKS, on-prem). UseHelm, ingress controllers, and service meshes to manage complex deployments. Security & Compliance Integrate security tools such as Snyk,Trivy,OWASP ZAP, andSonarQubeinto CI/CD pipelines. Manage secrets usingHashiCorp Vault,AWS Secrets Manager, andAzure Key Vault. Operate cloud-native security services likeAzure Defender,AWS GuardDuty,Security Hub,Inspector, andConfig. Monitoring More ❯

your background might be better suited to. 8+ years of experience in IoT security, preferably in the medical device or the pharmaceutical industry. Proficiency in security frameworks (e.g., NIST, OWASP, MITRE ATT&CK, PASTA, STRIDE) and standards such as FDA cybersecurity guidance Experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and determining residual More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience - Knowledge of commonly found software security vulnerabilities (like OWASP top 10) and remediation techniques - 2+ years of programming in one of the following or similar: Python, Ruby, Go, Swift, Java, .Net, C++. PREFERRED QUALIFICATIONS - Experience with AWS products and More ❯

self-starter Deep understanding of both common and emerging vulnerabilities including their manifestation in different architectures (web applications, thick clients, APIs, networked infrastructure etc) Familiarity with industry standard guidance OWASP Top 10, SANS Top 25, NIST/CSC, CIS, NCSC etc. Applied understanding of topics such as authentication, access control, encryption, cloud security, operating system security, network security, database security. More ❯

Integrate security into CI/CD pipelines through SAST, DAST, SCA, container scanning, and automated policy enforcement. Establish and govern secure architecture standards aligned to industry frameworks (e.g. NIST, OWASP, ISO 27001). Champion threat modelling and secure design throughout development lifecycles. Client Engagement & Pre-Sales Support Represent the security development function in client meetings and solution design. Contribute to More ❯

Integrate security into CI/CD pipelines through SAST, DAST, SCA, container scanning, and automated policy enforcement. Establish and govern secure architecture standards aligned to industry frameworks (e.g. NIST, OWASP, ISO 27001). Champion threat modelling and secure design throughout development lifecycles. Client Engagement & Pre-Sales Support Represent the security development function in client meetings and solution design. Contribute to More ❯

AWS Security Specialty certification Technical experience with programming, technology infrastructure, and security Experience in deploying resources using Infrastructure as Code (Terraform) Experience in securing Kubernetes services Extensive knowledge in OWASP Web Top 10 and CWE Top 25 Strong written and oral communication skills to document reports on assessments and communicate potential weaknesses and risks to different audiences ranging from business More ❯

junior team members and support collaborative delivery of projects. Occasionally support the creation of marketing materials such as research papers and articles. Skills/Must have: Strong knowledge of OWASP methodologies and offensive testing across black/grey/white-box approaches. Proficiency in tools like Burp Suite, Kali, Nmap, Nessus, Qualys, Metasploit. Familiarity with cloud platform security testing (AWS More ❯

strong track record in software engineering with a focus on application and infrastructure security, ideally in agile or DevOps environments. You're fluent in secure development concepts - comfortable with OWASP Top 10, CWE and common secure design patterns. You've helped teams adopt secure SDLC practices, working closely with central security or architecture groups. You know how to embed tools More ❯

Establish frontend testing strategy using tools like Jest, React Testing Library, Cypress, etc. Partner with security teams to implement secure-by-design frontends aligned with SaaS compliance needs (e.g., OWASP, SSO, GDPR). Required Qualifications Bachelor's or Master's in Computer Science, Software Engineering, or equivalent. 10+ years in frontend development with at least 4+ years of React-based More ❯

containerised applications using technologies such as AWS Lambda, Spring Boot, NodeJS, Python FastAPI, Oracle, PostgreSQL and MongoDB Contributing to DevSecOps delivery pipelines, using tooling such as Atlassian, Jenkins, GitLab, OWASP and AWS services Applying Site Reliability Engineering principles to ensure solutions are resilient, reliable and cost-effective Supporting clients and end users in making technical product decisions by clearly explaining More ❯

containerised applications using technologies such as AWS Lambda, Spring Boot, NodeJS, Python FastAPI, Oracle, PostgreSQL and MongoDB Contributing to DevSecOps delivery pipelines, using tooling such as Atlassian, Jenkins, GitLab, OWASP and AWS services Applying Site Reliability Engineering principles to ensure solutions are resilient, reliable and cost-effective Supporting clients and end users in making technical product decisions by clearly explaining More ❯

VPNs, and VLANs. Basic experience with SIEMs and security logs Understanding of vulnerability management practices Understanding of penetration testing, Threat Hunting, Red Teaming methodologies Familiarity with application security and OWASP Top Ten Scripting languages Experience with capture-the-flags Familiarity with audit principles and different information security compliance standards Soft Skills: Analytical Thinking: Ability to assess risks, detect anomalies, and More ❯