26 to 50 of 216 OWASP Jobs in London

AppSec or DevSecOps, with strong experience in secure SDLC and CI/CD Hands-on knowledge of security tools like GitHub Advanced Security, Veracode, Snyk, ZAP, Burp Familiarity with OWASP, MITRE, CWE, and modern dev frameworks (C#, Java, Python, React) Knowledge of scripting languages (Python, Ruby, Rust) Excellent communication skills to bridge tech and business stakeholders Passion for building scalable More ❯

Requirements Bachelor’s degree in IT or equivalent experience. 5+ years in information/application security roles. Experience working in agile environments. Deep understanding of cloud security (Azure, AWS), OWASP, MITRE. Proven experience with policy interpretation and security implementation in real-world projects. Preferred Skills Certifications such as CISSP, CCSP, CEH, Microsoft Azure/AWS Security. Working knowledge of GDPR More ❯

development lifecycle (SDLC). Working knowledge of Waterfall, Agile and primarily DevOps development methodologies. Understanding or cloud technologies and related topics such as containerization (Docker, Kubernetes, ...) Experience with OWASP Testing Guide v3/4 and OWASP TOP 10. Has experience in defining Security policies and procedures for compliance in Production systems. What’s in it for you: You will More ❯

and their effective integration within the S-SDLC. Awareness of microservice architecture and associated common deployment patterns a must. Security Industry Knowledge: Deep familiarity with security standards & frameworks e.g., OWASP, MITRE Attack etc and their practical application. Technical Ability: Hands-on experience with scripting elegant, scalable solutions to encountered problems, and prior experience implementing and/or reviewing terraform for More ❯

SCCM or enterprise patch management tools Experience with Qualys or enterprise Vulnerability Management and Compliance toolsets. Security legislation and regulatory frameworks exposure and awareness • Industry best practices such as OWASP, Cyber security framework and NCSC guidance • Information Security Management System (Infrastructure Security Operations and Incident Management). • NIST Cyber Security Framework • ISO 27001 - Information Security Management System (ISMS) • CIS - Center More ❯

and delivery of security scanning service using tools like SAST/DAST/SCA etc. In-depth knowledge of security frameworks, standards, and best practices (e.g., ISO 27001, NIST, OWASP). Prior experience with penetration testing and vulnerability management. Demonstrable security risk management knowledge and experience. Experience as acting as a change agent, driving continuous improvement and excellence. Ability to More ❯

SDLC and managing vulnerabilities. Knowledge of risk assessments, threat modeling, and security design reviews. Strong understanding of Agile, DevSecOps, and system engineering principles. Familiarity with security standards like NCSC, OWASP, NIST SSDF, ISO27001, and Azure security practices. Experience with Azure cloud infrastructure, PaaS, and DevOps tools. Ability to prepare and present security reports to senior management. Degree in Computer Science More ❯

across the SDLC in line with client guidelines. SKILLS/EXPERIENCE OF THE CYBER SECURITY ENGINEER Penetration testing, ethical hacking, or vulnerability assessments. Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc.) DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub Advanced Security, IaC scanning, etc.). Secure Cloud Infrastructure, specifically AWS and Azure. Scripting and automation using More ❯

Join to apply for the Principal Security Engineer role at Capco . Capco is a global technology and business consultancy focused on the financial services sector. We are committed to diversity and inclusion, fostering an environment where everyone can be More ❯

with Postman for API testing. Knowledge of cloud services platforms like Azure, AWS, Google Cloud Platform etc. Understanding of SonarQube for code quality analysis. Security practices and tools like OWASP and Snyk. Additional Beneficial Experience: CI/CD tools like Jenkins or GitHub Actions. Container orchestration with Kubernetes. Front-end state management with Redux. TypeScript for enhanced JavaScript development. Back More ❯

defences. Technologies and Soft Skills required: Advanced technical knowledge of penetration testing techniques, security assessments, and vulnerability exploitation. Expertise in security testing tools (such as Burp Suite, Metasploit, Nmap, OWASP ZAP, etc.), as well as manual testing methods. Strong understanding of common application security vulnerabilities (such as SQL injection, XSS, CSRF, insecure deserialization, etc.) and OWASP Top 10. Proficiency in More ❯

authorization practices, audit logging, encryption at rest/in transit, and other application security standards. Ensure software and infrastructure meet organizational security and compliance requirements (e.g., GDPR, ISO 27001, OWASP Top 10). Team Management & Culture Build and scale high-performance engineering teams, including backend, frontend, full-stack, data, and security engineers. Define and track KPIs for engineering productivity, quality More ❯

authorization practices, audit logging, encryption at rest/in transit, and other application security standards. Ensure software and infrastructure meet organizational security and compliance requirements (e.g., GDPR, ISO 27001, OWASP Top 10). Team Management & Culture Build and scale high-performance engineering teams, including backend, frontend, full-stack, data, and security engineers. Define and track KPIs for engineering productivity, quality More ❯

the Data migration cycle output to the customer + Identify Data quality issues and have the fixes in place. Technical Skills: Experience and understanding of secure development practices include OWASP guidelines/top 10, SOC 2, and NCSC cloud security principles. Experience in data and orchestration tools including some of dbt, Apache Airflow, Azure Data Factory. Experience in programming languages More ❯

security incidents and work on root cause analysis and hardening. Stay updated on current and emerging security threats, tools, and techniques. Requirements: Strong understanding of common application security vulnerabilities (OWASP Top 10, CWE) and how to remediate them. Experience performing secure code reviews in languages like Java, Python, C++ etc.. Familiarity with CI/CD pipelines and how to embed More ❯

SSO, Cloud IAM, HashiCorp Vault). Proficiency in applied cryptography (e.g., mTLS, E2EE, AEAD, key derivation, key wrapping, remote attestation). Ability to identify security vulnerabilities across platforms (e.g., OWASP Top 10, misconfigurations, transport security gaps). Excellent documentation and communication skills, able to articulate technical risks and findings to diverse audiences. Experience in collaborative proposal development and interfacing with More ❯

firewalls, IPS, DDoS, WAF, DLP, DNS, NAC, NSPM, and architectures like SASE and Zero Trust. Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security. Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. More ❯

of REST APIs Scripting skills and Infrastructure as Code (Terraform, CloudFormation) Experience with Jira or similar ticketing systems Technical architecture review skills Ability to identify vulnerabilities using CWE or OWASP Knowledge of operating system hardening Understanding of CICD, Pipelines, SDLC Penetration testing knowledge Familiarity with Cloud Development Kit (CDK), GitOps Experience working in DevOps/agile teams Understanding of Docker More ❯

languages and Infrastructure as Code (Terraform, CloudFormation) •Familiarity with Jira or other ticketing systems – essential •Technical architecture design and review skills – essential •Ability to identify vulnerabilities using CWE or OWASP •Knowledge of operating systems and their hardening techniques •Understanding of development concepts such as CICD, Pipelines, and SDLC •Penetration testing knowledge is also super useful •Familiarity with Cloud Development Kit More ❯

languages and Infrastructure as Code (Terraform, CloudFormation) •Familiarity with Jira or other ticketing systems – essential •Technical architecture design and review skills – essential •Ability to identify vulnerabilities using CWE or OWASP •Knowledge of operating systems and their hardening techniques •Understanding of development concepts such as CICD, Pipelines, and SDLC •Penetration testing knowledge is also super useful •Familiarity with Cloud Development Kit More ❯

languages and Infrastructure as Code (Terraform, CloudFormation) •Familiarity with Jira or other ticketing systems – essential •Technical architecture design and review skills – essential •Ability to identify vulnerabilities using CWE or OWASP •Knowledge of operating systems and their hardening techniques •Understanding of development concepts such as CICD, Pipelines, and SDLC •Penetration testing knowledge is also super useful •Familiarity with Cloud Development Kit More ❯

Kubernetes). Experience : 5+ years of experience in penetration testing, ethical hacking, or red teaming. Proven track record of identifying and exploiting critical vulnerabilities. Experience with web application security (OWASP Top 10, API security, etc.). Hands-on experience with malware analysis and forensic tools is a plus. Certifications (Preferred) : OSCP (Offensive Security Certified Professional) OSCE (Offensive Security Certified Expert More ❯

been a UK resident for at least 5 years). Experience conducting penetration tests (web, infrastructure, external/internal). Strong knowledge of security testing methodologies and frameworks (e.g., OWASP, NIST). Proficiency with industry-standard tools (e.g., Burp Suite, Nmap, Metasploit, Kali Linux). Excellent written and verbal communication skills. Desirable Skills OSCP, OSWE, or other relevant certifications. Experience More ❯

security engineers and business stakeholders to integrate security into the software development lifecycle (SDLC), mitigate risks and ensure compliance with security standards. Skills Strong knowledge of application security vulnerabilities (OWASP Top 10, CWE, SANS 25). Hands-on remediation support and vulnerability management expertise. Hands-on experience with threat modelling and secure code reviews. Experience with Mobile Application Security and More ❯

implemented in Kubernetes, Docker Experience using GitHub and GitHub Actions Behaviour Driven Development (BDD), with Gherkin & SpecFlow Atlassian Jira, Confluence & JFrog Artifactory Software security best practices and implementation (e.g. OWASP, PKI, X509 Certificates, TLS) Software development for regulated environments (e.g. IVD/Medical devices) In addition to salary, we work flexibly, and provide 25 days holidays, excellent family friendly benefits More ❯