14 of 14 Static Application Security Testing Jobs in London

security standards such as OWASP Top 10, SANS Top 25, NIST, and ASVS. Hands-on experience with security tools like SAST, SCA, and container scanning, plus familiarity with programming languages such as Java, C#, and Python. Knowledge of modern development practices, including Agile, DevOps, and SecDevOps, enabling … clearly explain the rationale behind security fixes to ensure understanding and impact. Strong analytical skills to interpret and correlate data from sources like SAST, SCA, and penetration tests, identifying trends and prioritizing remediation efforts. The capability to link issues across multiple layers—code, infrastructure, identity, cloud environments, and third ...

Title: Senior Application Security EngineerSalary: £70,000Location: Reading/remote About the Organisation Join a fast-growing UK technology and consulting firm that's investing heavily in cutting-edge cyber security. With a strong focus on innovation, collaboration, and professional development, this company empowers its people to shape … software are secure by design. Drive vulnerability management and implement a risk-based approach across the technology stack. Perform security testing (SAST, DAST, SCA) and work with developers to remediate findings. Support cloud security controls (primarily Azure, including cloud-native apps). Champion secure development, threat modelling ...

client is a leading international financial services organisation seeking a senior Cybersecurity professional to take ownership of information security, cybersecurity and data security across the business. This role acts as the first line of defence within IT and plays a critical part in safeguarding systems, data and infrastructure … Review and optimise network and firewall policies to ensure effectiveness and necessity • Oversee application security across development and testing phases, including SAST and DAST • Monitor and assess data leakage risks and strengthen encryption controls for data at rest, in transit and in use Key Skills and Experience ...

Contract Role AppSec Engineer/Application Security Engineer London/Manchester/Glasgow/Hybrid 12 months initial Inside IR35 Role Overview: Job Title: AppSec Engineer/Application Security Engineer Location: Hybrid 2 days onsite per week (London/Manchester/Glasgow) Contract Type: Contract Duration … Inside IR35) Sector: Banking Key Skills & Experience AppSec Engineer, experience with: The software security landscape: CVEs, CWEs, common software vulnerability types SAST, SCA, and DAST, including the strengths and weaknesses of each At least one programming language (e.g. Java, Go) At least one major cloud provider (e.g. ...

Contract Role – AppSec Engineer/Application Security Engineer – London/Manchester/Glasgow/Hybrid – 12 months initial – Inside IR35 Role Overview: Job Title: AppSec Engineer/Application Security Engineer Location: Hybrid – 2 days onsite per week (London/Manchester/Glasgow) Contract Type: Contract Duration … Inside IR35) Sector: Banking Key Skills & Experience AppSec Engineer, experience with: The software security landscape: CVEs, CWEs, common software vulnerability types SAST, SCA, and DAST, including the strengths and weaknesses of each At least one programming language (e.g. Java, Go) At least one major cloud provider (e.g. ...

proactive, hands-on Security Consultant looking to make a real impact in a major technology transformation? Here's your chance to join a leading UK Bank on an exciting 6-month contract, helping modernise their tech stack while maintaining trust and security at every step. About the Role … looking for someone with a blend of technical expertise and delivery mindset: Hands-on application security experience: secure coding, threat modelling, SAST/DAST tooling. Strong knowledge of SDLC and CI/CD integration, with experience securing software throughout its lifecycle. Pragmatic, delivery-focused, and able to take ...

Security Engineer Salary: Up to £85,000 (depending on experience) Locations: London, Leeds, Middlesbrough, Bristol or Bournemouth Working Pattern: Hybrid - two days per week in one of the above offices Overview: An established enterprise organisation is undertaking enhancements to its digital platforms as part of an ongoing modernisation strategy.As …/IP, UDP, HTTP/3, AMQP, streaming protocols), cloud networking concepts (VPNs, subnets, regions/zones) and integration technologies Hands-on experience with SAST and SCA tools such as Snyk and Checkmarx Experience with DAST tools such as OWASP ZAP or Qualys DAST (preferred), ideally working with HTTP APIs ...

Security Architect Requirement Rate; Flexible Location; Remote - adhoc travel to London Duration; 6 month initial You will be supporting a Legacy Application program in upgrading hundreds of business applications across Wintel, Linux and cloud environments. Core Competencies Legacy System Modernisation: Proven experience in upgrading legacy applications while maintaining … SELinux). Cloud (AWS/Azure/GCP): Designing IAM policies, encryption (FIPS 140-validated modules), and network segmentation for hybrid environments. DevSecOps: Integrating SAST/DAST tools into CI/CD pipelines and automating compliance checks. Security Documentation Threat Modeling: Using frameworks to identify risks in legacy ...

have an exciting opportunity for a Software Security Engineer to join our Global Healthcare client. As a Security Engineer, you’ll provide hands-on technical expertise to guide software development, delivery and continuous improvement focusing on risk and security. You’ll help evolve our client’s new Digital … HTTP/3, AMQP, streaming protocols etc), cloud network design (VPNs, subnets, regions/zones etc), and integration related technologies (Auth0, APIM) Expertise with SAST & SCA systems such as Snyk, Checkmarx Experience with DAST systems such as OpenZAP, Qualys DAST (preferred) ideally with HTTP APIs Ability to manage large scale ...

Contract Role – Senior Golang/Java Security Engineer – London/Manchester/Glasgow/Hybrid – 12 months initial – Inside IR35 Role Overview: Job Title: Senior Golang/Java Security Engineer Location: Hybrid – 2 days onsite per week (London/Manchester/Glasgow) Contract Type: Contract Duration: 12 months … Golang/Java Security Engineer experience with: Golang/Go or Java The software security landscape: CVEs, CWEs, common software vulnerability types SAST, SCA, and DAST, including the strengths and weaknesses of each At least one major cloud provider (e.g. AWS, GCP, Azure) REST API design HTTP Authentication ...

continuous evolution of our enterprise API Platform. This role is fully hands-on , combining deep expertise in Azure cloud services, Kubernetes, Terraform, API security, and distributed systems with the ability to guide, review, and contribute to .NET Core API development practices . The architect will define and maintain … pipeline definition for APIM deployments, testing, API versioning, and documentation automation. Establish CI/CD pipelines for Terraform, .NET API builds, image scanning, SAST/DAST, compliance enforcement. 8. Hands-On .NET Core API Integration & Code Reviews Review .NET Core API implementations to ensure correct API design , platform alignment ...

appoint a Senior Azure Cloud Engineer. This is a hands-on senior role where youll take ownership of Azure infrastructure, DevOps practices, and cloud security, working closely with architects and development teams in an agile environment. The platform is API-driven and operates at scale, so reliability, performance … security Proven Infrastructure-as-Code expertise (Terraform, Bicep/ARM) Experience with Azure DevOps, GitHub, and CI/CD pipelines Familiarity with DevSecOps, SAST/DAST, and cloud monitoring Confident communicator with a pragmatic, delivery-focused mindset This is an opportunity to join a business where cloud engineering ...

Senior Azure Cloud Engineer. This is a hands-on senior role where you’ll take ownership of Azure infrastructure, DevOps practices, and cloud security, working closely with architects and development teams in an agile environment. The platform is API-driven and operates at scale, so reliability, performance, and security … security Proven Infrastructure-as-Code expertise (Terraform, Bicep/ARM) Experience with Azure DevOps, GitHub, and CI/CD pipelines Familiarity with DevSecOps, SAST/DAST, and cloud monitoring Confident communicator with a pragmatic, delivery-focused mindset This is an opportunity to join a business where cloud engineering ...

controls. Capture and assess evidence such as pipeline logs, approvals, artefact integrity/signing, access controls, and configuration baselines. Validate security posture via SAST/DAST scans, dependency and licence reviews, container/image policies, and supply-chain controls. Evaluate logging, monitoring, and observability practices. Map findings to compliance ...