design and enforce patch windows and remediation SLAs. DevSecOps Toolchain Proficient with CI/CD tooling in Azure DevOps or GitHub Actions. Experience integrating SAST (e.g. SonarQube), DAST (e.g. OWASP ZAP) and SCA (e.g. Dependabot, Snyk) into pipelines. Infrastructure as Code: Terraform, ARM or Bicep. Container & Cloud Security Knowledge of containerisation (Docker, Kubernetes/AKS) and container security best practices. More ❯
developer guidance, and response runbooks. What will you bring? 4 years in security engineering, DevSecOps, applicationsecurity, or related software engineering roles. Strong foundational knowledge of secure coding and OWASP Top 10 risks. Experience with at least one modern programming language (e.g., Python, Java, JavaScript, Go, or C#). Familiarity with cloud platforms (AWS, Azure, or GCP) and container technologies More ❯
What will you bring? 7+ years of experience in Product Security, ApplicationSecurity, or a related security engineering role. Deep expertise in secure software development, secure coding practices, and OWASP Top 10/CWE 25. Strong technical proficiency in modern programming languages (e.g., Python, Java, JavaScript, Go, or C#). Experience with cloud-native security (AWS, Azure, GCP) and securing More ❯
principles and challenges; Hands-on experience integrating security tools into CI/CD pipelines (e.g., Jenkins, Azure DevOps, GitLab CI, GitHub Actions); Strong understanding of common applicationsecurity vulnerabilities (OWASP Top 10, CWE) and their exploitation and remediation; Proficiency in at least one major programming language (e.g., Java, C#, Python, JavaScript, Go); Experience working in agile development environments; Exceptional communication More ❯
Huntingdon, Cambridgeshire, East Anglia, United Kingdom Hybrid / WFH Options
Leidos Innovations UK Limited
firewalls, IDS/IPS, micro-segmentation, and host security. Hands on experience with the following security products Trellix, Ivanti, ClearSwift, Yubikey Understanding of secure coding practices and common vulnerabilities (OWASP Top 10, SANS Top 25). Expertise in identity and access management (IAM), including RBAC, ABAC, JWT and Cookie based authentication. Incident detection and response in MOD environments. Security compliance More ❯
relationship with the VP of TechOps. Responsibilities Security Strategy & Governance - Define and continuously refine the technical security roadmap that aligns with business objectives, industry best practice (e.g., NIST CSF, OWASP SAMM), and compliance frameworks (SOC 2, ISO 27001, GDPR). Secure SDLC & DevSecOps - Build and maintain guardrails for static/dynamic analysis, container and IaC scanning, SBOM management, and supply More ❯
automation testing in an Agile Software environment Close familiarity with some or all of: Network management and optimisation Postgresql Database management and optimisation With common security frameworks CIS, NIST, OWASP Familiarity with Public Cloud Services like AWS GCP Azure Familiarity with co-located physical infrastructure (we're currently hybrid) Solid understanding of Continuous Integration (CI) and Continuous Deployment (CD) Close More ❯
and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in applicationsecurity tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯
London, South East, England, United Kingdom Hybrid / WFH Options
Akkodis
and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in applicationsecurity tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯
language Experience working with or recommending security tools and technologies Ability to build strong working relationships and influence non-security stakeholders Working knowledge of cybersecurity standards and frameworks (e.g. OWASP, NIST, CIS) Analytical mindset with strong problem-solving skills Excellent written and verbal communication skills Qualifications: 3+ years of experience in information security, with a focus on application and/ More ❯
language Experience working with or recommending security tools and technologies Ability to build strong working relationships and influence non-security stakeholders Working knowledge of cybersecurity standards and frameworks (e.g. OWASP, NIST, CIS) Analytical mindset with strong problem-solving skills Excellent written and verbal communication skills Qualifications: 3+ years of experience in information security, with a focus on application and/ More ❯
language Experience working with or recommending security tools and technologies Ability to build strong working relationships and influence non-security stakeholders Working knowledge of cybersecurity standards and frameworks (e.g. OWASP, NIST, CIS) Analytical mindset with strong problem-solving skills Excellent written and verbal communication skills Qualifications: 3+ years of experience in information security, with a focus on application and/ More ❯
Birmingham, West Midlands, West Midlands (County), United Kingdom
ARM
utilisation. * Secure Architecture and DevSecOps Integration o Define and govern secure architecture standards across development teams, ensuring alignment with enterprise security policies, regulatory requirements, and industry frameworks (e.g., NIST, OWASP, ISO 27001). o Lead the strategic integration of security into DevOps pipelines, embedding security controls and automated testing into CI/CD workflows to enable secure-by-design delivery. More ❯
. Proficient in Git or other version control systems. Desirable Knowledge, Skills and Experience: Certifications in OCI or other cloud platforms (AWS, GCP). Experience with security tools like OWASP ZAP, Burp Suite, etc. Familiarity with Jira, Confluence, or similar tools. Knowledge of compliance frameworks (e.g., GDPR, HIPAA, ISO 27001, ISO 13485). Background in start-up or scale-up More ❯
training and awareness initiatives. Act as a security champion within development squads and mentor junior engineers. Requirements Broad experience in applicationsecurity or secure software development. Strong understanding of OWASP Top 10, secure coding techniques, and threat modelling. Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners. Familiarity with cloud platforms (Azure or AWS), CI/CD More ❯
. Bonus Points For: Cloud wizardry (AWS, Azure, GCP) Knowledge of AI tools (OpenAI, Document Intelligence) Experience with CI/CD pipelines and modern DevOps practices Security know-how (OWASP, data protection) Agile team experience - or just loving the fast-paced, sprint-style vibe About Us We are an international engineering and construction company delivering state-of-the-art infrastructure More ❯
. Bonus Points For: Cloud wizardry (AWS, Azure, GCP) Knowledge of AI tools (OpenAI, Document Intelligence) Experience with CI/CD pipelines and modern DevOps practices Security know-how (OWASP, data protection) Agile team experience About Us We are an international engineering and construction company delivering state-of-the-art infrastructure and buildings projects for clients in the UK, Middle More ❯
DevSecOps or Secure SDLC programmes within enterprise environments Strong technical and commercial acumen – able to engage with both CTOs and procurement teams Experience with regulated environments and frameworks (NIST, OWASP, ISO 27001) Hands-on experience with secure engineering practices, security toolchains, and automation strategy Excellent stakeholder management, crisis leadership, and communication skills Relevant certifications (e.g. CISSP, CSSLP, CISM) Eligibility for More ❯
DevSecOps or Secure SDLC programmes within enterprise environments Strong technical and commercial acumen - able to engage with both CTOs and procurement teams Experience with regulated environments and frameworks (NIST, OWASP, ISO 27001) Hands-on experience with secure engineering practices, security toolchains, and automation strategy Excellent stakeholder management, crisis leadership, and communication skills Relevant certifications (e.g. CISSP, CSSLP, CISM) Eligibility for More ❯
experience interfacing with disparate systems. Excellent communicator with a self-starter attitude and comfort working autonomously. Applicable understanding of software security, common exploits and secure development practices, including the OWASP Top 10. Proven and demonstrable understanding of testing methodologies and frameworks. Commercial experience with AWS and IaC (Terraform/CDK/CloudFormation) Commercial experience with Linux, Docker, Docker Compose, Git More ❯
deployments on Kubernetes clusters (EKS, AKS, on-prem). Use Helm, ingress controllers, and service meshes to manage complex deployments. Security & Compliance Integrate security tools such as Snyk, Trivy, OWASP ZAP, and SonarQube into CI/CD pipelines. Manage secrets using HashiCorp Vault, AWS Secrets Manager, and Azure Key Vault. Operate cloud-native security services like Azure Defender, AWS GuardDuty More ❯
