1 to 25 of 69 OWASP Jobs in the UK

IAM, and secure deployment practices. Educate development and operations teams on security best practices and emerging threats. Your Profile Essential skills/knowledge/experience: Strong application security background (OWASP Top 10, API security). Manual pentesting of modern web apps, APIs, and CI/CD pipelines. Deep understanding of DevSecOps practices, secure SDLC and proficient in threat modeling and More ❯

cycles. Advise on secrets management, IAM, and secure deployment practices. Educate and collaborate with development and operations teams on security best practices. Required Skills & Experience Strong application security knowledge (OWASP Top 10, API security). Manual pentesting experience on modern web apps, APIs, and CI/CD pipelines. Deep understanding of DevSecOps practices, secure SDLC, threat modeling, and secure design More ❯

software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards and secure development principles such as NCSC Secure Development & Deployment Guidance, OWASP, NIST Secure Software Development Framework (SSDF - 800-218), Microsoft Azure Secure Development best practices, ISO27001 Experience with Azure cloud infrastructure, particularly Azure PaaS service Experience with Azure DevOps, particularly CI More ❯

software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards and secure development principles such as NCSC Secure Development & Deployment Guidance, OWASP, NIST Secure Software Development Framework (SSDF - 800-218), Microsoft Azure Secure Development best practices, ISO27001 Experience with Azure cloud infrastructure, particularly Azure PaaS service Experience with Azure DevOps, particularly CI More ❯

technical knowledge of application security architecture, cloud platforms (AWS, Azure, GCP), microservices, APIs, and identity/access management. Strong familiarity with modern programming languages, frameworks, and security vulnerabilities (e.g., OWASP Top Ten, SANS 25). Proven experience driving digital transformation initiatives, including migration of legacy applications to cloud-native platforms and adoption of SaaS/PaaS solutions. Understanding of UK More ❯

operations teams on bug fixes, retesting, and verifying patches in staging and production-mirroring environments. Quality & Best Practices • Champion infrastructure and security testing best practices, including vulnerability scanning (e.g., OWASP ZAP, Nessus), compliance checks, and disaster-recovery validations. • Contribute to continuous improvement by proposing new testing tools, frameworks, and process enhancements to raise overall system reliability and observability. Agile & Cross More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator - able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator - able to engage More ❯

Government and Industry security and privacy framework standards such as ISO 27001 and GovAssure, identifying appropriate and proportionate remediation steps to address any compliance gaps. Desirable Criteria Awareness of OWASP projects, particularly Top 10s, ASVS, SAMM and DSOMM. Awareness of UK Government good practice guides 44 and 45 to support authentication and verification processes. Experience of securing the delivery and More ❯

Conduct secure code reviews and support remediation efforts. Threat Modelling & Architecture Review Requirements (Primarily Essential) 2+ years of experience in application security or secure software development. Strong knowledge of OWASP Top 10, secure coding principles, and threat modelling. Hands-on experience with SAST, DAST, SCA, and vulnerability management tools. Familiarity with cloud platforms (Azure or AWS), CI/CD pipelines More ❯

Conduct secure code reviews and support remediation efforts. Threat Modelling & Architecture Review Requirements (Primarily Essential) 2 years of experience in application security or secure software development. Strong knowledge of OWASP Top 10, secure coding principles, and threat modelling. Hands-on experience with SAST, DAST, SCA, and vulnerability management tools. Familiarity with cloud platforms (Azure or AWS), CI/CD pipelines More ❯

built solutions. Hands-on experience with Azure DevOps , CI/CD pipelines , and containerized environments ( Docker , Kubernetes ). Strong knowledge of API testing , performance profiling, and security practices including OWASP Top 10 and penetration testing . Familiarity with AI/ML systems , including LLM evaluation techniques, output scoring, and validation frameworks. Understanding of prompt engineering , RAG , model orchestration , and hallucination More ❯

communication and coaching skills Strong stakeholder management abilities Quality-first mindset Preferred Skills Experience with automation tools (JUnit, Playwright, Selenium, Cucumber) Familiarity with performance testing (Gatling) and security testing (OWASP Zap) Knowledge of containerisation (Docker, Kubernetes) and cloud environments (AWS) Accessibility testing expertise (WCAG, Wave, Axe More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

. Proficient in Git or other version control systems. Desirable Knowledge, Skills and Experience: Certifications in OCI or other cloud platforms (AWS, GCP). Experience with security tools like OWASP ZAP, Burp Suite, etc. Familiarity with Jira, Confluence, or similar tools. Knowledge of compliance frameworks (e.g., GDPR, HIPAA, ISO 27001, ISO 13485). Background in start-up or scale-up More ❯

CD pipelines, Docker/Kubernetes, and IaC tools. Ops mindset: Proficiency with monitoring/observability tools (Prometheus, Grafana, ELK, Splunk). Security awareness: Knowledge of secure coding practices and OWASP considerations in Java applications. Financial acumen: Able to manage budgets and optimise spend on tools/services. Client-facing ability: Comfortable explaining technical issues in plain language to non-technical More ❯

problem-solving, communication, and high ownership. Desired Skills Experience with OpenSearch/ELK, Prometheus, or Grafana for logging/monitoring. Knowledge of compliance frameworks (ISO 27001, GDPR, NIST SSDF, OWASP ASVS/SAMM). Background in building and operating high-throughput, low-latency services. Strong mentoring and technical leadership abilities. This role is ideal for a high-agency engineer who More ❯

problem-solving, communication, and high ownership. Desired Skills Experience with OpenSearch/ELK, Prometheus, or Grafana for logging/monitoring. Knowledge of compliance frameworks (ISO 27001, GDPR, NIST SSDF, OWASP ASVS/SAMM). Background in building and operating high-throughput, low-latency services. Strong mentoring and technical leadership abilities. This role is ideal for a high-agency engineer who More ❯

/CD pipelines, plus scripting languages such as PowerShell, YAML, or JSON Knowledge of application security tools, threat modelling, and risk assessments Familiarity with standards/frameworks such as OWASP, NIST SSDF, ISO27001, NCSC Experience guiding engineering teams and influencing security culture Excellent communication skills, able to engage confidently with developers and senior leadership Why join them? You'll be More ❯

/CD pipelines, plus scripting languages such as PowerShell, YAML, or JSON Knowledge of application security tools, threat modelling, and risk assessments Familiarity with standards/frameworks such as OWASP, NIST SSDF, ISO27001, NCSC Experience guiding engineering teams and influencing security culture Excellent communication skills, able to engage confidently with developers and senior leadership Why join them? You'll be More ❯

through training, documentation, and direct engagement. DevSecOps Engineer - Requirements: 3-5+ years of experience in application security or secure software development. Strong understanding of vulnerabilities and prevention techniques (OWASP Top 10). Experience with CI/CD pipelines and integrating AppSec tooling. Strong understanding of modern programming languages (JavaScript, Java, Python). Strong communication skills and ability to collaborate More ❯