1 to 25 of 39 Remote OWASP Jobs in the UK

firewalls, IDS/IPS, micro-segmentation, and host security. Hands on experience with the following security products Trellix, Ivanti, ClearSwift, Yubikey Understanding of secure coding practices and common vulnerabilities (OWASP Top 10, SANS Top 25). Expertise in identity and access management (IAM), including RBAC, ABAC, JWT and Cookie based authentication. Incident detection and response in MOD environments. Security compliance More ❯

relationship with the VP of TechOps. Responsibilities Security Strategy & Governance - Define and continuously refine the technical security roadmap that aligns with business objectives, industry best practice (e.g., NIST CSF, OWASP SAMM), and compliance frameworks (SOC 2, ISO 27001, GDPR). Secure SDLC & DevSecOps - Build and maintain guardrails for static/dynamic analysis, container and IaC scanning, SBOM management, and supply More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

and Azure DevOps (CI/CD) Familiar with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage More ❯

DevSecOps or Secure SDLC programmes within enterprise environments Strong technical and commercial acumen – able to engage with both CTOs and procurement teams Experience with regulated environments and frameworks (NIST, OWASP, ISO 27001) Hands-on experience with secure engineering practices, security toolchains, and automation strategy Excellent stakeholder management, crisis leadership, and communication skills Relevant certifications (e.g. CISSP, CSSLP, CISM) Eligibility for More ❯

DevSecOps or Secure SDLC programmes within enterprise environments Strong technical and commercial acumen - able to engage with both CTOs and procurement teams Experience with regulated environments and frameworks (NIST, OWASP, ISO 27001) Hands-on experience with secure engineering practices, security toolchains, and automation strategy Excellent stakeholder management, crisis leadership, and communication skills Relevant certifications (e.g. CISSP, CSSLP, CISM) Eligibility for More ❯

world problems with stakeholders and customers What You’ll Bring: 5+ years of experience in C# and .NET Core Strong grasp of software design principles and secure coding practices (OWASP) Experience with REST API development and deployment in AWS or Azure Familiarity with Entity Framework , SQL/NoSQL databases, and cloud architecture Confidence in automated testing (unit, integration, system) Versatility More ❯

Excellent problem-solving skills and attention to detail Commercial experience in professional PHP development Strong understanding of object-oriented programming and SOLID principles Knowledge of secure coding practices (e.g., OWASP) Strong experience with modern PHP frameworks (preferably Laravel or Symfony) Familiarity with relational databases (MySQL) and writing performant queries Comfortable working with Git, Composer, and modern development workflows Strong verbal More ❯

your background might be better suited to. 8+ years of experience in IoT security, preferably in the medical device or the pharmaceutical industry. Proficiency in security frameworks (e.g., NIST, OWASP, MITRE ATT&CK, PASTA, STRIDE) and standards such as FDA cybersecurity guidance Experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and determining residual More ❯

Integrate security into CI/CD pipelines through SAST, DAST, SCA, container scanning, and automated policy enforcement. Establish and govern secure architecture standards aligned to industry frameworks (e.g. NIST, OWASP, ISO 27001). Champion threat modelling and secure design throughout development lifecycles. Client Engagement & Pre-Sales Support Represent the security development function in client meetings and solution design. Contribute to More ❯

Integrate security into CI/CD pipelines through SAST, DAST, SCA, container scanning, and automated policy enforcement. Establish and govern secure architecture standards aligned to industry frameworks (e.g. NIST, OWASP, ISO 27001). Champion threat modelling and secure design throughout development lifecycles. Client Engagement & Pre-Sales Support Represent the security development function in client meetings and solution design. Contribute to More ❯

ll Be Doing: Lead and oversee secure development and testing strategy across the SDLC Define and govern secure architecture and ensure alignment with enterprise policies and industry frameworks (e.g. OWASP, NIST, ISO 27001) Drive DevSecOps integration into CI/CD pipelines, embedding SAST, DAST, SCA and container security tools Own the security testing process, improving automation, coverage, and remediation velocity More ❯

strong track record in software engineering with a focus on application and infrastructure security, ideally in agile or DevOps environments. You're fluent in secure development concepts - comfortable with OWASP Top 10, CWE and common secure design patterns. You've helped teams adopt secure SDLC practices, working closely with central security or architecture groups. You know how to embed tools More ❯

containerised applications using technologies such as AWS Lambda, Spring Boot, NodeJS, Python FastAPI, Oracle, PostgreSQL and MongoDB Contributing to DevSecOps delivery pipelines, using tooling such as Atlassian, Jenkins, GitLab, OWASP and AWS services Applying Site Reliability Engineering principles to ensure solutions are resilient, reliable and cost-effective Supporting clients and end users in making technical product decisions by clearly explaining More ❯

containerised applications using technologies such as AWS Lambda, Spring Boot, NodeJS, Python FastAPI, Oracle, PostgreSQL and MongoDB Contributing to DevSecOps delivery pipelines, using tooling such as Atlassian, Jenkins, GitLab, OWASP and AWS services Applying Site Reliability Engineering principles to ensure solutions are resilient, reliable and cost-effective Supporting clients and end users in making technical product decisions by clearly explaining More ❯

and architectural risk assessments, identifying vulnerabilities early and collaborating on risk mitigation strategies. Define and enforce secure coding standards and architectural best practices aligned with industry benchmarks such as OWASP Top 10 and API Security Top 10. Partner with cloud engineers and developers to embed security controls specific to GCP, such as workload identity, IAM policy enforcement, VPC Service Controls … these into automated build and deployment pipelines. Practical expertise with threat modeling methodologies such as STRIDE, PASTA, or Attack Trees. Strong knowledge of secure coding standards and common vulnerabilities (OWASP Top 10, API Security Top 10) and how to mitigate them. Familiarity with Google Cloud Platform (GCP) security features and best practices, including IAM, Cloud Armor, Security Command Center, and More ❯

experience with AWS (or similar cloud platforms) and Cloudflare. Infrastructure as Code: Proficiency with Terraform or similar IaC tools. Vulnerability Knowledge: Solid understanding of common vulnerability classes and the OWASP Top 10. Coding & Scripting: Proficient in reading code (e.g., Python, Scala) and using Git for version control of code and configuration changes. Familiarity with iOS or Android security. Experience of More ❯

internal and external audits where needed. What we're looking for Experience in software engineering, with a strong security mindset Deep understanding of web and API vulnerabilities, including the OWASP Top 10 Proficient in coding, scripting (e.g. Python, Bash), and automating security in CI/CD Hands-on experience with security tools like SAST, DAST, and SCA Familiar with cloud More ❯

efforts for security breaches. Provide security guidance and training to teams across the organization. Key Skills & Experience: Strong knowledge of security frameworks (ISO 27001, NIST 800-30/53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139). Proficiency in security threat modeling and risk assessments. More ❯

efforts for security breaches. Provide security guidance and training to teams across the organization. Key Skills & Experience: Strong knowledge of security frameworks (ISO 27001, NIST 800-30/53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139). Proficiency in security threat modeling and risk assessments. More ❯

looking for Experience with cloud engineering, security tooling, and cloud workload protection Skills in DevOps, AWS, Infrastructure as Code (Terraform), and scripting languages (Python, Bash) Knowledge of security standards (OWASP, CIS, NIST) and Agile/DevOps practices Experience with CSPM, CNAPP, security incident response, and SIEM tools Ability to evaluate and recommend new security technologies Effective communication skills focused on More ❯

troubleshooting) Experience with Git and version control workflows Comfortable deploying to or managing applications on Linux and/or Windows servers Awareness of web security best practices (e.g., SSL, OWASP) Desirable Skills Experience working with ERP systems (Navision a bonus) WordPress development or customisation experience Front-end development with Bootstrap and Angular Exposure to Docker, CI/CD tools, or More ❯

applications in production environments. Common architectural patterns (e.g. layered, hexagonal, clean). Databases (Including concepts like indexes and transaction scopes). Performance and monitoring. Security practices (e.g. understanding of OWASP Top 10). Be comfortable safely refactoring legacy code. Be able to work alongside client-facing support and product owners to analyse business requirements. Be keen to learn new technologies More ❯

and data visualisations for AI-powered tools. Skilled in integrating front-end applications with APIs (REST, GraphQL, WebSockets) and backend services. Deep understanding of front-end security practises (e.g., OWASP, CSP, input sanitization, role-based access). Familiarity with secure API design, token management, and data privacy obligations (e.g., GDPR, ISO 27001). Ability to build modular, reusable components aligned More ❯

and data visualisations for AI-powered tools. Skilled in integrating front-end applications with APIs (REST, GraphQL, WebSockets) and backend services. Deep understanding of front-end security practises (e.g., OWASP, CSP, input sanitization, role-based access). Familiarity with secure API design, token management, and data privacy obligations (e.g., GDPR, ISO 27001). Ability to build modular, reusable components aligned More ❯