1 to 25 of 197 Secure Coding Jobs in the UK

generation software products and architectures tailored for Post-Quantum Cryptography (PQC). In this leadership role, you will oversee the design, development, and optimisation of software solutions that secure and accelerate PQC algorithms, providing scalable and efficient cryptographic IP for software libraries and secure communication protocols. As part of the Engineering leadership team, you will work … latest security standards and regulations for post-quantum cryptography. Maintain and enforce robust secure software development lifecycle (SSDLC) principles, including side-channel attack resistance, secure coding practices, and cryptographic algorithm agility. Required Skills And Qualifications Required: Education: Phd, Bachelor's or Master's degree in Computer Science, Software Engineering, or a related field with a … Embedded Systems : Knowledge of secure software for embedded systems and IoT security. Software Security : Experience with software-based security solutions and an understanding of secure coding practices and vulnerability analysis. Secure Implementation: Understanding of the secure implementation of cryptography and systems which use cryptography. Knowledge of Implementation attacks such as Side More ❯

at both strategic and operational levels. The role ensures the effectiveness of security practices in software development, manages security testing, drives operational maturity improvements, and oversees secure coding practices. Operating at SFIA Level 6, the role requires the initiation, definition, and oversight of high-impact security development and testing activities. The Director is responsible for aligning security … modelling and secure design practices, ensuring development teams proactively identify and mitigate risks during the design phase. o Mentor and upskill engineering teams on secure coding, architectural risk assessment, and DevSecOps principles to build a culture of shared security ownership. Key Performance Indicators (KPIs) * Secure Architecture Compliance Rate: Percentage of projects that meet … e.g., SAST, DAST, SCA) across development teams, measured by scan frequency and issue resolution rates. * Training and Awareness Uptake: Percentage of development and QA staff completing secure coding and DevSecOps training programs. * Audit and Compliance Pass Rate: Success rate in internal and external audits related to secure development practices and testing controls. * Innovation and Automation More ❯

implement secure software development practices Integrate security gates into CI/CD pipelines following DevSecOps principles Establish security quality gates and acceptance criteria Develop secure coding standards based on OWASP guidelines Create security architecture patterns and reference implementations Security Code Reviews & Testing Conduct in-depth security code reviews for critical features Implement automated security testing … security linters and pre-commit hooks Create automated vulnerability tracking and remediation workflows Implement secret scanning and dependency checking Build security dashboards and metrics reporting Create secure coding guidelines for different technology stacks Develop a security champions program aligned with OWASP SAMM Conduct security training on platform-specific vulnerabilities Provide hands-on guidance during security incidents Build … years of application security experience Deep understanding of security vulnerabilities across web and mobile platforms Hands-on experience with security testing tools and methodologies Expertise in secure coding practices and design patterns Experience with modern development frameworks (React, Angular, ReactNative, Flutter) Security Domain Knowledge Expert knowledge of OWASP standards (Top 10, ASVS, SAMM, MASVS) Understanding of cryptographic More ❯

proactive Application Security Engineer to embed secure development practices across its software delivery lifecycle. This role is critical in reducing application-layer risks, implementing secure coding standards, and ensuring that threat modelling and architecture reviews are consistently applied across all development efforts. You will work closely with engineering, and platform teams to integrate security into … ISO 27001, FCA, and NIST standards. Contribute to audit readiness and support compliance automation platforms such as Drata Collaboration & Training Work with engineering teams to promote secure coding practices. Support the rollout of role-based security training and awareness initiatives. Act as a security champion within development squads and mentor junior engineers. Requirements Broad experience in application … security or secure software development. Strong understanding of OWASP Top 10, secure coding techniques, and threat modelling. Experience with security tools such as SAST, DAST, SCA, and vulnerability scanners. Familiarity with cloud platforms (Azure or AWS), CI/CD pipelines, and DevOps practices. Knowledge of regulatory frameworks (ISO 27001, FCA, NIST). Excellent communication skills More ❯

APIs, microservices, and web applications. Conduct detailed threat modeling workshops and architectural risk assessments, identifying vulnerabilities early and collaborating on risk mitigation strategies. Define and enforce secure coding standards and architectural best practices aligned with industry benchmarks such as OWASP Top 10 and API Security Top 10. Partner with cloud engineers and developers to embed security controls … based on business impact, exploitability, and regulatory implications, and work with engineering teams to implement timely fixes. Conduct regular security code reviews and support developers in secure coding practices to reduce vulnerabilities proactively. Governance, Compliance & Training Ensure that application security architecture and practices comply with relevant regulatory and industry standards such as PCI-DSS, SOC 2, ISO … SCA, and integrating these into automated build and deployment pipelines. Practical expertise with threat modeling methodologies such as STRIDE, PASTA, or Attack Trees. Strong knowledge of secure coding standards and common vulnerabilities (OWASP Top 10, API Security Top 10) and how to mitigate them. Familiarity with Google Cloud Platform (GCP) security features and best practices, including IAM More ❯

editorial standards, but also on the security, reliability and resilience of the systems behind every stream, story and service. In Engineering Enablement , we're the team that makes secure, high-velocity delivery possible. We build shared cloud platforms, developer tooling and guardrails that let hundreds of product teams ship confidently and sustainably. We're hiring a Principal Software … across the BBC. You'll work hands-on with engineering teams, applying InfoSec-led policies and architecture in delivery contexts. You'll support threat modelling, promote secure coding practices, and help scale Secure SDLC across the organisation - without reinventing governance or duplicating policy. It's a high-trust role with real impact: translating strategic security … security policy and architectural guidance. Promote secure SDLC practices across engineering teams, collaborating with InfoSec on shared tooling, templates and enablement. Help teams adopt secure coding standards and integrate automated security checks (SAST, DAST, dependency scanning) into CI/CD pipelines. Participate in threat modelling using InfoSec-led methodologies and coordinate validation and review workflows. More ❯

websites to meet the highest security standards. Your expertise will help us continuously analyse and improve our security systems, ensuring that our products and services are not only secure by design but also comply with internal and external regulatory requirements. Other responsibilities include: Security Analysis and Improvement: Continuously analyse our security systems for potential improvements, ensuring that our … well-considered recommendations to management. Development of Security Standards: Develop and maintain best practices and security standards for the organisation, guiding teams in the implementation of secure coding practices. Secure Design: Collaborate with development teams to ensure that web and mobile front-ends, as well as microservice architectures, are designed with robust security measures in … or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of More ❯

Mentor and guide junior engineers, fostering continuous learning and growth Stay updated on industry trends and emerging technologies, contributing to internal tech communities Ensure adherence to secure coding standards to protect sensitive data and reduce vulnerabilities Develop and maintain robust unit tests to guarantee software reliability and maintainability Drive architectural decisions and long-term technology strategy aligned … to engage technical and non-technical stakeholders alike Confidence in navigating, integrating, and developing solutions across multiple systems Solid understanding of software architecture, design patterns, and secure coding best practices Hands-on experience with cloud platforms (AWS, Azure, Google Cloud) and CI/CD pipelines is a plus Familiarity with SQL/NoSQL databases and version control More ❯

our products. You will play a important role in safeguarding all digital channels that collectively generate billions of pounds in annual ticket sales, ensuring that our systems stay secure, resilient, and innovative in the face of evolving threats. As a Senior Product Security Engineer at Trainline, you will be responsible for Security in the Development Lifecycle : Drive the … are mitigated effectively and implement permanent fixes to prevent reoccurrence. Training and Security Advocacy : Develop and deliver training programs to enhance the organisation's understanding of secure coding and deployment practices. Serve as a security mentor and advocate, fostering a culture of security awareness across engineering and business teams. Compliance and Standards : Ensure product security practices align … risks in application designs, code, and deployed products. Experience managing and using security testing tools such as SAST, DAST, and vulnerability scanning solutions. Strong grasp of secure coding practices and proficiency in integrating security into the Software Development Lifecycle (SDLC). Technical Knowledge and Implementation experience: Direct experience with threat modelling, security reviews, and penetration testing. Proven More ❯

using F-Sharp Enhance and refactor existing .NET codebases Collaborate with cross-functional teams to gather and analyse requirements Write clean, maintainable, and efficient code following secure-coding best practices Conduct code reviews and ensure adherence to standards Debug, troubleshoot and resolve software issues Participate actively in Agile ceremonies and continuous-learning initiatives Preferred Qualifications Bachelor's … or Master's degree in Computer Science, Engineering or related field Certifications in Microsoft technologies (eg, Azure Developer) Experience with secure coding practices and risk/control frameworks Exposure to data-science or advanced analytics patterns using F# If you are interested in this opportunity, please apply now with your updated CV in Microsoft Word/PDF More ❯

What You'll Be Working On: ️ Implementing secure development practices and conducting threat modeling for software applications ️ Performing static and dynamic application security testing (SAST/DAST) to identify vulnerabilities in code ️ Collaborating with DevOps and development teams to integrate … security into the CI/CD pipeline ️ Conducting regular application security assessments, including penetration testing and vulnerability scanning ️ Providing guidance and training to development teams on secure coding practices and security tools What We're Looking For: ️ Proven experience as an Application Security Specialist or in a similar application security role ️ Strong knowledge of secure coding practices, common vulnerabilities (e.g., OWASP Top 10), and application security testing tools ️ Experience with SAST, DAST, and security code review tools (e.g., Fortify, Veracode, Checkmarx) ️ Familiarity with secure software development frameworks (e.g., OWASP, NIST) ️ Relevant certifications such as CSSLP, CEH, or CISSP are highly desirable More ❯

Protect Granola's technology and users by building secure systems and fostering security culture We're looking for a security engineer who is passionate about application security to help us protect our users and build trust as we scale. In this role, you will be responsible for identifying and mitigating security vulnerabilities within Granola's applications, building security … to identify vulnerabilities in our applications Design and implement security tools, frameworks, and methodologies to protect against security threats Work closely with development teams to ensure secure coding practices are integrated throughout the SDLC Perform threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies Track, analyze, and manage vulnerabilities in applications, providing … threats, vulnerabilities, and technologies to enhance our security posture Your background looks something like: Extensive experience in application security, cybersecurity, or related fields Strong understanding of secure coding practices, threat modeling, risk assessments, and incident response Proficiency in programming languages such as TypeScript, Python, or similar Experience with security tools, security protocols, encryption methods, and application security More ❯

out new features Troubleshooting and fixing bugs in a structured and supportive environment Participating in code reviews and learning best practices from experienced team members Applying secure coding practices to protect our platform and data Contributing to documentation to support knowledge sharing across the team Required skills: We don't expect you to know everything, we're … collaborative mindset and a willingness to contribute to team discussions Useful skills to have: Exposure to CI/CD pipelines or automated testing An interest in secure coding, system performance, or scalable architecture Experience working on a live product or commercial software project Why you'll love working at Podfather: Podfather is a SaaS company helping logistics More ❯

UK SC clearance Are you ready to lead a high-impact security development and testing function? We’re looking for a Security Development and Test Director to oversee secure software development lifecycle, DevSecOps integration, and security testing at scale within a fast-growing security team. This is a unique opportunity to drive operational excellence and shape secure … Drive secure architecture standards and embed security controls into DevOps pipelines Oversee implementation and optimisation of security tooling (SAST, DAST, SCA, container security) Champion secure coding, threat modelling, and DevSecOps maturity improvements Manage budgets, profitability, and resource utilisation for your function Mentor and develop high-performing engineering and testing teams Key Responsibilities Support sales with … technical expertise and solution design Own service delivery quality and client satisfaction Define and enforce secure architecture and coding standards Lead DevSecOps integration with automated security testing in CI/CD Drive continuous process improvements and automation adoption Monitor and report on KPIs like vulnerability remediation, tool adoption, and training uptake Collaborate cross-functionally with architects, engineers More ❯

UK SC clearance Are you ready to lead a high-impact security development and testing function? We’re looking for a Security Development and Test Director to oversee secure software development lifecycle, DevSecOps integration, and security testing at scale within a fast-growing security team. This is a unique opportunity to drive operational excellence and shape secure … Drive secure architecture standards and embed security controls into DevOps pipelines Oversee implementation and optimisation of security tooling (SAST, DAST, SCA, container security) Champion secure coding, threat modelling, and DevSecOps maturity improvements Manage budgets, profitability, and resource utilisation for your function Mentor and develop high-performing engineering and testing teams Key Responsibilities Support sales with … technical expertise and solution design Own service delivery quality and client satisfaction Define and enforce secure architecture and coding standards Lead DevSecOps integration with automated security testing in CI/CD Drive continuous process improvements and automation adoption Monitor and report on KPIs like vulnerability remediation, tool adoption, and training uptake Collaborate cross-functionally with architects, engineers More ❯

sustained, aggressive growth has landed Smarsh in the annual Inc. 5000 list of fastest-growing American companies since 2008. We're seeking a Product Security Engineer to support secure development across our engineering teams. In this hands-on role, you'll help identify and mitigate product risks by participating in security reviews, improving tooling, and supporting vulnerability remediation. … a global team in a dynamic, fast-paced environment. Collaboration across time zones and geographies is a key part of our culture and success. How will you contribute? Secure SDLC Integration: Embed security within the software development lifecycle, ensuring security is considered at every phase-from design to deployment. Threat Modeling & Security Design Reviews: Conduct structured threat modeling … will you bring? 7+ years of experience in Product Security, Application Security, or a related security engineering role. Deep expertise in secure software development, secure coding practices, and OWASP Top 10/CWE 25. Strong technical proficiency in modern programming languages (e.g., Python, Java, JavaScript, Go, or C#). Experience with cloud-native security (AWS More ❯

Engineer to lead the security strategy and implementation across our connected hardware products. You will work closely with firmware, hardware, and cloud teams to ensure our devices are secure by design and resilient to emerging threats. Job Responsibilities Conduct threat modelling and risk assessments for IoT devices, firmware, and communication protocols. Design and implement secure boot … secure firmware updates (OTA), and hardware-level security controls (e.g., TPM, secure elements). Perform firmware and embedded software security assessments. Collaborate with hardware and embedded teams on secure product architecture. Monitor evolving IoT threat landscapes and update security policies accordingly. Contribute to internal security standards and assist in compliance with industry benchmarks (e.g. … IoT, embedded, or hardware security. Deep knowledge of embedded systems, firmware development, and relevant communication protocols. Experience with common IoT threat vectors and mitigations. Familiarity with secure coding practices in C/C++ or any other language and embedded environments. Hands-on experience with hardware debugging tools (e.g., JTAG, logic analyzers). Understanding of public key infrastructure More ❯

release monitoring and maintenance. Establish, enforce, and continuously evolve software engineering best practices (e.g., SOLID principles, domain-driven design, clean architecture, modular monoliths vs microservices). Drive consistency in coding standards, code review rigor, and software craftsmanship. Lead critical system architecture decisions, including technology stack evolution, refactoring legacy components, and designing future-state systems. Ensure integration patterns and service … contracts across internal and external APIs are robust, secure, and scalable. System Integration & Platform Ownership Oversee integration between business systems using APIs, middleware, and ETL pipelines, including Salesforce, Power Platform (PowerApps, PowerAutomate, LogicApps), SharePoint, and custom web applications. Lead optimization and governance around API design (RESTful services, rate limiting, versioning, monitoring, etc.). Ensure high data consistency, operational … the engineering of clean, reliable data sources and APIs. Security Engineering & Governance Partner with security engineers to integrate security throughout the software lifecycle (shift-left security, secure coding, threat modelling). Own the implementation of secure authentication/authorization practices, audit logging, encryption at rest/in transit, and other application security standards. Ensure software More ❯

release monitoring and maintenance. Establish, enforce, and continuously evolve software engineering best practices (eg, SOLID principles, domain-driven design, clean architecture, modular monoliths vs microservices). Drive consistency in coding standards, code review rigor, and software craftsmanship. Lead critical system architecture decisions, including technology stack evolution, refactoring Legacy components, and designing future-state systems. Ensure integration patterns and service … contracts across internal and external APIs are robust, secure, and scalable. System Integration & Platform Ownership Oversee integration between business systems using APIs, Middleware, and ETL pipelines, including Salesforce, Power Platform (PowerApps, PowerAutomate, LogicApps), SharePoint, and custom web applications. Lead optimization and governance around API design (RESTful services, rate limiting, versioning, monitoring, etc.). Ensure high data consistency, operational … engineering of clean, reliable data sources and APIs. Security Engineering & Governance Partner with security engineers to integrate security throughout the software life cycle (shift-left security, secure coding, threat modelling). Own the implementation of secure authentication/authorization practices, audit logging, encryption at rest/in transit, and other application security standards. Ensure software More ❯

is critical to building trust in everything we deliver. As a Senior Security Engineer focused on Application & Product Security , you will own our AppSec strategy - driving threat modeling, secure architecture design, and offensive security testing . You will lead manual and automated penetration testing, manage AppSec tooling (SAST, DAST, SCA), and build developer enablement programs. You'll also … tooling in CI/CD pipelines. Vulnerability Management Triage and prioritize application-layer vulnerabilities and guide engineering teams through remediation. Developer Enablemen t Deliver secure development and coding training; create resources to reduce recurring vulnerabilities. Bug Bounty Management Oversee Bug Bounty program, validate findings, and ensure timely resolution. Incident Response Leadership Lead investigations for application-layer security … Hands-on experience with AppSec tooling (SAST, DAST, SCA) integrated into CI/CD pipelines. Strong programming and scripting skills (Python preferred) and ability to influence secure coding practices. Proven ability to lead incident response for application-layer security events. Familiarity with compliance frameworks (SOC 2, ISO 27001) and secure SDLC practices. Knowledge of privacy More ❯

regulated financial domain. This role demands a deep understanding of complex security challenges, a proven track record of strategic influence, and the ability to translate business requirements into secure, scalable, and compliant technical solutions. Your responsibilities: Strategic Security Leadership: Define, evangelize, and evolve the overall cloud security architecture strategy and roadmap, aligning with business objectives, relevant European regulatory … for cloud-native and hybrid-cloud deployments. Solution Design & Assurance: Provide expert security architecture guidance for critical enterprise applications, infrastructure, and data platforms, with a strong focus on secure-by-design principles. Conduct comprehensive security architecture reviews of high-level and low-level designs, identifying risks, proposing effective controls, and ensuring adherence to security policies. Drive the selection … . Network Security (VPCs, firewalls, WAFs, micro-segmentation, private connectivity). Data Security (encryption at rest/in transit, KMS, data classification, DLP). Application Security (secure coding, API security, SAST/DAST, WAF integration). Container Security (Kubernetes, Docker, service mesh). Security Information and Event Management (SIEM) and logging strategies. Zero Trust Architecture principles. Proven More ❯

or Cambridge Salary: £70,000 - £120,000 (depending on experience and clearance) We are looking for a Full Stack Developer to join a growing public sector team delivering secure, high-impact digital services across Defence & Security. This is a unique opportunity to use your development expertise to help solve real-world challenges for government and national security clients. … collaborative and supportive engineering team, working alongside technical leads, project managers, and stakeholders to deliver robust and scalable solutions. What you'll be doing: Designing, developing and deploying secure, high-performing web applications for government clients Working across the full software development lifecycle, from requirements through to production Building responsive user … interfaces using modern front-end technologies Developing scalable server-side functionality with appropriate frameworks and languages Creating and maintaining RESTful APIs for integration across platforms Following secure coding practices and supporting compliance with government security standards Conducting security reviews and supporting remediation of vulnerabilities Translating technical requirements into delivery plans and code Communicating effectively with both technical More ❯

or Cambridge Salary: £70,000 - £120,000 (depending on experience and clearance) We are looking for a Full Stack Developer to join a growing public sector team delivering secure, high-impact digital services across Defence & Security. This is a unique opportunity to use your development expertise to help solve real-world challenges for government and national security clients. … collaborative and supportive engineering team, working alongside technical leads, project managers, and stakeholders to deliver robust and scalable solutions. What you'll be doing: Designing, developing and deploying secure, high-performing web applications for government clients Working across the full software development lifecycle, from requirements through to production Building responsive user … interfaces using modern front-end technologies Developing scalable server-side functionality with appropriate frameworks and languages Creating and maintaining RESTful APIs for integration across platforms Following secure coding practices and supporting compliance with government security standards Conducting security reviews and supporting remediation of vulnerabilities Translating technical requirements into delivery plans and code Communicating effectively with both technical More ❯

or Cambridge Salary: £70,000 - £120,000 (depending on experience and clearance) We are looking for a Full Stack Developer to join a growing public sector team delivering secure, high-impact digital services across Defence & Security. This is a unique opportunity to use your development expertise to help solve real-world challenges for government and national security clients. … collaborative and supportive engineering team, working alongside technical leads, project managers, and stakeholders to deliver robust and scalable solutions. What you'll be doing: Designing, developing and deploying secure, high-performing web applications for government clients Working across the full software development lifecycle, from requirements through to production Building responsive user … interfaces using modern front-end technologies Developing scalable server-side functionality with appropriate frameworks and languages Creating and maintaining RESTful APIs for integration across platforms Following secure coding practices and supporting compliance with government security standards Conducting security reviews and supporting remediation of vulnerabilities Translating technical requirements into delivery plans and code Communicating effectively with both technical More ❯

integrating security tools and processes into our CI/CD workflows to enhance the developer experience Champion a security-first mindset within the development team, promoting secure coding practices and providing guidance on secure development methodologies Create security focused DevSecOps policies and standards and provide training and awareness to the development team Develop Key Risk More ❯