22 of 22 Static Application Security Testing Jobs in the UK

APPLICATION SECURITY ENGINEER £90,000 + 15% Bonus + Excellent Staff Benefits including Strong Pension, Life Assurance Hybrid Working ( 2 Days per Week Onsite ) An interesting opportunity has presented itself within one of the UKs largest Independent Software Based Organisations who are one of a major driving forces behind Innovative Development of Enterprise-Led Internet Technology. They are … now looking for an Application Security Engineer to join their existing & high performing large scale In - House Security Team including SOC & Cyber Analysts through to Experienced Cyber Security Engineers & Security Architects. As an AppSec Engineer you will focus on the technical side of IT Security, specifically looking at Application Security & Code Analysis … ensuring their Applications are Built Securely. The Information & Cyber Security Team deal with the Security of Closed-Sourced, Open-Source & In-House Developed Applications ensuring that All Systems & Services are Built with Privacy & Security by Design. You will be working closely with the Software Development Team , to confirm that Application Based Vulnerabilities are Understood & Mitigated meaning More ❯

CYBER SECURITY ENGINEER £90-100,000/Bonus + Excellent Staff Benefits including Strong Pension, Life Assurance Hybrid Working ( 2 Days per Week Onsite ) An interesting opportunity has presented itself within one of the UKs largest Independent Software Based Organisations who are one of a major driving forces behind Innovative Development of Enterprise-Led Internet Technology. They are now … looking for an Cyber Security Engineer to join their existing & high performing large scale In - House Security Team including SOC & Cyber Analysts through to Experienced Cyber Security Engineers & Security Architects. As a Cyber Security Engineer you will focus on the technical side of IT Security, looking at areas such as Application Security & Code Analysis, ensuring they are Built Securely. The Information & Cyber Security Team deal with the Security of Closed-Sourced, Open-Source & In-House Developed Applications ensuring that All Systems & Services are Built with Privacy & Security by Design. You will be working closely with the wider Security Function &Development Teams, to assist with Application Based More ❯

Mobile Application Security Engineer Rate: £650 per day Inside IR35 Duration: 6 months Location: Bristol/Hybrid (onsite once a month) We have an exciting opportunity for a Mobile Application Security Engineer to join a leading organisation on a contract basis. You'll play a key role in strengthening the security of large-scale mobile … applications, working across both iOS and Android platforms. Partnering with engineering and cyber security teams, you'll embed and enhance mobile security throughout the development lifecycle shaping tooling strategy, driving automation and promoting a 'Secure by Design' culture. Key Responsibilities Design and implement automated mobile security testing and vulnerability scanning within the mobile SDLC. Define and … strong partnerships with engineering and security stakeholders. Implement and maintain a Mobile Application Security Testing platform for manual testing. Skills & Experience Proven experience with mobile SAST/SCA and security testing tools (e.g. mobSF, Corellium). Strong grasp of vulnerability frameworks such as CVSS and EPSS. Development experience in at least one mobile programming More ❯

Infosum is looking for a Junior Application Security Engineer with a keen interest in application and cloud security. This role is perfect for someone early in their career who wants to develop hands-on experience in securing SaaS platforms. You'll be supported by senior engineers while learning how to test applications, uncover vulnerabilities, and embed secure … by-design practices into products. This position is based in Basingstoke with two days a week onsite. What you'll do Assist with application security testing across web apps, APIs, and cloud infrastructure. Support penetration testing and help document findings and recommendations. Work closely with developers to learn how to identify and remediate security issues. … and enthusiasm for collaboration. Nice to have (advantageous) Coding experience with Go and/or Cloud certifications (AWS, Azure, or GCP). Experience with security testing tools (SAST, DAST, or similar). Benefits As well as working as part of an amazing, engaging and collaborative team, we offer our staff a wide range of benefits to motivate them More ❯

to-end penetration testing lifecycle, from scoping engagements with technical teams to triaging, validating, and driving the remediation of findings Analyse and interpret results from security tools (SAST, DAST, vulnerability scanners) to prioritise and address the most critical risks Act as a key security advisor to engineering teams, providing expert guidance on security best practices, vulnerability … in automating security controls and compliance checks against standards and frameworks which include SOC 2, ISO 27001, PCI DSS/3DS Experience performing secure code reviews and using SAST/DAST tools for security approvals Expertise in Kubernetes, securing clusters and meshes (Cilium is preferable), networking best practices and RBAC implementation (CKA, CKS qualifications are a plus) Container … into the software development lifecycle Experience performing secure code reviews and security approvals including the use of static and dynamic application security testing (SAST/DAST) tools Experience in Cryptography management & enhancements Experience configuring and utilising cloud-native security logging, monitoring, and detection services Experience with Infrastructure as Code and infrastructure provisioning tools More ❯

Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com. Job Description Experian, Global Security Office are looking for an experienced Senior Application Security Engineer to enhance our application security processes with emphasis on business engagement. You will be responsible … understand their needs and the risk profile for each application and customize solutions to meet the needs of the application Collaborate on the implementation and management of SAST, SCA, DAST, and other scanning solutions to provide coverage for the application portfolio Guide development teams through a review of their applications and risks against common application flaws … experience in enterprise-level application security. Experience in AppSec or DevSecOps, collaborating and presenting to developers, supporting development teams to adopt and mature secure development practices Proficiency with SAST, SCA, DAST, IAST, RASP and others tools associated with DevSecOp. Experience with programming and software development including CI/CD pipelines and related technologies such as Git, Jekins, Maven, Chef More ❯

is that you're located within a commutable distance of our offices so that we're able to interact and collaborate in person. About the role: As a Cloud Security Engineer at Engine, you will be a hands-on builder, responsible for engineering and automating the security of our core platform. Your primary mission is to treat security … and applications Write and review Infrastructure-as-Code (Terraform) to securely configure our AWS and GCP environments Secure our CI/CD pipelines by implementing and interpreting results from SAST/DAST/SCA tools and ensuring the integrity of our software supply chain Develop and maintain preventative and detective security controls within our cloud environments, responding to and … logging, monitoring, and detection services Experience performing secure code reviews and security approvals including the use of static and dynamic application security testing (SAST/DAST) tools Relevant security certifications such as AWS Security Specialist or GCP Professional Cloud Security Engineer Our Interview process Interviewing is a two way process and More ❯

places! This is where you come in. The Opportunity As IAG Loyalty evolves into a Platform as a Service business, we're looking for a talented and passionate Senior Application Security Engineer to join our security engineering team. You'll have a background in software engineering and a deep interest in application and API security. You … our CI/CD pipelines, facilitate threat modelling sessions, and review security-sensitive design decisions around authentication, cryptography, and logging. You'll also ensure that tools such as SAST, DAST, and SCA are effective and efficient, and that testing programmes - including pen testing, vulnerability scanning, and bug bounty - are delivering value. You'll triage vulnerabilities, support engineering … vulnerabilities, including the OWASP Top 10 Proficient in coding, scripting (e.g. Python, Bash), and automating security in CI/CD Hands-on experience with security tools like SAST, DAST, and SCA Familiar with cloud environments (especially AWS), containers, and microservices Comfortable reviewing technical designs, performing threat modelling, and advising on secure architecture Strong communicator who collaborates well with More ❯

Team Lead is responsible for defining, developing, and leading the strategic direction for safeguarding the organisation's infrastructure and applications. This is achieved by proactively identifying, assessing, and remediating security vulnerabilities. The role sits within the Digital Engineering Services & Solutions (DES) department of the Technology Division. The role is part of the Digital Engineering Services & Solutions (DES) department, which … with service transition processes to ensure compliance with internal controls and regulatory standards. It plays a critical role in governance, audit readiness, and the continuous improvement of MUFG's security posture, while also serving as the central coordination point for all vulnerability-related activities across DES. The successful candidate must demonstrate proven experience in leading teams and fostering a … of vulnerabilities, aligned with criticality-based policy enforcement. Prioritise weaknesses in IT infrastructure and applications using manual and automated methods, including results from Static Application Testing (SAST) and Software Composition Analysis (SCA) tooling (in conjunction with the Service Transition team). Influence stakeholders to prioritise and drive remediation of process and technology gaps Work with Cyber Security More ❯

Team Lead is responsible for defining, developing, and leading the strategic direction for safeguarding the organisation's infrastructure and applications. This is achieved by proactively identifying, assessing, and remediating security vulnerabilities. The role sits within the Digital Engineering Services & Solutions (DES) department of the Technology Division.The role is part of the Digital Engineering Services & Solutions (DES) department, which encompasses … with service transition processes to ensure compliance with internal controls and regulatory standards. It plays a critical role in governance, audit readiness, and the continuous improvement of MUFG's security posture, while also serving as the central coordination point for all vulnerability-related activities across DES.The successful candidate must demonstrate proven experience in leading teams and fostering a culture … of vulnerabilities, aligned with criticality-based policy enforcement. Prioritise weaknesses in IT infrastructure and applications using manual and automated methods, including results from Static Application Testing (SAST) and Software Composition Analysis (SCA) tooling (in conjunction with the Service Transition team). Influence stakeholders to prioritise and drive remediation of process and technology gaps Work with Cyber Security More ❯

Complexio is a joint venture between Hafnia, in partnership with Marfin Management, C Transport Maritime, Trans Sea Transport and BW Epic Kosan and Símbolo We are looking for a Security & Compliance Speciallist to own and drive our security and compliance requirements. This role is hands-on and strategic, balancing day-to-day operations with long-term initiatives to … ensure our organisation remains secure, resilient, and compliant. You will work closely with engineering, product, and leadership teams to embed security into everything we do, while also representing our security and compliance posture to customers, partners, and auditors. Requirements Security Governance & Compliance Lead the company’s efforts to achieve and maintain ISO 27001 (and other frameworks as … accordingly. Operational Security Oversee day-to-day security operations, including vulnerability management, access reviews, and incident response readiness. Provide insights and triage signals from security tooling (SAST, DAST, dependency scanning, SIEM). Work hands-on to perform internal security assessments or penetration testing. Manage relationships with external pentest providers, auditors, and assessors. Secure Development Lifecycle (SDLC More ❯

A leading fintech company is seeking a Lead AppSec Engineer to join their established team. Youll be instrumental in embedding security into every stage of the software development lifecycleguiding engineers, shaping best practices, and driving secure, scalable solutions across our platform. Key Responsibilities: Security Advisory : Serve as the go-to expert for application security across engineering … teamsproviding hands-on guidance, resolving concerns, and fostering a security-first mindset. DevSecOps Enablement : Promote and implement secure development practices across CI/CD pipelines, secrets and key management, dependency … management, and secure design. Vulnerability Management : Lead vulnerability remediation effortstriaging findings, prioritizing risks, and partnering with teams to deliver effective, pragmatic fixes. Tooling & Automation : Integrate security tools (e.g., SAST, DAST, SCA, secrets scanning) into developer workflows, ensuring automation is both scalable and developer-friendly. Cloud Security Collaboration : Work alongside infrastructure teams to ensure secure configuration of AWS and More ❯

Senior DevSecOps Engineer - AI/ML (Financial Services) Location: Remote/Major Hubs in APAC, Europe, and the UK Team: Cloud Security & Platform Engineering About the Role We are seeking a highly skilled and security-focused Senior DevSecOps Engineer to build, secure, and optimize the cloud infrastructure that powers our critical AI and Machine Learning initiatives. In this … models and data. Key Responsibilities Secure MLOps Platform Engineering: Design, implement, and manage secure, automated CI/CD pipelines specifically for machine learning models (MLOps), integrating security checks (SAST, DAST, SCA) and data validation gates. AI/ML Infrastructure Security: Harden and secure the underlying cloud infrastructure for AI/ML workloads, including GPU clusters, container orchestration (Kubernetes … understanding of cloud security principles (Zero Trust, Least Privilege), IAM, network security, and encryption (at-rest and in-transit). Practical experience with security tools for SAST, DAST, SCA, and secrets management (e.g., HashiCorp Vault). MLOps & AI/ML Knowledge: Must have practical experience with MLOps tools and workflows (e.g., MLflow, Kubeflow, Seldon Core) and an More ❯

About the Role We are seeking multiple Security Consultants (Contract positions) to support a variety of transformation and security initiatives across different platforms including Private Cloud, Economic Crime Prevention (ECP), Payments, and Innovation Programs . You will join a high-performing Security Consultancy and Design team , working with product and engineering teams to embed security-by … design principles across cloud, DevSecOps, and enterprise technology landscapes. General Responsibilities (Applicable to All Roles) Perform threat modelling , risk assessments, and design reviews across infrastructure and applications. Provide security guidance and governance during project design and delivery phases. Define and document security requirements, controls, and testing approaches in line with enterprise and regulatory standards. Collaborate with engineering … Start) Key Skills Required: Strong experience in assessing and designing Private Cloud environments (VMware, Containers, etc.) Hands-on experience with DevSecOps tools and processes – Kubernetes (K8s), Harness, Terraform, GitHub, SAST/DAST, and SDLC integration Proven capability in embedding security within engineering pipelines 2. Security Consultant – Economic Crime Prevention (ECP) Platform (Start Date: 17th November) Key Skills Required More ❯

About the Role We are seeking multiple Security Consultants (Contract positions) to support a variety of transformation and security initiatives across different platforms including Private Cloud, Economic Crime Prevention (ECP), Payments, and Innovation Programs . You will join a high-performing Security Consultancy and Design team , working with product and engineering teams to embed security-by … design principles across cloud, DevSecOps, and enterprise technology landscapes. General Responsibilities (Applicable to All Roles) Perform threat modelling , risk assessments, and design reviews across infrastructure and applications. Provide security guidance and governance during project design and delivery phases. Define and document security requirements, controls, and testing approaches in line with enterprise and regulatory standards. Collaborate with engineering … Start) Key Skills Required: Strong experience in assessing and designing Private Cloud environments (VMware, Containers, etc.) Hands-on experience with DevSecOps tools and processes – Kubernetes (K8s), Harness, Terraform, GitHub, SAST/DAST, and SDLC integration Proven capability in embedding security within engineering pipelines 2. Security Consultant – Economic Crime Prevention (ECP) Platform (Start Date: 17th November) Key Skills Required More ❯

global, market-leading insurance organisation that's shaping the future of digital health and technology. This is your opportunity to be part of an innovative, forward-thinking environment where security, engineering excellence, and customer impact are at the heart of everything we do! What you'll do: Provide hands-on technical expertise in secure software development within a product … improve secure CI/CD pipelines and modern security practices. Ensure risk management, security, and quality are embedded in software delivery. Implement and manage security tooling (SAST, DAST) to support development and testing. Adhere to best practices in architecture, design, coding standards, and SDLC. Managing risk and security in our software estate through implementation of technology … tooling Demonstrate expert understanding of modern security practices and standards. What you'll bring: Technical leadership with strong decision-making and prioritisation skills. Expertise in secure systems design and infrastructure. Experience securing CI/CD pipelines and using security tools. Expertise in key technologies such as .NET/C#, Azure PaaS, Javascript, and Salesforce APEX, and in frameworks More ❯

day-to-day T vulnerability management operations. This role is perfect for someone who thrives on technical problem-solving and wants to work closely with engineering teams to build security into the development life-cycle. The Opportunity: You'll be the operational backbone of a vulnerability management transformation, working alongside a Lead SecOps Consultant to implement and run processes … that protect a critical banking platform. This is a chance to work across diverse technology stacks (platform, mobile, web, backend) while solving complex security challenges in a fast-paced environment. What you'll do: Run Vulnerability Operations: Execute vulnerability scanning, triage findings, and coordinate remediation efforts across multiple engineering teams Engineering Collaboration: Partner directly with platform, mobile, web, and … PCI-DSS authenticated scanning and financial services security requirements (preferred) Collaborative Approach: Excellent interpersonal skills to work effectively with diverse engineering teams Technical Environment: Current Tools: Tenable, internal SAST solutions Technologies: Modern banking platform stack including mobile, web services, and backend systems Compliance: PCI-DSS, 3DS, SOC2, ISO frameworks Methodology: Transitioning from reactive to proactive security approach Key More ❯

. This is a hands-on, advisory role where you will shape, implement, and embed secure DevOps practices across the organisation. The ideal candidate balances deep DevOps expertise with security knowledge, capable of both … advising teams and leading practical delivery. Key Responsibilities: Design, implement, and maintain secure CI/CD pipelines across multiple teams. Integrate security tools and practices into DevOps workflows (SAST, DAST, SCA, secrets management). Collaborate with development, operations, and security teams to implement secure coding and deployment practices. Provide practical guidance on threat modelling, risk assessments, and vulnerability … management. Advise on cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes) with a hands-on delivery mindset. Develop, implement, and enforce security policies, standards, and best practices. Lead incident response and root cause analysis for security-related issues. Mentor and train teams on DevSecOps principles, ensuring knowledge transfer and capability building. What we're More ❯

if you have: Live in Edinburgh or are within commutable distance Solid experience in DevOps and Platform Engineering Git and version control workflows Security engineering tools and practices: SAST/DAST tools (Checkmarx, Veracode, SonarQube) Container security (Aqua, Snyk, Anchore) Programming and scripting languages (Python, Go, YAML, JSON etc.) A background in financial services or similar regulated industries. … Familiarity with compliance frameworks, and security requirements (e.g., ISO 27001, SOC 2, SOX, PCI DSS, FedRAMP, FFIEC, NYDFS, and SEC compliance requirements) A track record in consulting, solutions architecture, or technical coaching. Interest in technical sales and supporting go-to-market strategies. Excellent written and verbal communication skills, with the ability to translate complex technical topics to both technical … and non-technical stakeholders. AWS/Azure/GCP certifications, CISSP, CISM, or other security certifications are a plus Generous equity plan. Remote-first working environment with travel to our Oslo office and customer sites across Europe (London, Zurich, and more). Opportunity to work on innovative solutions with a passionate and driven team. If you are excited by More ❯

wins. You MUST Have: 7+ years in technical pre-sales or sales engineering roles Hands-on with Docker, Kubernetes, CI/CD, Git, build tools Solid AppSec experience: SCA, SAST, SBOM, Container Security Cloud infrastructure fluency (AWS, Azure or GCP - must especially tick this box) Proven track record building enterprise relationships - from tech champions to C-level Ability to More ❯

fast-paced environment in their approach Automation Testing. You will be embedded within our client’s engineering organisation, conducting a maturity assessment of existing feature teams approach to automation testing, identifying improvement opportunities, and developing a comprehensive Automation Testing playbook that outlines standards, principles, tooling, and ways of working. Responsibilities Lead and coach cross-functional feature teams to … team development Experience working in banking/mortgages/savings/insurance Strong background in Test Automation with hands-on experience in: Playwright, Selenium, Cucumber, Contract Testing, Gherkin, SAST using Veracode Why join us Career coaching, mentoring and access to upskilling throughout your entire FDM career Assignments with global companies and opportunities to work abroad Opportunity to re-skill More ❯

issues. We're happy to discuss flexible working. Please indicate your choice under the flexible working question in the application. There is no obligation to raise this at the application stage but if you wish to do so, you are welcome to. Flexible working will be part of the discussion at offer stage. Purpose Of The Role The BBC … MediaCityUK, Salford, you'll join our TV Enablement team to deliver a world-class connected TV experience for BBC iPlayer and Sounds. Your work will contribute to the TV application platform, and you will develop and maintain tooling used by other teams. You will have an opportunity to work on software at a scale that is hard to find … In depth knowledge of AWS technologies, or AWS accreditations/qualifications. Out Of Hours/On Call engineer experience. Knowledge or experience of DORA metrics. Knowledge or experience with SAST/DAST. Experience with complex deployment systems. Experience with mono/multi tenant repo tooling. Experience with AWS CDK. Knowledge of HbbTV/DVB standards. If you can bring some More ❯