26 to 50 of 102 Static Application Security Testing Jobs in the UK

Who we are looking for A Senior Information Security Specialist, who will focus on the technical side of IT Security, specifically looking at application security and code analysis to ensure applications are built securely. The application security team deal with the security of … that is secure and compliant with the Company’s regulatory obligations. You will be working closely with the software development function, to ensure that application based vulnerabilities are understood and mitigated. It is therefore important that you possess an understanding of the Secure Software Development Lifecycles and the assessment … of code. This role is part of the broader Information Security department, which is comprised of engineers and analysts with varying backgrounds. Collectively, the team utilises enterprise and bespoke tooling to identify and mitigate threats to safeguard the Business. This role is eligible for inclusion in the Company’s More ❯

Our consultancy client are currently looking for a couple of experienced Security/DevSecOps engineers to join their business. They operate in the FS and energy space so experience in banking or insurance or energy is a must for these roles. Working across clients you will develop and execute … advanced security engineering … strategies to fortify infrastructure, networks, and cloud environments. Lead security initiatives across the SDLC, integrating Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and Container scanning using tools such as CheckmarxOne, Prisma Cloud, or equivalents. Collaborate More ❯

Responsibilities: The Security Architect reports to the Chief Information Security Officer. The Chief Information Security Officer determines the activities due by the Security Architect based on evolving needs to improve the company’s security posture and to secure CHAMP assets. Examples of the Security Architect’s responsibilities and duties include: Document and address information security, cybersecurity architecture, and systems security engineering requirements throughout the application acquisition or development life cycle. Employ secure configuration management processes Ensure that acquired or developed system(s) and architecture(s) are consistent with the security … malicious content, data anonymization, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing) Ability to drive strategy to establish SAST and DAST framework Knowledge of the enterprise information technology (IT) architectural concepts and patterns Knowledge of installation, integration, and optimization of system components Knowledge of More ❯

Your new company - Specialist Global Financial Services Your new role - Permanent - ON SITE 5 Days per week. - UK Only Job Title: IT Security Engineer Job Brief: As the first line of defence in the IT department, the purpose of this role focusses on information security, cybersecurity and data … security, including a wide scope of physical security operating systems … such as Windows and Linux, network security, firewall and other security devices, application security both development and testing phrases SAST & DAST, terminal security, backup security, third party and supply chain security. We are seeking a skilled IT Security Engineer to identify, investigate More ❯

applicants Direct message the job poster from RiverSafe Recruitment Manager @ RiverSafe: Helping to grow a company #cybersecurity #devops #appsec The Role The Principal Application Security Consultant is a senior-level role responsible for leading and improving application security strategies, conducting security assessments and providing expert … guidance on secure development practices. This role involves working closely with development teams, security engineers and business stakeholders to integrate security into the software development lifecycle (SDLC), mitigate risks and ensure compliance with security standards. Skills Strong knowledge of application security vulnerabilities (OWASP Top … (Docker, Kubernetes). Ability to conduct maturity assessments and gap analysis. Familiarity with RASP technology as well as traditional security tools like SAST or DAST. Excellent communication skills to engage with developers, executives and clients. Experience in consulting and working with multiple clients on application security More ❯

regulated by the Financial Conduct Authority in the UK. We are looking for a skilled and proactive DevSecOps Engineer to take ownership of our security frameworks, testing, and hands-on implementation of secure systems. You will join our Engineering team to play a pivotal role in integrating security … approach. Perform regular automated security assessments, including vulnerability scans, assist penetration testing, and remediation planning. Automate security testing processes, including SAST, DAST, and IAST tools, to identify and remediate vulnerabilities earlier in the SDLC. Work closely with Development and Platform teams to promote a DevSecOps culture … or similar programming languages. Understanding of secure coding practices, application security principles, and compliance frameworks. Expertise in implementing security tools (e.g., SAST, DAST, vulnerability scanners, OWASP ZAP, SonarQube, Snyk, Elastic Security, tfsec AWS Inspector or Trivy). Experience with monitoring and logging tools like ELK or More ❯

Application Security Consultant (AppSec) Permanent Role Fully Remote Up to £80K per annum Are you a skilled application security professional with a strong grasp of cloud-native development and a passion for safeguarding software systems? Join an innovative cyber security consultancy working at the forefront … of resilience, supporting clients across the military, government, finance, and tech sectors. As an Application Security Consultant, you'll be the go-to expert on software-level threats and controls. You'll play a key role in embedding security within cloud-native development environments-particularly AWS-by … development teams in secure coding best practices through workshops, threat modelling, and code reviews. Define and enforce security checkpoints across the DevOps lifecycle (SAST, DAST, SCA). Champion secure API design, including robust authentication, authorisation, and validation techniques. Identify and mitigate security vulnerabilities through reviews and penetration test More ❯

We support organisations across a variety of sectors including finance, retail, telecommunications, utilities, gaming, government and insurance. We’re looking for a Senior Information Security Consultant to join our growing team. The Senior Security Consultant is responsible for maintaining end-to-end security through compliance with global … policy, standards, regulations and industry best practices. This person works with Information Security management to implement a cloud first programme for enabling security standards across people, process and technology within the TransUnion Monevo portfolio. Day to Day You’ll Be: Guides and advises technology teams on infrastructure vulnerability … update internal standards, best practices and architectures based on this information Assists Engineering teams with adoption to changes in application security tooling (SAST, DAST, etc.) and interpretation of its results to ensure vulnerabilities are addressed on a timely basis and prevented from deployment into production Builds relationships and More ❯

UK based, primarily remote working with some travel required to our London Office. Sponsorship is not available for this role. What you will do: Security Integration in CI/CD Pipelines: Implement security controls within CI/CD pipelines using automation and best practices, ensuring vulnerabilities are caught … Incident Response: Develop and maintain monitoring systems and respond to security incidents quickly and effectively. Automated Security Testing: Integrate and manage SAST, DAST, and other security testing tools to identify security issues in code and applications. Compliance and Governance: Develop and manage Azure policies … such as vulnerability scanners, intrusion detection systems, & security information & event management (SIEM) solutions. Knowledge of container management with Azure Container Registry. Experience in SAST, DAST & other techniques to improve code security Desirable: Proficiency in scripting, preferably with PowerShell. Understanding of DotNet development and deployment pipelines. Experience working with More ❯

Join to apply for the Platform Security Engineer role at Bondsmith 2 weeks ago Be among the first 25 applicants Join to apply for the Platform Security Engineer role at Bondsmith Get AI-powered advice on this job and more exclusive features. About us Bondsmith is a fast … regulated by the Financial Conduct Authority in the UK. We are looking for a skilled and proactive DevSecOps Engineer to take ownership of our security frameworks, testing, and hands on implementation of secure systems. You will join our Engineering team to play a pivotal role in integrating security … tools (ELK, Datadog) Understanding of secure coding practices, application security principles, and compliance frameworks. Hands-on experience in security tools (e.g., SAST, DAST, vulnerability scanners, OWASP ZAP, SonarQube, Snyk, Elastic Security, tfsec, AWS Inspector or Trivy). Experience in SIEM systems and threat detection. Financial services More ❯

Principal Product Security Engineer Apply locations CZ - Prague UK - London time type Full time posted on Posted 6 Days Ago job requisition id JR103958 Our Product Security team is seeking a Principal Product Security Engineer to define and lead a secure development strategy and approach in a … fast-paced, agile development environment. You will be responsible for defining and driving security-related initiatives in collaboration with internal stakeholders. You will bring a wealth of technical expertise and industry experience spanning application security, cloud security, DevSecOps and CI/CD. The ideal candidate for … experience with secure software development lifecycle, security testing, vulnerability management. Experience with cloud technologies (AWS, Azure), security testing and automation (SAST, DAST, SCA), and AI/ML technologies. Deep understanding of DevSecOps principles and agile development. Knowledge of secure architecture and design principles, industry standards (NIST More ❯

Cloud Security Architect, AWS ProServe India Job ID: AWS ProServe IN - Maharashtra AWS Sales, Marketing, and Global Services (SMGS) is responsible for driving revenue, adoption, and growth from the largest and fastest growing small- and mid-market accounts to enterprise-level customers including public sector. At Amazon, Security is Top Priority. We are looking for security architects who are passionate about Cloud Security. Ideal candidates are those who have working experience with AWS Cloud, Cloud Security, Infrastructure Security, Network Security, Cloud Security Assessment, Penetration testing, Application security assessment, Compliance … AWS Organisations, Web Application Firewall, AWS Network Firewall, GWLB based Security Appliances. Have implementation knowledge to deliver DevSecOps pipeline with IaC scanner, SAST, DAST tool in the SDLC. Hands-on experience in one of the following is mandatory: Identity and Access Management Data Encryption Network Security Incident More ❯

This is a leading product role within the GitLab Sec Section. The Sec section provides GitLab Ultimate customers with comprehensive coverage for all their Security needs across the SDLC, from development to production, including risk assessment, compliance frameworks, application security posture, and vulnerability management. Enable AppSec and … the software supply chain. All these capabilities are driven not only by GitLab's broad set of application security testing scanners (SAST, SCA, Secret Scanning, DAST, etc.) but also by GitLab's AI-powered vulnerability resolution and explanation engine. As our new Sr. Product Manager, you will … detailed roadmap for our Vulnerability Management & Insights solution, ensuring they align with both our company's objectives and evolving market demands within our broader Application Security platform. You will collaborate closely with the relevant engineering teams and Product team members of the different scanners and adjacent areas like More ❯

Application Security Consultant – Remote CSSLP, CISSP, OSWE, GWAPT, CREST CRT/CCT App A leading Technology consultancy is looking for an Application Security Consultant to play a key role in embedding security into the heart of modern software development practices. The role: You’ll work … is especially focused on cloud-native development in AWS environments. Key responsibilities include: Embedding secure coding practices and supporting design/code reviews Implementing SAST, DAST, SCA, and other security checks into DevOps workflows Supporting secure API design and cloud-native architecture Acting as a key escalation point for … vulnerability triage and remediation Delivering developer enablement through workshops and hands-on threat modelling What you’ll bring: 3+ years in application or product security roles Strong grasp of application-level threats, secure design, and remediation strategies Experience with IaC security (Terraform, CloudFormation), container security More ❯

Application Security Consultant – Remote CSSLP, CISSP, OSWE, GWAPT, CREST CRT/CCT App A leading Technology consultancy is looking for an Application Security Consultant to play a key role in embedding security into the heart of modern software development practices. The role: You’ll work … is especially focused on cloud-native development in AWS environments. Key responsibilities include: Embedding secure coding practices and supporting design/code reviews Implementing SAST, DAST, SCA, and other security checks into DevOps workflows Supporting secure API design and cloud-native architecture Acting as a key escalation point for … vulnerability triage and remediation Delivering developer enablement through workshops and hands-on threat modelling What you’ll bring: 3+ years in application or product security roles Strong grasp of application-level threats, secure design, and remediation strategies Experience with IaC security (Terraform, CloudFormation), container security More ❯

on, delivery-focused role where you will embed DevSecOps principles into engineering pipelines, guide secure software development lifecycle (SSDLC) practices, and advise on adopting security tooling across cloud and hybrid environments. You will work closely with development, DevOps, and platform teams to uplift security maturity, enabling secure and … scalable software delivery aligned with industry standards and compliance requirements. Responsibilities Embed security practices into software development pipelines by integrating DevSecOps principles, automation tools, and governance controls. Support the definition, implementation, and continuous improvement of secure software development lifecycle (SSDLC) processes across internal and client delivery teams. Advise on … platforms. Experience collaborating with developers, DevOps, architects, and platform teams to design and implement secure software solutions. Exposure to application security tooling (SAST, DAST, SCA), cloud security services, and infrastructure-as-code security practices. Familiarity with agile or DevOps-based delivery models and working across multiple More ❯

to help shape the new flagship development center and contribute to high-impact projects in a thriving tech environment. Position Overview: Were expanding our application security team and are looking for someone with Java and Python experience. Youll focus on a subset of our products to understand them … development teams build products that are secure by design. What you will do: Youll support product teams through activities such as: Defining requirements for security features Proactively identifying and controlling risks using techniques like threat modeling Designing and implementing automated security tests Performing manual security assessments including … least one JavaScript framework Test design Unit tests and end-to-end tests both automated and manual A proven history of turning SCA/SAST/DAST results into teachable moments Application penetration testing experience is a bonus. Fluency in English What you'll gain at Intapp: Our More ❯

to help shape the new flagship development center and contribute to high-impact projects in a thriving tech environment. Position Overview: Were expanding our application security team and are looking for someone with Java and Python experience. Youll focus on a subset of our products to understand them … development teams build products that are secure by design. What you will do: Youll support product teams through activities such as: Defining requirements for security features Proactively identifying and controlling risks using techniques like threat modeling Designing and implementing automated security tests Performing manual security assessments including … least one JavaScript framework Test design Unit tests and end-to-end tests both automated and manual A proven history of turning SCA/SAST/DAST results into teachable moments Application penetration testing experience is a bonus. Fluency in English What you'll gain at Intapp: Our More ❯

to help shape the new flagship development center and contribute to high-impact projects in a thriving tech environment. Position Overview: Were expanding our application security team and are looking for someone with Java and Python experience. Youll focus on a subset of our products to understand them … development teams build products that are secure by design. What you will do: Youll support product teams through activities such as: Defining requirements for security features Proactively identifying and controlling risks using techniques like threat modeling Designing and implementing automated security tests Performing manual security assessments including … least one JavaScript framework Test design Unit tests and end-to-end tests both automated and manual A proven history of turning SCA/SAST/DAST results into teachable moments Application penetration testing experience is a bonus. Fluency in English What you'll gain at Intapp: Our More ❯

JIRA, Confluence). Awareness of CI/CD tooling such as Jenkins, GitLab or similar. Knowledge of Hashicorp Terraform and Hashicorp Vault. Awareness of SAST Security Testing - GitLab, Checkmarx, Veracode. Awareness of DAST Security Testing - GitLab, Veracode. Awareness of SCA/IAST Security Testing - Checkmarx, GitLab, Veracode. Awareness of Vulnerability Management - PA Prisma. Awareness of QA Testing - Selenium. Certifications in Gitlab, Terraform and Vault would be preferable. About us With over 20,000 employees across the globe, we work at the heart of digitisation, advising organisations on IT strategy, implementing the most More ❯

Job Title: Application Security (AppSec) Consultant Location: Remote (UK-based only) Salary: Up to £80,000 Type: Full-time, Permanent Are you passionate about building secure software and driving real impact in the world of cybersecurity? Our client, a cutting-edge cyber consultancy, is seeking an Application Security Consultant to strengthen their growing technical team. This is a fully remote role, offering the chance to work alongside experts from diverse industries including defence, finance, and tech— while making a real difference. What You’ll Be … Doing: Partnering with developers and engineers to bake security into every stage of the software development lifecycle. Enhancing DevSecOps practices with tools like SAST, DAST, and SCA—making sure security isn’t just an afterthought. Leading secure code reviews, threat modelling sessions, and providing practical guidance on secure More ❯

consistently updating our job descriptions to ensure we continue to lead in banking innovation. How you will contribute and key responsibilities: As a Senior Security Engineer, you will be instrumental in designing and implementing security measures for our mobile applications, services, and websites to meet the highest security standards. Your expertise will help us continuously analyse and improve our security systems, ensuring that our products and services are not only secure by design but also comply with internal and external regulatory requirements. Other responsibilities include: Security Analysis and Improvement: Continuously analyse our security systems … and monitoring, networks, firewalls, load balancers, DNS, CDNs Working knowledge of agile DevSecOps environments, and CI/CD (Git, Concourse, Terraform) Working knowledge of SAST, DAST, RASP, and IAST tools and building security into existing SDLC processes Knowledge of cloud Security Architecture of public clouds (such as AWS More ❯

Join to apply for the Senior Security Engineer role at Policy Expert 3 weeks ago Be among the first 25 applicants Join to apply for the Senior Security Engineer role at Policy Expert Policy Expert – Senior Security Engineer Are you ready to transform the insurance industry? Policy … ranked the UK's No.1-rated home insurer by Review Centre since 2013. About the DevSecOps team: At PolicyExpert, the DevSecOps team focuses on application, cloud, and cybersecurity to ensure security is integrated throughout the software development lifecycle. Our goal is to empower tech teams to build and … Who are you: Proven experience delivering web application and API security improvements across an organisation. Proficiency with DevSecOps and SDLC tooling, including SAST, DAST, SCA, ASPM, and CSPM. Hands-on experience with IAM solutions such as Auth0 or AWS Cognito. Strong background in threat modelling and vulnerability management. More ❯

Policy Expert - Senior Security Engineer We're on a mission to make: The most successful insurance disruptor people want to stay with for life Are you ready to transform the insurance industry with innovative technology? At Policy Expert , we are on a mission to revolutionize Home , Pet , and Motor … the UK's No.1-rated home insurance provider for 9 years . About the DevSecOps team: At Policy Expert, the DevSecOps team focuses on application, cloud, and cybersecurity to ensure security is integrated throughout the software development lifecycle. Our goal is to empower tech teams to build and … Who are you: Proven experience delivering web application and API security improvements across an organisation. Proficiency with DevSecOps and SDLC tooling, including SAST, DAST, SCA, ASPM and CSPM. Hands-on experience with IAM solutions such as Auth0, or AWS Cognito. Strong background in threat modelling and vulnerability management. More ❯

Determine the strategy to secure the company’s platforms, including the Kubernetes technology stack and the legacy solutions, while adapting a pragmatic approach balancing security and development velocity. Improve the company’s security standing by developing security features and deploying security products in the company’s … cloud infrastructure (account management, network infrastructure, identity and access management, secret management, security monitoring and automation, and production machine access). Represent the Security Team as point of contact and source of knowledge in Design Review meetings across Engineering; perform threat analysis, define security controls and security … widespread adoption). It’d be really cool if you also: Have experience with threat modeling, performing security audits, penetration testing, and SAST tools. Have production experience with technologies like Kubernetes, Docker, Istio, Prometheus, Vault, Consul, and infrastructure as code. Have published security papers, blogs, or talks More ❯