tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and guide teams on secure development practices. Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in … on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development More ❯
Identifying security flaws in solutions through threat modelling, risk analysis, architectural assessments and design reviews Current security vulnerabilities and threats specific to AI/ML, MITRE ATLAS framework and OWASP Identity and Access Management, Data Leakage Prevention, Network and Infrastructure Security, Cryptography, Encryption and Key Management, X509 ApplicationSecurity Design, DevSecOps, Agile practices, Shift Left concepts and automation Cloud securityMore ❯
Reading, England, United Kingdom Hybrid / WFH Options
SITA
applications (e.g. content management systems, application servers, databases, etc.) and how to leverage them in an assessment Good understanding of web technologies and how they are commonly subverted (e.g. OWASP Top 10) At least a basic understanding of development frameworks (.NET, Java,...) Ability to remain calm and methodical under pressure PROFESSION COMPETENCIES Adversarial Thinking Cloud Security Assessment Exploitation Techniques More ❯
Birmingham, England, United Kingdom Hybrid / WFH Options
Mindrift
a challenge. Preferred Skills: Hands-on experience with penetration testing tools (Metasploit, Burp Suite, Nessus, Nmap). Experience in AI red teaming, adversarial ML, LLM security testing. Knowledge of OWASP Top Ten, MITRE ATT&CK, and other security frameworks. Relevant security certifications (OSCP, CEH, CISSP, OSWE, API Security Architect). Experience in automating security tasks, securing DevOps workflows, and integrating More ❯
Manchester, England, United Kingdom Hybrid / WFH Options
Mindrift
a challenge. Preferred Skills: Hands-on experience with penetration testing tools (Metasploit, Burp Suite, Nessus, Nmap). Experience in AI red teaming, adversarial ML, LLM security testing. Knowledge of OWASP Top Ten, MITRE ATT&CK, and other security frameworks. Relevant security certifications (OSCP, CEH, CISSP, OSWE, API Security Architect). Experience in automating security tasks, securing DevOps workflows, and integrating More ❯
Leeds, England, United Kingdom Hybrid / WFH Options
Mindrift
a challenge. Preferred Skills: Hands-on experience with penetration testing tools (Metasploit, Burp Suite, Nessus, Nmap). Experience in AI red teaming, adversarial ML, LLM security testing. Knowledge of OWASP Top Ten, MITRE ATT&CK, and other security frameworks. Relevant security certifications (OSCP, CEH, CISSP, OSWE, API Security Architect). Experience in automating security tasks, securing DevOps workflows, and integrating More ❯
operations teams on bug fixes, retesting, and verifying patches in staging and production-mirroring environments. Quality & Best Practices • Champion infrastructure and security testing best practices, including vulnerability scanning (e.g., OWASP ZAP, Nessus), compliance checks, and disaster-recovery validations. • Contribute to continuous improvement by proposing new testing tools, frameworks, and process enhancements to raise overall system reliability and observability. Agile & Cross More ❯
Security Expertise: Hands-on experience with AWS (or other cloud-based solutions) . Strong understanding of secured Software Development Lifecycle (SDLC) and CI/CD platforms . Familiarity with OWASP, CIS frameworks, and security best practices . Infrastructure & Scripting Knowledge: Proficiency in Microsoft platforms (Office 365, IIS, .NET, SQL Server, Windows Server, Active Directory). Strong scripting skills in PowerShell More ❯
more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common webapplication vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯
Liverpool, Lancashire, United Kingdom Hybrid / WFH Options
Agoda
more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common webapplication vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯
Liverpool, England, United Kingdom Hybrid / WFH Options
Agoda
more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common webapplication vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯
Edinburgh, Scotland, United Kingdom Hybrid / WFH Options
Agoda
more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common webapplication vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯
Reading, Berkshire, South East, United Kingdom Hybrid / WFH Options
Bowerford Associates
teams and business stakeholders is essential. Experience working with security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency check, OWASP Top10 testing, application threat modelling. In-depth experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and … Security Architect, SDLC, Secure by Design, Architecture, Software Development, Engineering, DevOps, InfoSec, Security, Security Strategy, Best Practice, Programming, Code, C++, C#, C, .NET Core, Java, JavaScript, Node.js, Angular, React, OWASP, Agile, Application Threat Modelling, Security Policy, Security Controls, ISO 27001, NIST, GDPR, Cloud, Azure. Please note that due to a high level of applications, we can only respond to applicants More ❯
Reading, England, United Kingdom Hybrid / WFH Options
Huston Photos
You will also have: Experience creating applicationsecurity strategies, standards, and best practices. Experience working with security issues in software architecture, development, including static/dynamic analysis, dependency checks, OWASP Top10, and threat modeling. Experience in an Agile environment with modern CI/CD tools like GitHub, Jenkins, Bamboo. Ability to translate security policies into effective security controls. Knowledge of … more. Remote working, training, career progression, and family-friendly policies. Keywords Senior Software Security Architect, SDLC, Secure by Design, ApplicationSecurity, Architecture, Software Development, DevOps, InfoSec, Security, Programming Languages, OWASP, Agile, Cloud, Azure, GDPR, ISO 27001, NIST. Due to high application volumes, only suitable candidates will be contacted. We promote equality and diversity in the workplace. Additional Details Seniority level More ❯
in Python, PHP, JavaScript, and HTML. Utilize industry-standard tools including Burp Suite, Nessus, Checkmarx, HCL AppScan, WebInspect, and manual testing techniques. Conduct compliance-aligned security assessments based on OWASP, NIST, CREST, and MITRE ATT&CK frameworks. Reporting & Documentation Prepare detailed technical and executive reports, risk analysis, and remediation recommendations. Draft and maintain standardized test plans, methodologies, and reporting templates. … Minimum 4 years of penetration testing experience CREST CRT and CPSA certified (preferred) Other Security certifications: OSCP, OSWP, HTB, CBBH, CISSP (Bonus) Red Team experience (Bonus) Strong knowledge of OWASP Top 10, MITRE ATT&CK, CVSS, and secure coding practices Strong scripting and automation skills using Python, PowerShell, or Bash Experience with both automated tools and manual testing techniques Strong More ❯
Leeds, England, United Kingdom Hybrid / WFH Options
TipTopJob
secure, Bash, RHEL Collaboration tools - Jira, Confluence, Slack Behaviour Driven Development - Cucumber Micro-Service Architecture - Develop API design and open standards RESTful APIs Swagger Open API Cloud computing SecurityOWASP Top Ten Denial of Service SQL Injection Cross Site Request Forgery High Availability products - EDB failover manager RPC concepts and transport mechanisms - HTTP, Shared memory Containerisation - Docker, Kubernetes The role More ❯
ApplicationSecurity or DevSecOps, with experience in secure SDLC and CI/CD Hands-on experience with security tools like GitHub Advanced Security, Veracode, Snyk, ZAP, Burp Knowledge of OWASP, MITRE, CWE, and modern development frameworks (C#, Java, Python, React) Proficiency with scripting languages such as Python, Ruby, Rust Strong communication skills to liaise between technical teams and business stakeholders More ❯
Security or DevSecOps, with strong experience in secure SDLC and CI/CD Hands-on knowledge of security tools like GitHub Advanced Security, Veracode, Snyk, ZAP, Burp Familiarity with OWASP, MITRE, CWE, and modern development frameworks (C#, Java, Python, React) Knowledge of scripting languages (Python, Ruby, Rust) Excellent communication skills to bridge technical and business stakeholders Passion for building scalable More ❯
AppSec or DevSecOps, with strong experience in secure SDLC and CI/CD Hands-on knowledge of security tools like GitHub Advanced Security, Veracode, Snyk, ZAP, Burp Familiarity with OWASP, MITRE, CWE, and modern dev frameworks (C#, Java, Python, React) Knowledge of scripting languages (Python, Ruby, Rust) Excellent communication skills to bridge tech and business stakeholders Passion for building scalable More ❯
AppSec or DevSecOps, with strong experience in secure SDLC and CI/CD Hands-on knowledge of security tools like GitHub Advanced Security, Veracode, Snyk, ZAP, Burp Familiarity with OWASP, MITRE, CWE, and modern dev frameworks (C#, Java, Python, React) Knowledge of scripting languages (Python, Ruby, Rust) Excellent communication skills to bridge tech and business stakeholders Passion for building scalable More ❯
AppSec or DevSecOps, with strong experience in secure SDLC and CI/CD Hands-on knowledge of security tools like GitHub Advanced Security, Veracode, Snyk, ZAP, Burp Familiarity with OWASP, MITRE, CWE, and modern development frameworks (C#, Java, Python, React) Knowledge of scripting languages (Python, Ruby, Rust) Excellent communication skills to bridge tech and business stakeholders Passion for building scalable More ❯
AppSec or DevSecOps, with strong experience in secure SDLC and CI/CD Hands-on knowledge of security tools like GitHub Advanced Security, Veracode, Snyk, ZAP, Burp Familiarity with OWASP, MITRE, CWE, and modern dev frameworks (C#, Java, Python, React) Knowledge of scripting languages (Python, Ruby, Rust) Excellent communication skills to bridge tech and business stakeholders Passion for building scalable More ❯
AppSec or DevSecOps, with strong experience in secure SDLC and CI/CD Hands-on knowledge of security tools like GitHub Advanced Security, Veracode, Snyk, ZAP, Burp Familiarity with OWASP, MITRE, CWE, and modern development frameworks (C#, Java, Python, React) Knowledge of scripting languages (Python, Ruby, Rust) Excellent communication skills to bridge technical and business stakeholders Passion for building scalable More ❯
AppSec or DevSecOps, with strong experience in secure SDLC and CI/CD Hands-on knowledge of security tools like GitHub Advanced Security, Veracode, Snyk, ZAP, Burp Familiarity with OWASP, MITRE, CWE, and modern dev frameworks (C#, Java, Python, React) Knowledge of scripting languages (Python, Ruby, Rust) Excellent communication skills to bridge tech and business stakeholders Passion for building scalable More ❯
AppSec or DevSecOps, with strong experience in secure SDLC and CI/CD Hands-on knowledge of security tools like GitHub Advanced Security, Veracode, Snyk, ZAP, Burp Familiarity with OWASP, MITRE, CWE, and modern dev frameworks (C#, Java, Python, React) Knowledge of scripting languages (Python, Ruby, Rust) Excellent communication skills to bridge tech and business stakeholders Passion for building scalable More ❯
