19 of 19 Remote/Hybrid Static Application Security Testing Jobs in the UK excluding London

INFORMATION SECURITY SPECIALIST (APPLICATION SECURITY) Manchester or Stoke-on-Trent (Hybrid) KEY POINTS * Application Security focused role * Hybrid working - Manchester or Stoke-on-Trent * Secure Development Lifecycle, AppSec tooling, CI/CD integration * Salary up to £80,000 DOE ABOUT THE CLIENT Due to continued … required skills) your application to our client in conjunction with this vacancy only. KEY SKILLS Application Security, AppSec, OWASP, Threat Modelling, SAST, DAST, CI/CD Security, Secure SDLC, Penetration Testing, Code Review, Supply Chain Security, Automation, AI Security ...

years in a demonstrable leadership capacity.• Strong technical grounding in application security, cloud security, and DevSecOps.• Hands-on experience with SCA, SAST, DAST, CSPM, CNAPP • Excellent practical familiarity with industry frameworks such as OWASP and NIST.• Proven ability to drive organisational change and influence senior stakeholders.• Excellent … related services Keyword Terminology Application Security, Product Security, AppSec, Cloud Security, DevSecOps, Secure-by-Design, SDLC Security, OWASP, NIST, SAST, DAST, SCA, CSPM, CNAPP, CISSP, CISM, CISA, Security Frameworks, GDPR, ISO 27001, Risk Management, Security Governance ...

Lead Application Security Engineer £70,000 to 90,000 GBP Bonus Hybrid WORKING Location: Glasgow, Scotland - United Kingdom Type: Permanent Application Security Engineering Lead Location: Glasgow or Greater Manchester (2 days per week in your closest site) Salary: £70,000-£90,000 + bonus DOE Sponsorship … fostering skill development. Required Experience & Skills Strong knowledge of software security, including CVEs, CWEs, and common vulnerability types. Hands-on experience with SAST, SCA, and DAST tools. Proficiency in at least one programming language (e.g., Java, Go). Experience with at least one major cloud platform (AWS, GCP, Azure ...

maintain security controls across cloud infrastructure using Infrastructure as Code, with a security-first mindset. Automate security testing processes, including SAST, DAST and IAST, enabling early detection and remediation of vulnerabilities. Conduct and support regular automated security assessments, vulnerability scans and remediation planning. Build … CloudFormation. Deep knowledge of securing AWS-based environments, container platforms (Docker, Kubernetes) and cloud-native services. Experience implementing and managing security tools including SAST, DAST, vulnerability scanners and container security tools. Strong scripting and automation skills using Bash, Python or similar languages. Experience with monitoring, logging and SIEM ...

Contract Role – AppSec Engineer/Application Security Engineer – London/Manchester/Glasgow/Hybrid – 12 months initial – Inside IR35 Role Overview: Job Title: AppSec Engineer/Application Security Engineer Location: Hybrid – 2 days onsite per week (London/Manchester/Glasgow) Contract Type: Contract Duration … Inside IR35) Sector: Banking Key Skills & Experience AppSec Engineer, experience with: The software security landscape: CVEs, CWEs, common software vulnerability types SAST, SCA, and DAST, including the strengths and weaknesses of each At least one programming language (e.g. Java, Go) At least one major cloud provider (e.g. ...

Product Security Specialist (PSS) at HL, you will be a key member of a collaborative team of security professionals dedicated to safeguarding HL's products and services. In this role, you will serve as the primary security contact for assigned product teams/squads, providing expert guidance … preferred. Knowledge of security principles, practices, and frameworks, such as OWASP, NIST, and ISO. Awareness of security tools and technologies, such as SAST, DAST, IAST, SCA, WAF, IDS, IPS. Experience in conducting threat modelling and risk assessments. Interview process The interview process for this role is two stages ...

Senior Security Engineer/DevSecOps Engineer Location: Multiple locations across the UK (hybrid & flexible)Salary: Up to £85,000 + comprehensive benefits package The Opportunity A large-scale digital organisation is undertaking a significant technology transformation, building modern cloud platforms that support millions of users across consumer and enterprise … cloud-native workflows Knowledge of secure development frameworks and practices (e.g. OWASP-based approaches) Experience with application security tooling such as SAST, SCA, DAST, or container security Understanding of cloud networking, identity, access management, and secure integrations Ways of Working Comfortable working as part of a cross ...

Senior Security Engineer/DevSecOps Engineer Location: Multiple locations across the UK (hybrid & flexible)Salary: Up to £85,000 + comprehensive benefits package The Opportunity A large-scale digital organisation is undertaking a significant technology transformation, building modern cloud platforms that support millions of users across consumer and enterprise … cloud-native workflows Knowledge of secure development frameworks and practices (e.g. OWASP-based approaches) Experience with application security tooling such as SAST, SCA, DAST, or container security Understanding of cloud networking, identity, access management, and secure integrations Ways of Working Comfortable working as part of a cross ...

Senior Security Engineer/DevSecOps Engineer Location: Multiple locations across the UK (hybrid & flexible)Salary: Up to £85,000 + comprehensive benefits package The Opportunity A large-scale digital organisation is undertaking a significant technology transformation, building modern cloud platforms that support millions of users across consumer and enterprise … cloud-native workflows Knowledge of secure development frameworks and practices (e.g. OWASP-based approaches) Experience with application security tooling such as SAST, SCA, DAST, or container security Understanding of cloud networking, identity, access management, and secure integrations Ways of Working Comfortable working as part of a cross ...

looking for a hands-on DevSecOps Engineer to take ownership of application and cloud security across a modern, Azure-first product environment. This is a product-focused security role, sitting at the intersection of development, DevOps and security, helping teams understand why vulnerabilities exist … automation and education. The role: Act as the DevSecOps lead, owning application and cloud security practices across the business Analyse outputs from SAST and DAST tools (e.g. Snyk, BrightSec), understanding vulnerabilities at a low level and advising development teams on remediation Work closely with DevOps to ensure secure ...

looking for a hands-on DevSecOps Engineer to take ownership of application and cloud security across a modern, Azure-first product environment. This is a product-focused security role, sitting at the intersection of development, DevOps and security, helping teams understand why vulnerabilities exist … automation and education. The role: Act as the DevSecOps lead, owning application and cloud security practices across the business Analyse outputs from SAST and DAST tools (e.g. Snyk, BrightSec), understanding vulnerabilities at a low level and advising development teams on remediation Work closely with DevOps to ensure secure ...

immediately available Test Manager with experience in connected vehicle ecosystems, IoT, or automotive software testing? This role provides leadership and oversight across all test activities, from planning through execution to sign-off, with accountability for ensuring that solutions are robust, reliable, and fit for purpose. The Test Manager will … distributed systems and microservices architectures. Working knowledge of OWASP standards, common security vulnerabilities, and experience conducting or coordinating security testing including SAST, DAST, and penetration testing. Understanding of authentication and authorization frameworks (OAuth, JWT, SAML) and familiarity with secure coding practices and threat modelling Experience in test ...

Security Engineer £50,000 to 67,000 GBP Bonus Hybrid WORKING Location: Manchester, North West - United Kingdom Type: Permanent Security Engineer - API, IAM & Automation Locations: Glasgow, Greater Manchester or Northampton (Hybrid) Salary: Up to £67,000 base + bonus (DOE) The Role We're looking for a Security … Background in Security Engineering, DevSecOps, SRE, or Platform Engineering. Desirable Experience integrating security into CI/CD pipelines. Knowledge of vulnerability scanning (SAST, DAST, SCA). Familiarity with container and Kubernetes security. This is an opportunity to play a key role in shaping secure-by-design engineering practices ...

Contract Role – Senior Golang/Java Security Engineer – London/Manchester/Glasgow/Hybrid – 12 months initial – Inside IR35 Role Overview: Job Title: Senior Golang/Java Security Engineer Location: Hybrid – 2 days onsite per week (London/Manchester/Glasgow) Contract Type: Contract Duration: 12 months … Golang/Java Security Engineer experience with: Golang/Go or Java The software security landscape: CVEs, CWEs, common software vulnerability types SAST, SCA, and DAST, including the strengths and weaknesses of each At least one major cloud provider (e.g. AWS, GCP, Azure) REST API design HTTP Authentication ...

scan, and deployment processes. Extend Python tooling for SLSA provenance, SBOM generation, hash/digest validation, and security scan aggregation (SonarQube, Sonatype IQ, SAST/Container). Optimise pipeline performance using parallel builds, caching, scope-reduced BOMs, and dependency prefetching. Ensure artifact integrity through correct SHA1/SHA256 mapping … Terraform, and container image metadata. Knowledge of supply-chain security, including SLSA, CycloneDX SBOMs, and digests. Experience with SonarQube, Sonatype IQ, container and SAST scanning. Proven skills in pipeline performance tuning, including caching, parallelisation, and dependency pruning. Awareness of compliance and security standards relevant to CI/ ...

appoint a Senior Azure Cloud Engineer. This is a hands-on senior role where youll take ownership of Azure infrastructure, DevOps practices, and cloud security, working closely with architects and development teams in an agile environment. The platform is API-driven and operates at scale, so reliability, performance … security Proven Infrastructure-as-Code expertise (Terraform, Bicep/ARM) Experience with Azure DevOps, GitHub, and CI/CD pipelines Familiarity with DevSecOps, SAST/DAST, and cloud monitoring Confident communicator with a pragmatic, delivery-focused mindset This is an opportunity to join a business where cloud engineering ...

extend Python tooling for: SLSA provenance SBOM generation (CycloneDX) Hash/digest accuracy (SHA1/SHA256) Security scan aggregation (SonarQube, Sonatype IQ, SAST, container scanning) Optimise pipeline performance through parallelisation, caching, dependency prefetching, and BOM scope reduction. Ensure artifact integrity and reproducibility , including evidence modelling and digest validation. Refactor … container image metadata . Solid experience with software supply-chain security (SLSA, CycloneDX SBOMs, digests). Hands-on use of SonarQube, Sonatype IQ, SAST, and container scanning tools . Proven ability to optimise CI/CD performance (caching, parallel builds, dependency pruning). Awareness of compliance and secure ...

extend Python tooling for: SLSA provenance SBOM generation (CycloneDX) Hash/digest accuracy (SHA1/SHA256) Security scan aggregation (SonarQube, Sonatype IQ, SAST, container scanning) Optimise pipeline performance through parallelisation, caching, dependency prefetching, and BOM scope reduction. Ensure artifact integrity and reproducibility , including evidence modelling and digest validation. Refactor … container image metadata . Solid experience with software supply-chain security (SLSA, CycloneDX SBOMs, digests). Hands-on use of SonarQube, Sonatype IQ, SAST, and container scanning tools . Proven ability to optimise CI/CD performance (caching, parallel builds, dependency pruning). Awareness of compliance and secure ...

controls. Capture and assess evidence such as pipeline logs, approvals, artefact integrity/signing, access controls, and configuration baselines. Validate security posture via SAST/DAST scans, dependency and licence reviews, container/image policies, and supply-chain controls. Evaluate logging, monitoring, and observability practices. Map findings to compliance ...