3 of 3 Remote/Hybrid Static Application Security Testing Jobs in Yorkshire

maintain security controls across cloud infrastructure using Infrastructure as Code, with a security-first mindset. Automate security testing processes, including SAST, DAST and IAST, enabling early detection and remediation of vulnerabilities. Conduct and support regular automated security assessments, vulnerability scans and remediation planning. Build … CloudFormation. Deep knowledge of securing AWS-based environments, container platforms (Docker, Kubernetes) and cloud-native services. Experience implementing and managing security tools including SAST, DAST, vulnerability scanners and container security tools. Strong scripting and automation skills using Bash, Python or similar languages. Experience with monitoring, logging and SIEM ...

Senior Security Engineer/DevSecOps Engineer Location: Multiple locations across the UK (hybrid & flexible)Salary: Up to £85,000 + comprehensive benefits package The Opportunity A large-scale digital organisation is undertaking a significant technology transformation, building modern cloud platforms that support millions of users across consumer and enterprise … cloud-native workflows Knowledge of secure development frameworks and practices (e.g. OWASP-based approaches) Experience with application security tooling such as SAST, SCA, DAST, or container security Understanding of cloud networking, identity, access management, and secure integrations Ways of Working Comfortable working as part of a cross ...

scan, and deployment processes. Extend Python tooling for SLSA provenance, SBOM generation, hash/digest validation, and security scan aggregation (SonarQube, Sonatype IQ, SAST/Container). Optimise pipeline performance using parallel builds, caching, scope-reduced BOMs, and dependency prefetching. Ensure artifact integrity through correct SHA1/SHA256 mapping … Terraform, and container image metadata. Knowledge of supply-chain security, including SLSA, CycloneDX SBOMs, and digests. Experience with SonarQube, Sonatype IQ, container and SAST scanning. Proven skills in pipeline performance tuning, including caching, parallelisation, and dependency pruning. Awareness of compliance and security standards relevant to CI/ ...