1 to 25 of 675 OWASP Jobs

tools, including: Jenkins GitLab CI/CD Security Tools Experience with security tools, including: Static Application Security Testing (SAST) tools (e.g., Sonare) Dynamic Application Security Testing (DAST) tools (e.g., OWASP ZAP, Burp Suite) Container security tools (e.g., Docker, Kubernetes) Cloud security tools (e.g., AWS IAM, Azure Security Center) Cloud Platforms Knowledge of cloud platforms, including: Amazon Web Services (AWS) Microsoft … pipelines, including: Jenkins Pipelines GitLab CI/CD Pipelines CircleCI Pipelines Azure DevOps Pipelines Security Frameworks and Compliance: Knowledge of security frameworks and compliance regulations, including: NIST Cybersecurity Framework OWASP Security Cheat Sheet Minimum Education Requirements: BA/BS or MA/MS preferred Clearance Requirements: TS/SCI Here's your chance to join a small but growing team More ❯

tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and guide teams on secure development practices. Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in … on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development More ❯

tools such as SAST, DAST, SCA, and CI/CD security integrations. Investigate security incidents, prioritise remediation and guide teams on secure development practices. Ensure applications meet industry standards (OWASP Top 10, NIST, ISO 27001) and regulatory requirements (GDPR, PCI-DSS, etc.) Educate engineers and stakeholders on security threats, vulnerabilities and secure coding practices. Skills 5+ years of experience in … on experience with SAST, DAST, SCA and security automation in CI/CD pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development More ❯

and architectural risk assessments, identifying vulnerabilities early and collaborating on risk mitigation strategies. Define and enforce secure coding standards and architectural best practices aligned with industry benchmarks such as OWASP Top 10 and API Security Top 10. Partner with cloud engineers and developers to embed security controls specific to GCP, such as workload identity, IAM policy enforcement, VPC Service Controls … these into automated build and deployment pipelines. Practical expertise with threat modeling methodologies such as STRIDE, PASTA, or Attack Trees. Strong knowledge of secure coding standards and common vulnerabilities (OWASP Top 10, API Security Top 10) and how to mitigate them. Familiarity with Google Cloud Platform (GCP) security features and best practices, including IAM, Cloud Armor, Security Command Center, and More ❯

automation and integration. Proficiency with static code analysis, dynamic application security testing (DAST), and vulnerability scanning tools like Fortify and Acunetix. Knowledge: In-depth understanding of security frameworks (e.g., OWASP, NIST) and best practices for mitigating vulnerabilities. Familiarity with common threat vectors and experience addressing them in development and operations environments. Additional Information GoldenTech is a systems integrator firm, focusing More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS...), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of cryptography including encryption More ❯

Acunetix, and Prisma Cloud • Proficiency in scripting languages (e.g., Python, Bash) for automation and tool integration. • Knowledge of security best practices, common vulnerabilities, and exposure to security frameworks (e.g., OWASP, NIST). • Strong problem-solving skills and the ability to work effectively in a fast-paced, collaborative environment. • Excellent communication skills, both written and verbal, with the ability to convey More ❯

GCP, including securing cloud-based applications. Advanced scripting skills in Python, Bash, or similar languages for automation. Knowledge: In-depth understanding of security best practices, vulnerabilities, and frameworks like OWASP and NIST. Additional Information GoldenTech is a systems integrator firm, focusing on solving complex problems in the areas of DevOps, Cloud and Cyber domains. In addition to offering Cloud based More ❯

are certifications related to secure development and cloud security (CSSLP, AZ-500, SC-100/SC-200, AWS Security, GCSA, GCLD, or similar). Familiarity with secure coding standards (OWASP, SEI CERT) and SSDLC models (Microsoft SDL, NIST 800-218 SSDF). Knowledge or experience of Product Assurance Schemes (PAS) or product security frameworks (PAS 754, PAS 1296, or similar More ❯

applications (e.g. content management systems, application servers, databases, etc.) and how to leverage them in an assessment Good understanding of web technologies and how they are commonly subverted (e.g. OWASP Top 10) At least a basic understanding of development frameworks (.NET, Java,) Ability to remain calm and methodical under pressure PROFESSION COMPETENCIES Adversarial Thinking Cloud Security Assessment Vulnerability Analysis Security More ❯

of security principles in cloud environments (AWS, Azure, or GCP) Proficiency with Infrastructure as Code (Terraform, Ansible, or similar) Experience with automated security testing and compliance tools (e.g., SonarQube, OWASP ZAP, Trivy, Aqua Security) Familiarity with monitoring and logging tools such as Prometheus, Grafana, ELK, or Splunk Scripting knowledge (Python, Bash, or PowerShell) Desirable: Experience working within government or defence More ❯

of security principles in cloud environments (AWS, Azure, or GCP) Proficiency with Infrastructure as Code (Terraform, Ansible, or similar) Experience with automated security testing and compliance tools (e.g., SonarQube, OWASP ZAP, Trivy, Aqua Security) Familiarity with monitoring and logging tools such as Prometheus, Grafana, ELK, or Splunk Scripting knowledge (Python, Bash, or PowerShell) Desirable: Experience working within government or defence More ❯

vendors and coordinate feedback with teams to ensure actions are followed to mitigate identified risks Skills: Software engineering background is a must with knowledge of Application Security Frameworks e.g. OWASP SAMM/DSOMM etc Hands-on knowledge of information security processes such as security design review, threat modelling, OWASP Top 10, risk analysis, and software testing techniques Strong understanding of … activities - identifying, assessing and providing remediation options for application and technology risks Knowledge of Agile methodologies is a must Knowledge of backend and frontend web application vulnerabilities Knowledge of OWASP Top 10, SANS Top 25 etc Experience working in AWS/Azure/GCP would be beneficial Knowledge of Ci/CD pipelines Thorough understanding of SAST, DAST (including fuzzing More ❯

Strong knowledge of containerisation and orchestration technologies (Docker, Kubernetes) Solid experience with Infrastructure as Code tools (Terraform, Ansible, or equivalent) Practical knowledge of automated security tooling (e.g., SonarQube, Trivy, OWASP ZAP) Experience with monitoring and logging systems (e.g., ELK stack, Prometheus, Grafana, Splunk) Scripting capability (e.g., Python, Bash, or PowerShell) Familiarity with secure software development lifecycle (SSDLC) principles Desirable: Exposure More ❯

Strong knowledge of containerisation and orchestration technologies (Docker, Kubernetes) Solid experience with Infrastructure as Code tools (Terraform, Ansible, or equivalent) Practical knowledge of automated security tooling (e.g., SonarQube, Trivy, OWASP ZAP) Experience with monitoring and logging systems (e.g., ELK stack, Prometheus, Grafana, Splunk) Scripting capability (e.g., Python, Bash, or PowerShell) Familiarity with secure software development lifecycle (SSDLC) principles Desirable: Exposure More ❯

languages and Infrastructure as Code (Terraform, CloudFormation) Familiarity with Jira or other ticketing systems – essential Technical architecture design and review skills – essential Ability to identify vulnerabilities using CWE or OWASP Knowledge of operating systems and their hardening techniques Understanding of development concepts such as CICD, Pipelines, and SDLC Penetration testing knowledge is also super useful Familiarity with Cloud Development Kit More ❯

Knowledge of cloud security frameworks Rest API knowledge Scripting and Infrastructure as Code (Terraform, CloudFormation) Experience with Jira or similar ticketing systems Technical architecture review skills Vulnerability identification (CWE, OWASP) Operating systems and hardening techniques Development concepts like CICD, Pipelines, SDLC Penetration testing knowledge (useful) Familiarity with Cloud Development Kit (CDK), GitOps Experience in DevOps/agile environments Docker, Kubernetes More ❯

secure cloud development on AWS, GCP, or Azure Proficiency in SDLC security tooling including SAST, DAST, and automated testing tools Experience implementing and auditing controls aligned with standards like OWASP, NIST CSF, or ISO 27001 Ability to drive outcomes across cross-functional teams in high-growth environments Exceptional problem-solving, communication, and stakeholder management skills Preferred Requirements Experience with security More ❯

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

You will also have: Experience creating application security strategies, standards, and best practices. Experience working with security issues in software architecture, development, including static/dynamic analysis, dependency checks, OWASP Top10, and threat modeling. Experience in an Agile environment with modern CI/CD tools like GitHub, Jenkins, Bamboo. Ability to translate security policies into effective security controls. Knowledge of … more. Remote working, training, career progression, and family-friendly policies. Keywords Senior Software Security Architect, SDLC, Secure by Design, Application Security, Architecture, Software Development, DevOps, InfoSec, Security, Programming Languages, OWASP, Agile, Cloud, Azure, GDPR, ISO 27001, NIST. Due to high application volumes, only suitable candidates will be contacted. We promote equality and diversity in the workplace. Additional Details Seniority level More ❯

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2), Working knowledge of cryptography including encryption More ❯

strong focus on securing cloud architectures. Solid understanding of data security principles and mechanisms, including encryption and masking. Familiarity with major security standards and frameworks (e.g., ISO 27001, NIST, OWASP). Experience with programming languages like Python, Go, or Java. Excellent communication skills to work effectively across technical and business teams. Preferred Qualifications Bachelor's or Master's degree in More ❯

What skills are essential: You have an in-depth knowledge of security principles, technologies, best practices and threat detection and mitigation strategies Knowledge of common attack vectors and methodologies (OWASP Top 10, Mitre ATT&CK Framework and social engineering tactics The ability to identify potential threats, attack vectors, and vulnerabilities in systems and applications Ability to document security requirements from More ❯

supporting CI/CD pipeline tools such as Jira, Confluence, Bitbucket, Jenkins, Artifactory, and GitLab Exposure to cloud-based web services, particularly AWS Knowledge of secure coding practices, including OWASP, secrets management, and vulnerability remediation Strong understanding of networking concepts and architectures Experience working with scanning tools, such as Nessus, Fortify, and Anchore Broad infrastructure knowledge, including computer, networking, storage More ❯