101 to 125 of 679 OWASP Jobs

vulnerability scanning to evaluate the effectiveness of security controls and identify weaknesses. Security Compliance: Ensure that applications comply with relevant security standards, regulations, and industry best practices, such as OWASP Top 10, OWASP ASVS, MAVS, PCI DSS, and GDPR. Security Architecture: Assist in designing and implementing secure application architectures, including authentication mechanisms, access controls, encryption, and secure communication protocols. Incident More ❯

pure product or application security Strong expertise in offensive security techniques and methodologies, including ethical security testing Deep understanding of secure coding practices, common vulnerabilities and risk scoring methodologies (OWASP Top 10, CWE, CVSS scoring etc.) Strong experience communicating to stakeholders of varying technical skill levels Your experience should include: Using offensive security tooling, including tools such as Burp Suite More ❯

and developer engagement Application Security Engineer - Requirements: 3–5+ years of experience in application security or secure software development Strong understanding of common vulnerabilities and how to prevent them (OWASP Top 10) Experience with CI/CD pipelines and integrating AppSec tooling Familiarity with modern programming languages (JavaScript, Java, Python) Excellent communication skills and a collaborative mindset when working with More ❯

team environment with a positive attitude and strong work ethic Knowledge of security standards and regulations such as ISO 27001, GDPR and NIST/SOC 2 reporting Knowledge of OWASP, CVSS and threat intelligence and modelling Demonstrated experience of incident management processes and procedures Excellent verbal and written communication skills Willingness to travel, we are a global business, and some More ❯

with their opinions. Desirable qualifications, capabilities, and skills: Experience in a software engineering role, ideally with focus on security. Working knowledge of offensive security, Application and Infrastructure penetration testing (OWASP top 10, OWASP ASVS). Understanding of security vulnerabilities and remediation options in codebases & containers. Working knowledge of methods for authentication and authorization (ODIC, OAuth 2, FIDO 2, etc) Don More ❯

and self-starter Deep understanding of common as well as emerging vulnerabilities and how they manifest in different types of applications (web applications, thick clients, APIs, etc) Familiarity with OWASP Top 10, SANS Top 25, NIST/CSC, CIS etc. Applied understanding of topics such as authentication, access control, encryption, cloud security, operating system security, network security, database security. Familiarity More ❯

testing and ethical hacking. Strong understanding of cloud security (AWS, Azure, GCP). Familiarity with Go and Node.js application security. Experience with TEE technologies or confidential computing. Knowledge of OWASP Top 10, CVEs, and secure coding practices. Proficiency with tools like Burp Suite, Metasploit, Nmap, Wireshark, etc. Certifications such as OSCP, CEH, or GIAC are a plus. Nice to Have More ❯

mentor and advocate, fostering a culture of security awareness across engineering and business teams. Compliance And Standards Ensure product security practices align with relevant security frameworks and standards (e.g., OWASP, NIST, ISO 27001, GDPR, PCI DSS). Support regulatory compliance efforts and maintain evidence to meet audit requirements. Collaboration And Communication Function as the primary interface between security, development, and … modelling, security reviews, and penetration testing. Proven ability to secure cloud-native architectures, containerization technologies, and Infrastructure as Code (IaC) environments. Familiarity with industry standards and frameworks such as OWASP, BSIMM, PCI DSS, ISO 27001, and GDPR. Security Integration Experience Demonstrated ability to seamlessly integrate secure development practices into SDLC/SSDLC workflows. Skilled in implementing technical security controls and More ❯

distributed teams across multiple regions and time zones. Ability to do research autonomously to always be ahead of any security threat. SSDLC practices in DevOps, CI/CD environment. OWASP Top 10, SANS CWE, OpenSAMM, BSIMM, etc. Penetration testing, vulnerability scanning. Design security monitoring tools. Designing pipelines that make use of SCA, SAST, DAST, IAST and RASP solutions. Qualifications: SANS More ❯

IDS/IPS, micro-segmentation, and host security Experience with security products such as Trellix, Ivanti, ClearSwift, and Yubikey is a plus Experience with secure coding practices and vulnerabilities (OWASP Top 10, SANS Top 25) Knowledge of security compliance and regulatory frameworks (e.g., NIST, CIS Benchmarks) Experience working with DevOps tools (e.g., Kubernetes, CI/CD pipelines, Ansible, Terraform) Scripting More ❯

and an understanding of infrastructure-as-code, networking, and API design. Salesforce Exposure: Familiarity with complex Salesforce environments and their associated security considerations. Modern Security Frameworks: Deep familiarity with OWASP CI/CD, DSOMM, SAMM, and Cloud Security Posture Management tools (e.g. Azure Defender, Prisma Cloud). Security Tooling Expertise: Strong hands-on experience with security scanning tools, including SAST More ❯

application monitoring platforms such as Dynatrace and Catchpoint. Understanding of .NET applications and experience making small code changes when required. Knowledge of Akamai or similar CDNs, perimeter security, and OWASP security guidelines. Strong networking experience across DNS, routing, load balancers, and firewalls. Skilled with enterprise‐level deployments across microservices and multi‐server environments. Experience with MLOps platforms (ideally Azure), database More ❯

application monitoring platforms such as Dynatrace and Catchpoint. Understanding of .NET applications and experience making small code changes when required. Knowledge of Akamai or similar CDNs, perimeter security, and OWASP security guidelines. Strong networking experience across DNS, routing, load balancers, and firewalls. Skilled with enterprise‐level deployments across microservices and multi‐server environments. Experience with MLOps platforms (ideally Azure), database More ❯

Experience with Azure Managed Services, Docker, Kubernetes, Terraform, Helm Experience building modern web apps using Angular and Typescript Experience working in Azure DevOps managing backlogs etc Working knowledge of OWASP security best practices Knowledge of working with FedRamp compliance Our Employer Commitment This job posting will remain active until a qualified candidate is identified. At Ivanti, we are committed to More ❯

security: Kubernetes (K8s) Security & Compliance Cloud and application security: Cloud posture management tools (e.g. Azure Dender, GCP SCCE), WAFs (e.g. Azure WAF, Cloud Armor AWS WAF), and protection against OWASP Top 10 and emerging threats. Network & infrastructure security: Network security principles (e.g. segmentation, monitoring, intrusion detection/prevention). Any experience in Zero Trust architecture in cloud environments would be More ❯

maintaining Datadog Experience using GitHub and GitHub Actions Behaviour Driven Development (BDD), with Gherkin & SpecFlow Atlassian Jira, Confluence & JFrog Artifactory Ideally some software security best practices and implementation (e.g. OWASP, PKI, X509 Certificates, TLS) Software development for regulated environments (e.g. IVD/Medical devices). Not essential More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

EKS, AKS, OpenShift), CI/CD pipelines, and infrastructure as code (Terraform) Security integration experience across the DevSecOps lifecycle, including: SAST, DAST, SCA, and IAST tools (e.g., Checkmarx, Veracode, OWASP ZAP) Secrets management tools like HashiCorp Vault Vulnerability management solutions such as Prisma Cloud Testing frameworks like Selenium Familiarity with JIRA, Confluence, and GitLab/Jenkins-based CI/CD More ❯

Deep understanding of the full software development lifecycle (SDLC) and agile methodologies. Experience with relational databases (e.g., MySQL, SQL Server, Oracle). Strong knowledge of security best practices (e.g. OWASP, PCI, SOC2, HIPAA). Proficiency with Google Cloud Platform (GCP), Amazon Web Services (AWS), or similar cloud environments. Demonstrated experience applying modern software development practices in a collaborative, agile environment. More ❯

/CD tools (e.g., Azure DevOps) Experience working in agile environments and cross-functional teams Familiarity with SEO, multilingual site setup and content strategy Understanding of security best practices (OWASP, GDPR, ISO27001) Experience deploying on Azure App Services or similar cloud platforms Ability to work under pressure and manage multiple tasks effectively BENEFITS: Competitive Salary: Base salary commensurate with experience More ❯

/CD tools (e.g., Azure DevOps) Experience working in agile environments and cross-functional teams Familiarity with SEO, multilingual site setup and content strategy Understanding of security best practices (OWASP, GDPR, ISO27001) Experience deploying on Azure App Services or similar cloud platforms Ability to work under pressure and manage multiple tasks effectively BENEFITS: Competitive Salary: Base salary commensurate with experience More ❯