26 to 50 of 679 OWASP Jobs

or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ) Experience with designing and administering identity management (authentication and authorisation including policy enforcement points, token services, protocols such as OAuth2) Working knowledge of cryptography including encryption More ❯

What skills are essential: You have an in-depth knowledge of security principles, technologies, best practices and threat detection and mitigation strategies Knowledge of common attack vectors and methodologies (OWASP Top 10, Mitre ATT&CK Framework and social engineering tactics The ability to identify potential threats, attack vectors, and vulnerabilities in systems and applications Ability to document security requirements from More ❯

supporting CI/CD pipeline tools such as Jira, Confluence, Bitbucket, Jenkins, Artifactory, and GitLab Exposure to cloud-based web services, particularly AWS Knowledge of secure coding practices, including OWASP, secrets management, and vulnerability remediation Strong understanding of networking concepts and architectures Experience working with scanning tools, such as Nessus, Fortify, and Anchore Broad infrastructure knowledge, including computer, networking, storage More ❯

operations teams on bug fixes, retesting, and verifying patches in staging and production-mirroring environments. Quality & Best Practices • Champion infrastructure and security testing best practices, including vulnerability scanning (e.g., OWASP ZAP, Nessus), compliance checks, and disaster-recovery validations. • Contribute to continuous improvement by proposing new testing tools, frameworks, and process enhancements to raise overall system reliability and observability. Agile & Cross More ❯

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

more languages (Rust, Python, Go, Nodejs, etc.) Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity More ❯

in Computer Science, Computer Engineering, or related field, or equivalent work experience Coding skills in at least one primary language, such as Java or Python and React Understanding of OWASP Top 10, SANS Top 20, NIST 800-53, CIS, CSC, or other security standards Utilize Static Application Security Testing tools (i.e. Checkmarx) to identify and remediate code vulnerabilities 1+ years More ❯

You will also have: Experience creating application security strategies, standards, and best practices. Experience working with security issues in software architecture, development, including static/dynamic analysis, dependency checks, OWASP Top10, and threat modeling. Experience in an Agile environment with modern CI/CD tools like GitHub, Jenkins, Bamboo. Ability to translate security policies into effective security controls. Knowledge of … more. Remote working, training, career progression, and family-friendly policies. Keywords Senior Software Security Architect, SDLC, Secure by Design, Application Security, Architecture, Software Development, DevOps, InfoSec, Security, Programming Languages, OWASP, Agile, Cloud, Azure, GDPR, ISO 27001, NIST. Due to high application volumes, only suitable candidates will be contacted. We promote equality and diversity in the workplace. Additional Details Seniority level More ❯

SCCM or enterprise patch management tools Experience with Qualys or enterprise Vulnerability Management and Compliance toolsets. Security legislation and regulatory frameworks exposure and awareness • Industry best practices such as OWASP, Cyber security framework and NCSC guidance • Information Security Management System (Infrastructure Security Operations and Incident Management). • NIST Cyber Security Framework • ISO 27001 - Information Security Management System (ISMS) • CIS - Center More ❯

of defining, implementing, measuring, and supporting the adoption of secure software development lifecycle (SSDLC) practices and secure coding standards within engineering organizations. Strong understanding of web application security vulnerabilities (OWASP Top 10 and beyond), attack vectors, and mitigation techniques. Significant experience securing Infrastructure as Code (IaC) , particularly Terraform, and implementing relevant security checks. Solid experience with container security and securing … communication and influencing skills, with the ability to articulate complex security concepts clearly to technical audiences. Strong knowledge of relevant security frameworks and standards (e.g., NIST CSF, CIS Benchmarks, OWASP ASVS). Exposure and knowledge of the MITRE ATT&CK framework. Experience effectively coordinating external penetration testing engagements and managing remediation efforts. Nice to have Relevant advanced security certifications (e.g. More ❯

Umbrella solution. Essential skills/experience required: Certifications: OSCP or CREST/TIGER Scheme. Experience penetration testing, ethical hacking, or completing vulnerability assessments. Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc.). DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub Advanced Security, IaC scanning, etc.). Secure Cloud Infrastructure, specifically AWS and Azure. Scripting and automation More ❯

in maintaining security assurance across the SDLC in line with MoJ and NCSC guidelines. Essential Criteria Penetration testing, ethical hacking, or vulnerability assessments. Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc.). DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub Advanced Security, IaC scanning, etc.). Secure Cloud Infrastructure, specifically AWS and Azure. Scripting and automation More ❯

it will now be based on an Umbrella solution. Essential Skills/experience Required Experience penetration testing, ethical hacking, or completing vulnerability assessments. Security testing tools (e.g., Burp Suite, OWASP ZAP, Nikto, Nmap, Metasploit, etc.). DevSecOps principles and tools (e.g., Veracode, SonarQube, GitHub Advanced Security, IaC scanning, etc.). Secure Cloud Infrastructure, specifically AWS and Azure. Scripting and automation More ❯

with Postman for API testing. Knowledge of cloud services platforms like Azure, AWS, Google Cloud Platform etc. Understanding of SonarQube for code quality analysis. Security practices and tools like OWASP and Snyk. Additional Beneficial Experience: CI/CD tools like Jenkins or GitHub Actions. Container orchestration with Kubernetes. Front-end state management with Redux. TypeScript for enhanced JavaScript development. Back More ❯

defences. Technologies and Soft Skills required: Advanced technical knowledge of penetration testing techniques, security assessments, and vulnerability exploitation. Expertise in security testing tools (such as Burp Suite, Metasploit, Nmap, OWASP ZAP, etc.), as well as manual testing methods. Strong understanding of common application security vulnerabilities (such as SQL injection, XSS, CSRF, insecure deserialization, etc.) and OWASP Top 10. Proficiency in More ❯

in Python, PHP, JavaScript, and HTML. Utilize industry-standard tools including Burp Suite, Nessus, Checkmarx, HCL AppScan, WebInspect, and manual testing techniques. Conduct compliance-aligned security assessments based on OWASP, NIST, CREST, and MITRE ATT&CK frameworks. Reporting & Documentation Prepare detailed technical and executive reports, risk analysis, and remediation recommendations. Draft and maintain standardized test plans, methodologies, and reporting templates. … Minimum 4 years of penetration testing experience CREST CRT and CPSA certified (preferred) Other Security certifications: OSCP, OSWP, HTB, CBBH, CISSP (Bonus) Red Team experience (Bonus) Strong knowledge of OWASP Top 10, MITRE ATT&CK, CVSS, and secure coding practices Strong scripting and automation skills using Python, PowerShell, or Bash Experience with both automated tools and manual testing techniques Strong More ❯

Security & Compliance Assess application security risks and provide remediation strategies. Ensure compliance with industry standards (ISO 27001, GDPR, SOC 2, etc.). Implement best practices for secure software development (OWASP, encryption, IAM, etc.). 6. Performance Optimisation & Scaling Analyse system bottlenecks and recommend performance tuning strategies. Support database optimisations, caching mechanisms, and load balancing strategies. Assist in designing auto-scaling More ❯

Serverless, Cloud, PaaS, IaaS ...). Ability to work with diverse, remote, and distributed teams across multiple regions and time zones. SSDLC practices in DevOps, CI/CD environment. OWASP Top 10, SANS CWE, OpenSAMM, BSIMM, etc. Penetration testing, vulnerability scanning. Implementation of security monitoring tools. Implementing pipelines that make use of SCA, SAST, DAST, IAST and RASP solutions. Qualifications More ❯

secure, Bash, RHEL Collaboration tools - Jira, Confluence, Slack Behaviour Driven Development - Cucumber Micro-Service Architecture - Develop API design and open standards RESTful APIs Swagger Open API Cloud computing Security OWASP Top Ten Denial of Service SQL Injection Cross Site Request Forgery High Availability products - EDB failover manager RPC concepts and transport mechanisms - HTTP, Shared memory Containerisation - Docker, Kubernetes The role More ❯

skills in English Bonus : B.S. in Computer Science, Computer Engineering, or related field, or commensurate experience Experience working in an Agile development environment. Familiarity with application security projects (e.g. OWASP Top 10), tools (e.g. ZAP, Burp), and how to build safer software. Recognized industry certification and/or continuing education programs are a major Experience or familiarity with threat modeling More ❯

Requirements Bachelor’s degree in IT or equivalent experience. 5+ years in information/application security roles. Experience working in agile environments. Deep understanding of cloud security (Azure, AWS), OWASP, MITRE. Proven experience with policy interpretation and security implementation in real-world projects. Preferred Skills Certifications such as CISSP, CCSP, CEH, Microsoft Azure/AWS Security. Working knowledge of GDPR More ❯

Requirements Bachelor’s degree in IT or equivalent experience. 5+ years in information/application security roles. Experience working in agile environments. Deep understanding of cloud security (Azure, AWS), OWASP, MITRE. Proven experience with policy interpretation and security implementation in real-world projects. Preferred Skills Certifications such as CISSP, CCSP, CEH, Microsoft Azure/AWS Security. Working knowledge of GDPR More ❯

and their effective integration within the S-SDLC. Awareness of microservice architecture and associated common deployment patterns a must. Security Industry Knowledge: Deep familiarity with security standards & frameworks e.g., OWASP, MITRE Attack etc and their practical application. Technical Ability: Hands-on experience with scripting elegant, scalable solutions to encountered problems, and prior experience implementing and/or reviewing terraform for More ❯