51 to 75 of 89 OWASP Jobs

Bases, Guardrails, and model lifecycles. AI/ML Core: Mastery of FMs, RAG, tool-use, and non-deterministic agent logic. Security Frameworks: Proficiency in OWASP LLM Top 10 and NIST AI RMF . Role 1: Identity Expert Mission: Secure the "Human-to-Agent" and "Agent-to-Resource" identity chain. ...

technical documentation. Experience in supporting and developing environments and applications within Azure (e.g., WAMP/LAMP). Familiarity with cloud-based solutions adhering to OWASP developer best practices. Proficiency in languages/middleware such as Asp.Net, Python, PHP, Apache. Experience managing SQL databases (Azure DB, Managed SQL, MS SQL & MySQL ...

common vulnerabilities (XSS, CSRF, SQL Injection); experience building AppSec programs. Experience with any of the following: C#, React, JavaScript, REST APIs Participation in OWASP, BSides, open-source security projects, etc The ability to effectively communicate security concepts to both technical and non-technical audiences. What You'll Do: Establish ...

DAST, and SCA tooling - Snyk, Checkmarx, Semgrep, Burp Suite, or similar Threat modelling - comfortable running sessions with engineering and product teams Solid understanding of OWASP Top 10 and how to actually remediate real-world vulnerabilities API security - REST, GraphQL, and the common attack vectors around them Knowledge of secure SDLC ...

attack types (e.g. SQL injection, phishing, malware) Experience with log analysis and incident investigation Familiarity with Windows and/or Linux environments Understanding of OWASP Top 10 security risks Ability to work in a fast-paced, incident-driven environment Desirable Security certifications such as CompTIA Security+, GIAC GSEC, or ISC2 ...

attack types (e.g. SQL injection, phishing, malware) Experience with log analysis and incident investigation Familiarity with Windows and/or Linux environments Understanding of OWASP Top 10 security risks Ability to work in a fast-paced, incident-driven environment Desirable Security certifications such as CompTIA Security+, GIAC GSEC, or ISC2 ...

ownership and contribution to security decisions within projects Desirable Experience: Knowledge of security frameworks and standards including ISO 27001, PCI DSS, COBIT, NIST and OWASP Relevant certifications such as CISSP, CISM, CCSP, CEH or OSCP Experience working within public and/or private cloud environments This is an excellent opportunity ...

protection posture Familiarity with cloud networking constructs (VNets/VPCs, routing, load balancers, private endpoints, segmentation) Knowledge of common web application attack techniques (e.g. OWASP Top 10: injection, XSS, API abuse) and mitigation approaches Experience working with infrastructure-as-code and automation tools (Terraform, ARM, CloudFormation) for WAF deployment ...

reliability — profiling, query optimisation, structured logging, error tracking, and tracing .Collaborate on clean, secure code through code review, conventional Git workflows, and adherence to OWASP and secrets-management best practices .Required Skills & Experienc eBacken dStrong Python fundamentals, including async/await (asyncio) and modern tooling (uv/poetry, virtual environments … multi-cloud/hybrid setup .Infrastructure-as-code (Terraform, Pulumi, or Bicep) and Kubernetes package management with Helm .Security awareness — OWASP Top 10, dependency and secrets scanning (bandit, pip-audit, trivy) .Performance profiling experience (py-spy, cProfile) and frontend bundle optimisation .Experience generating typed API clients (e.g. openapi-typescript ...

reliability — profiling, query optimization, structured logging, error tracking, and tracing .Collaborate on clean, secure code through code review, conventional Git workflows, and adherence to OWASP and secrets-management best practices .Required Skills & Experienc eBacken dStrong Python fundamentals, including async/await (asyncio) and modern tooling (uv/poetry, virtual environments … multi-cloud/hybrid setup .Infrastructure-as-code (Terraform, Pulumi, or Bicep) and Kubernetes package management with Helm .Security awareness — OWASP Top 10, dependency and secrets scanning (bandit, pip-audit, trivy) .Performance profiling experience (py-spy, cProfile) and frontend bundle optimisation .Experience generating typed API clients (e.g. openapi-typescript ...

years of hands-on penetration testing experience across network, web, cloud, internal, red team, or purple team environments Excellent knowledge of: MITRE ATT&CK OWASP Threat modelling Attack surface analysis Experience with automated, dynamic, and static security testing tools Knowledge of regulatory frameworks including GDPR, PCI-DSS, and related compliance ...

lifecycle). AI/ML Foundations: Deep understanding of FMs, RAG , non-deterministic agents, and complex tool-use. Secure AI: Expert-level knowledge of OWASP LLM Top 10 and Agentic AI threats . Familiarity with NIST AI RMF is a massive plus! Your Mission: Identity & Access Specialist As our Identity ...

within Defence, Government, or other secure environments Previous experience working with Army or MOD systems Knowledge of secure development and architecture principles Understanding of OWASP, NCSC Cloud Security Principles, and GDPR Experience delivering complex technology transformation or modernisation programmes Strong communication and stakeholder management skills Desirable: Experience working within SFIA ...

practical "shift-left" model that enhances developer workflows rather than blocking them. Key Responsibilities Maturity Assessment and Strategy: Conduct an evidence-based audit against OWASP SAMM and NIST SSDF frameworks, translating findings into a prioritised 12-month risk-reduction roadmap. Pipeline Optimisation: Tuned tool signal-to-noise ratios (SAST … fluency in code, Infrastructure-as-Code (Terraform, Ansible), and YAML pipelines to maintain immediate credibility with senior software engineers. Framework Mastery: Practical application of OWASP SAMM, NIST SSDF, STRIDE, and MITRE ATTandCK. Cloud and Containers: Strong grounding in securing cloud workloads (AWS or Azure) and environments (Docker, Kubernetes). £600.00 ...

experience delivering web application, API, and/or infrastructure penetration tests in a professional consultancy setting. Strong understanding of common vulnerability classes (e.g. OWASP Top 10), exploitation techniques, and remediation guidance. Confident client-facing communication skills, with the ability to explain technical findings to both technical and non-technical audiences. ...

stored procedure expertise. KingswaySoft for integrations and migrations. CI/CD pipelines, Git branching, Visual Studio. Strong Agile/SCRUM background and understanding of OWASP Top 10. ...

architecture, dev-sec-ops, and network security. • Experience in browser security or mobile app security is desirable. • Good understanding of industry standards such as OWASP ASVS, OWASP Top-10, CIS benchmarks. • Hands-on experience with complex Azure and AWS architectures with an emphasis on containerised workloads. • Command-line/ ...

Hands-on experience delivering web application, API, and/or infrastructure penetration tests in a professional setting. Strong understanding of common vulnerability classes (e.g. OWASP Top 10), exploitation techniques, and remediation guidance. Confident client-facing communication skills, with the ability to explain technical findings to both technical and non-technical ...

accreditors to define security requirements and advise on risk mitigation strategies. Ensure adherence to security frameworks, regulatory requirements, and industry standards including GDPR, OWASP, and NCSC principles. Support the design and implementation of DevSecOps pipelines, secure CI/CD processes, and automated security tooling. Contribute to enterprise security strategy, architecture … development lifecycle (SSDLC) practices. Knowledge of secure architecture patterns, secure web application development, and API security. Experience implementing and governing security controls aligned to OWASP, NCSC Cloud Security Principles, and GDPR. Strong understanding of authentication and authorisation technologies including SAML, OAuth2, OpenID Connect, Active Directory, ADFS, and LDAP. Experience supporting ...

ASP.NET/ASP.NET Core, MVC JavaScript, HTML, CSS, JSON, Bootstrap Experience with debugging, testing, and deploying web applications Understanding of web security principles (e.g., OWASP) About you: Ideally, 3+ years’ experience in web development Strong problem-solving and analytical skills Able to work independently and as part of a team ...

C#, MVC, ASP.NET Core, JavaScript, HTML & CSS Experience debugging, profiling and deploying web applications Solid understanding of MVC patterns, ASP.NET controllers & web security (OWASP) Comfortable working with IIS Exposure to frameworks like React, Vue, Angular or Knockout is a plus Degree in Computer Science or related field preferred ...

DHCP, routing, switching). Hands-on experience with vulnerability management tools (e.g., Nessus, Qualys, Rapid7). Knowledge of common vulnerabilities and exposures (CVEs), OWASP Top 10, and security best practices. Experience in patch management and remediation techniques. Familiarity with operating systems (Windows, Linux) and network devices. Understanding of firewalls ...

delivery teams in Agile and DevOps environments to embed security by design. Support compliance with security and regulatory frameworks including ISO 27001, PCI DSS, OWASP and internal standards. Review security posture of vendors and outsourced services, providing due diligence and third-party risk assurance. Present security findings, risk opinions … security, secure application delivery, third-party risk management and access management practices. Experience applying recognised frameworks and standards such as ISO 27001, PCI DSS, OWASP, NIST and enterprise security control frameworks. Ability to translate complex technical risks into business language and provide clear, evidence-based recommendations. Exposure to contemporary architectures. ...

experience in software and/or firmware testing Engineering degree in Software, Computer Science, Cybersecurity or demonstrated knowledge. Proficiency with tools: Burp Suite, OWASP ZAP, Nessus, Nmap Fortify, Checkmarx, Metasploit, Wireshark. Knowledge of scripting languages such as Python, JavaScript, Bash, or PowerShell. Understanding of encryption algorithms, key management, & secure protocols … Strong understanding of common vulnerabilities (e.g., OWASP Top 10, CWE/SANS Top 25) Familiarity with Linux, Windows, and network protocols (TCP/IP, DNS, HTTP/S) Understanding of industrial protocols (e.g., Serial, Modbus, HART) Knowledge of industry standards: IEC 62443, ISO 27001, NIST, OWASP Nice-to-have: Experience ...

experience in software and/or firmware testing Engineering degree in Software, Computer Science, Cybersecurity or demonstrated knowledge. Proficiency with tools: Burp Suite, OWASP ZAP, Nessus, Nmap Fortify, Checkmarx, Metasploit, Wireshark. Knowledge of scripting languages such as Python, JavaScript, Bash, or PowerShell. Understanding of encryption algorithms, key management, & secure protocols … Strong understanding of common vulnerabilities (e.g., OWASP Top 10, CWE/SANS Top 25) Familiarity with Linux, Windows, and network protocols (TCP/IP, DNS, HTTP/S) Understanding of industrial protocols (e.g., Serial, Modbus, HART) Knowledge of industry standards: IEC 62443, ISO 27001, NIST, OWASP Nice-to-have: Experience ...