Application Security Test Engineer (DAST IAST) Cambridge / WFH to £70k

Are you a security focussed Test Engineer?

You could be joining a market leading software house that's remote access product is used by hundreds of millions of users worldwide.

What's in it for you:

• Salary to £70k
• Bonus
• Hybrid working
• Pension, Private Medical Care, Life Assurance, Travel Insurance
• Subsidised gym membership and a range of other perks

Your role:

As an Application Security Test Engineer you'll play a key role in building security into applications, carrying out threat modelling and risk assessments during the design phase to ensure solutions are secure by default. You'll help define security requirements for new features and take part in architecture reviews to spot and address potential risks early.

Working closely with development teams, you'll carry out secure code reviews and provide guidance on best practices, including alignment with CIS Critical Security Controls and the OWASP Top 10, collaborating with engineers to embed security into development workflows rather than treating it as an afterthought.

You'll be hands-on with security testing across a range of environments, running Dynamic Application Security Testing (DAST) against live applications, focusing on issues such as cross-site scripting, SQL injection and broken access control. You'll also use Interactive Application Security Testing (IAST) tools for runtime analysis, including tools such as Burp Suite, OWASP ZAP and Frida, alongside Static Application Security Testing (SAST) and software composition analysis to assess source code, binaries, and third-party dependencies.

Location / WFH:

You can work from home most of the time, meeting up with colleagues in the Cambridge office on a weekly / monthly basis.

About you:

• You have a strong understanding of the secure software development lifecycle and DevSecOps principles
• You have a good knowledge of Application Security principles and common vulnerabilities (e.g., XSS, SQL Injection, Broken Access Control)
• You have hands-on experience with DAST, IAST and Penetration Testing tools (e.g., Burp Suite, OWASP ZAP, Frida) and Static Application Security Testing (SAST)
• You can read and understand code (e.g. Java, Python, C++ or similar)
• You're familiar with using software composition analysis (SCA) tools such as Blackduck, Mend / Whitesource, Snyk or similar

• You're collaborative and pragmatic with great communications skills

Apply now to find out more about this Application Security Test Engineer (DAST IAST) opportunity.

At Client Server we believe in a diverse workplace that allows people to play to their strengths and continually learn. We're an equal opportunities employer whose people come from all walks of life and will never discriminate based on race, colour, religion, sex, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. The clients we work with share our values.