The Front-End Security Developer will be responsible for ensuring the secure design and implementation of front-end applications. This includes applying secure coding practices, conducting threat modeling, and ensuring compliance with industry standards. The ideal candidate will have a strong background in front-end development and cybersecurity.
PLEASENOTEtheclientwillonlyacceptcandidateswhoareauthorisedtoworkintheUK,withouttherequirementforsponsorshiporANYtypeofvisa(e.g.dependant/spousal,post-studyetc.).
Inaddition,thisrolehybridbasedwith4daysintheScottishoffice,thereforeyoushouldcurrentlybelocatedinScotland.
PRINCIPLE JOB RESPONSIBILITIES
* Perform security requirements analysis
* Conduct risk analysis and threat modelling
* Ensure secure design principles are applied such as least privilege, defence in depth, and secure defaults
* Ensure secure implementation of requirements and threat mitigations, including:
o Follow secure coding guidelines to prevent common vulnerabilities (e.g., buffer overflows, injection flaws)
o Application of Static Code Analysis to identify security vulnerabilities in code
o Application of Software Composition Analysis to ensure supply chain security
o Unit testing and code reviews
* Defect analysis and remediation
* Ensure compliance with internal processes and applicable standards (e.g., IEC 62443, ISO 27001)
* Support internal and external audits as required
* Drive continuous improvement by staying updated on emerging threats, tools, and best practices
* Occasional travel may be required, such as training or customer support.
REQUIRED QUALIFICATIONS AND EXPERIENCE
* Minimum 5 years of experience in developing desktop applications and/or web applications
* Engineering degree in Software, Computer Science, Cybersecurity or equivalent demonstrated knowledge.
* Strong C++ programming skills and/or web application framework, i.e. Angular
* Understanding of encryption algorithms, key management, and secure protocols (TLS, SSH, etc.).
* Strong understanding of common vulnerabilities (e.g., OWASP Top 10, CWE/SANS Top 25).
* Familiarity with Linux, Windows, and network protocols (TCP/IP, DNS, HTTP/S).
* Understanding of industrial protocols (e.g., Serial, Modbus, HART).
* Knowledge of industry standards: IEC 62443, ISO 27001, NIST, OWASP.
* Experience implementing DevSecOps best practices; Azure DevOps experience is a plus.
* Self-directed and motivated in a team oriented environment.
#J-18808-Ljbffr