Security Design Engineer (Application Security)

TEKsystems
Edinburgh, United Kingdom
3 days ago

Role details

Contract type
Contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Compensation
£ 117K

Job location

Edinburgh, United Kingdom

Tech stack

Azure
Cloud Computing
Continuous Integration
Software Design Documents
Github
Open Source Technology
Open Web Application Security
Systems Development Life Cycle
Secure Coding
Software Vulnerability Management
Software Security
Gitlab
Kubernetes
Jenkins
Static Application Security Testing
Microservices
Dynamic Application Security Testing

Job description

Security Design Engineers manage end-to-end solution design and are responsible for delivering design documents in line with functional and non-functional business requirements, strategies, principles, standards, and patterns. Alongside the creation of high-level designs, Security Design Engineers will be required to publish new architecture patterns, key decisions, design deviations, and technical risks and issues where appropriate.

Security Design Engineers will work with stakeholders including the relevant enterprise architect to ensure design decisions in delivery align to strategic direction.

Security Design Engineers should be comfortable presenting and sharing solutions at design authorities and senior leadership & stakeholders. Additionally, the Security Design Engineers will provide technical thought leadership and direction to their aligned projects and may stand in as subject matter experts and consultants related programmes.

Requirements

Significant experience and proven technical depth within application security, such as;

o Hands-on experience securing modern application architectures (microservices, cloud-native, containerized environments).

o Knowledge of SCA tools and methodologies (eg, dependency analysis, open-source license compliance, vulnerability triage, supply-chain risk management).

o Deep experience implementing and optimising AST capabilities, including SAST, DAST, IAST,MAST and container/K8s security scanning.

o Demonstrated success designing and integrating security testing pipelines within CI/CD environments (GitHub Actions, GitLab, Jenkins, Azure DevOps, etc.).

o Strong background in threat modelling, secure SDLC design, and establishing risk-based security policies for code, dependencies, and build systems.

o Ability to evaluate, select, and architect AppSec technologies, including enterprise SCA/AST platforms, SBOM solutions, and vulnerability management workflows.

o experience collaborating with engineering teams to prioritize and remediate vulnerabilities, provide secure coding guidance, and enable developer-centric security practices.

o Familiarity with industry frameworks and standards (OWASP SAMM, ASVS, CSA, NIST SSDF, supply-chain security frameworks such as SLSA).

o Experience across vulnerability and exposure management including detection, analysis, management and resolution activities

Apply for this position