Front-End Security Developer

The Front-End Security Developer will be responsible for ensuring the secure design and implementation of front-end applications. This includes applying secure coding practices, conducting threat modeling, and ensuring compliance with industry standards. The ideal candidate will have a strong background in front-end development and cybersecurity.

PLEASENOTEtheclientwillonlyacceptcandidateswhoareauthorisedtoworkintheUK,withouttherequirementforsponsorshiporANYtypeofvisa(e.g.dependant/spousal,post-studyetc.).

Inaddition,thisrolehybridbasedwith4daysintheScottishoffice,thereforeyoushouldcurrentlybelocatedinScotland.

• Perform security requirements analysis
• Conduct risk analysis and threat modelling
• Ensure secure design principles are applied such as least privilege, defence in depth, and secure defaults
• Ensure secure implementation of requirements and threat mitigations, including:
  • Follow secure coding guidelines to prevent common vulnerabilities (e.g., buffer overflows, injection flaws)
  • Application of Static Code Analysis to identify security vulnerabilities in code
  • Application of Software Composition Analysis to ensure supply chain security
  • Unit testing and code reviews

• Defect analysis and remediation
• Ensure compliance with internal processes and applicable standards (e.g., IEC 62443, ISO 27001)
• Support internal and external audits as required
• Drive continuous improvement by staying updated on emerging threats, tools, and best practices
• Occasional travel may be required, such as training or customer support.

• Minimum 5 years of experience in developing desktop applications and/or web applications
• Engineering degree in Software, Computer Science, Cybersecurity or equivalent demonstrated knowledge.
• Strong C++ programming skills and/or web application framework, i.e. Angular
• Understanding of encryption algorithms, key management, and secure protocols (TLS, SSH, etc.).
• Strong understanding of common vulnerabilities (e.g., OWASP Top 10, CWE/SANS Top 25).
• Familiarity with Linux, Windows, and network protocols (TCP/IP, DNS, HTTP/S).
• Understanding of industrial protocols (e.g., Serial, Modbus, HART).
• Knowledge of industry standards: IEC 62443, ISO 27001, NIST, OWASP.
• Experience implementing DevSecOps best practices; Azure DevOps experience is a plus.
• Self-directed and motivated in a team oriented environment.