Secure System Development Specialists

The Secure System Development Specialist is responsible for ensuring that all software and systems are designed, developed, and maintained in line with secure coding principles, regulatory requirements (e.g., ISO 27001, NIST, GDPR, UK Cyber Essentials), and organizational security policies. The role focuses on building resilience into applications and infrastructure from the outset, reducing vulnerabilities, and enabling compliance with internal and external security standards.

• Secure Software Development – Apply secure coding practices throughout the Software Development Life Cycle (SDLC). Review, design, and implement system architecture to mitigate security risks. Conduct static and dynamic code analysis to identify vulnerabilities. Ensure integration of security controls into CI/CD pipelines.
• Security Reviews and Assurance – Perform security reviews of requirements, designs, and code before release. Collaborate with DevOps and QA teams to embed automated security testing. Provide remediation guidance to developers on identified vulnerabilities. Validate third-party libraries and APIs for security compliance.
• Compliance and Standards – Ensure software systems comply with regulatory frameworks (e.g., UK GDPR, UK NCSC guidance, PCI DSS, ISO 27001). Maintain awareness of UKVI, Home Office, and government IT compliance requirements if applicable. Document development processes, security controls, and assurance evidence for audits.
• Risk and Incident Management – Participate in threat modelling, risk assessments, and penetration testing planning. Investigate reported vulnerabilities or breaches in custom applications. Support incident response teams with technical analysis and fixes.
• Training and Awareness – Train and mentor developers in secure coding and best practices. Promote a “security by design” culture across IT and project teams.