Security Test Engineer

The Security Test Engineer will be responsible for ensuring the security robustness of software and firmware components within our product portfolio. This role involves conducting threat modeling, security testing, and vulnerability assessments, while ensuring compliance with internal processes and industry standards. The ideal candidate will be passionate about cybersecurity, detail-oriented, and experienced in testing within industrial environments.

PLEASENOTEtheclientwillonlyacceptcandidateswhoareauthorisedtoworkintheUK,withouttherequirementforsponsorshiporANYtypeofvisa(e.g.dependant/spousal,post-studyetc.).

Inaddition,thisrolehybridbasedwith4daysintheScottishoffice,thereforeyoushouldcurrentlybelocatedinScotland.

• Perform security requirements analysis and threat modeling.
• Conduct risk analysis and define test strategies aligned with security objectives.
• Plan, execute, and report on security testing activities, including:
  • Tool and technique selection
  • Security requirements testing
  • Threat mitigation testing
  • Vulnerability testing
  • Abuse case testing
  • Attack surface analysis
  • Regression testing
  • Test automation
• Analyze, report, and track security defects.
• Ensure compliance with internal processes and applicable standards (e.g. IEC 62443, ISO 27001).
• Support internal and external audits as required.
• Drive continuous improvement by staying updated on emerging threats, tools, and best practices.
• Occasional travel may be required, such as training or customer support.

• Minimum 5 years of experience in software and/or firmware testing
• Engineering degree in Software, Computer Science, Cybersecurity or equivalent demonstrated knowledge.
• Proficiency with tools such as Burp Suite, OWASP ZAP, Nessus, Metasploit, Wireshark, Nmap, Fortify, Checkmarx.
• Knowledge of scripting languages such as Python, JavaScript, Bash, or PowerShell.
• Understanding of encryption algorithms, key management, and secure protocols (TLS, SSH, etc.).
• Strong understanding of common vulnerabilities (e.g., OWASP Top 10, CWE/SANS Top 25).
• Familiarity with Linux, Windows, and network protocols (TCP/IP, DNS, HTTP/S).
• Understanding of industrial protocols (e.g., Serial, Modbus, HART).
• Knowledge of industry standards: IEC 62443, ISO 27001, NIST, OWASP.
• Experience implementing DevSecOps best practices; Azure DevOps experience is a plus.
• Self-directed and motivated in a team oriented environment.