We are looking for a mid‑level Security by Design and Application Security specialist. The role focuses on ensuring security is built into applications from the beginning and supporting development teams with secure design and coding practices.
Key Responsibilities:Embed security practices early in the software development lifecycle (Security by Design).Perform secure code reviews for applications built in modern languages and frameworks.Identify, track, and help remediate security vulnerabilities in code, APIs, and cloud‑hosted services.Work closely with development teams to provide guidance on secure coding, design patterns, and architecture.Conduct threat modelling and assess risk for new features, designs, and integrations.Review application architectures to ensure they meet security best practices and organisational standards.Deliver security requirements, patterns, and controls for new and existing applications.Collaborate with DevOps and Cloud teams to ensure CI/CD pipelines include security checks.Support penetration testing, SAST/DAST results triage, and vulnerability management activities.Stay current with security frameworks and standards such as OWASP, NIST, CIS, ASVS, and API Security Top 10.
Required Experience:Strong hands‑on experience in application security and secure code review.Ability to work with languages like Java, .NET, JavaScript/TypeScript, Python, or similar.Practical understanding of OWASP Top 10, ASVS, API Security practices, and common vulnerability patterns.Experience with SAST, DAST, SCA, and related security tools.Knowledge of cloud security principles (AWS/Azure/GCP).Strong communication skills to influence developers, architects, and product teams.Experience conducting threat modelling (e.g., STRIDE).