Security Design Engineer (AppSec)

Posted 21 hours 29 minutes ago by Talent Smart Limited

£675 - £690 Daily
Contract
Not Specified
Design Jobs
Midlothian, Edinburgh, United Kingdom, EH120
Job Description

The Company

Superb opportunity to join a leading financial services client with offices in Edinburgh.

This is an initial 6-month contract inside IR35. There will be a requirement to be in the office up to 3-days per week.

The Role

We are seeking an experienced Security Design Engineer (AppSec) to lead end-to-end security solution design across complex technology environments. You will produce high-quality architecture and design artefacts aligned to business and security standards, influence strategic direction, and provide hands-on application security expertise across large-scale transformation programmes.

What you'll do

  • Own and deliver secure solution designs, architecture patterns, design decisions, and risk assessments
  • Partner with enterprise and solution architects to ensure alignment with strategic architecture
  • Provide technical leadership and act as an AppSec subject matter expert for delivery teams
  • Design and embed security into modern application stacks and CI/CD pipelines
  • Present designs and recommendations to design authorities and senior stakeholders
  • Identify control gaps, define remediation plans, and manage residual risk
  • Support governance, peer review, and architectural assurance processes

What you'll bring

  • Deep application security experience across cloud-native, microservices, containerised and Kubernetes environments
  • Strong expertise in SAST, DAST, IAST, MAST, SCA, SBOMs, and supply-chain security
  • Proven experience integrating security testing into CI/CD (eg GitHub Actions, GitLab, Jenkins, Azure DevOps)
  • Threat modelling, secure SDLC design, and risk-based security policy development
  • Experience in vulnerability and exposure management and network security concepts (segmentation, logging, scanning)
  • Familiarity with industry frameworks (OWASP SAMM/ASVS, NIST SSDF, SLSA, CSA)
  • Ability to communicate complex security concepts to both technical and non-technical stakeholders
  • Experience working in large, complex IT transformation programmes

Tools & technologies

  • AppSec tools such as Checkmarx, Invicti, Snyk, Black Duck, Tenable (or similar)
  • Architecture modelling (eg BizzDesign, Archi, UML)
  • Jira and Confluence

Qualifications (preferred)

  • Degree in cybersecurity, computer science, software engineering, or related field
  • CISSP, CISM, or equivalent cybersecurity certification
  • SABSA or TOGAF certification

This is an opportunity to shape secure architecture at scale, influence senior stakeholders, and drive developer-centric security practices in a complex enterprise environment.

More details available on successful application.