Description
Security Design Engineers manage end-to-end solution design and are responsible for delivering design documents in line with functional and non-functional business requirements, strategies, principles, standards, and patterns. Alongside the creation of high-level designs, Security Design Engineers will be required to publish new architecture patterns, key decisions, design deviations, and technical risks and issues where appropriate.
Security Design Engineers will work with stakeholders including the relevant enterprise architect to ensure design decisions in delivery align to strategic direction.
Security Design Engineers should be comfortable presenting and sharing solutions at design authorities and senior leadership & stakeholders. Additionally, the Security Design Engineers will provide technical thought leadership and direction to their aligned projects and may stand in as subject matter experts and consultants related programmes.
This position sits in-between a Application Architect and Security consultant with elements of both roles however we are more focused on finding candidates who are stronger on the Application Architect role. This will be a contract position up until November with the potential to be extended. It can be based in either Edinburgh or Sheffield with 3 days a week required in office.
Required Skills:
Significant experience and proven technical depth within application security, such as;
o Hands-on experience securing modern application architectures (microservices, cloud-native, containerized environments).
o Knowledge of SCA tools and methodologies (, dependency analysis, open-source license compliance, vulnerability triage, supply-chain risk management).
o Deep experience implementing and optimising AST capabilities, including SAST, DAST, IAST,MAST and container/K8s security scanning.
o Demonstrated success designing and integrating security testing pipelines within CI/CD environments (GitHub Actions, GitLab, Jenkins, Azure DevOps, etc.).
o Strong background in threat modelling, secure SDLC design, and establishing risk-based security policies for code, dependencies, and build systems.
o Ability to evaluate, select, and architect AppSec technologies, including enterprise SCA/AST platforms, SBOM solutions, and vulnerability management workflows.
o experience collaborating with engineering teams to prioritize and remediate vulnerabilities, provide secure coding guidance, and enable developer-centric security practices.
o Familiarity with industry frameworks and standards (OWASP SAMM, ASVS, CSA, NIST SSDF, supply-chain security frameworks such as SLSA).
experience across vulnerability and exposure management including detection, analysis, management and resolution activitiesJob Title: Security Design Engineer (Application Security)
Location: Edinburgh, UK
Rate/Salary: - GBP Daily
Job Type: Contract
Trading as TEKsystems. Allegis Group Limited, Maxis 2, Western Road, Bracknell, RG12 1RT, United Kingdom. No. 2876353. Allegis Group Limited operates as an Employment Business and Employment Agency as set out in the Conduct of Employment Agencies and Employment Businesses Regulations 2003. TEKsystems is a company within the Allegis Group network of companies (collectively referred to as "Allegis Group"). Aerotek, Aston Carter, EASi, Talentis Solutions, TEKsystems, Stamford Consultants and The Stamford Group are Allegis Group brands.
