Security Design Engineer (AppSec)

The Company

Superb opportunity to join a leading financial services client with offices in Edinburgh.

This is an initial 6-month contract inside IR35. There will be a requirement to be in the office up to 3-days per week.

The Role

We are seeking an experienced Security Design Engineer (AppSec) to lead end-to-end security solution design across complex technology environments. You will produce high-quality architecture and design artefacts aligned to business and security standards, influence strategic direction, and provide hands-on application security expertise across large-scale transformation programmes.

What you'll do

  • Own and deliver secure solution designs, architecture patterns, design decisions, and risk assessments
  • Partner with enterprise and solution architects to ensure alignment with strategic architecture
  • Provide technical leadership and act as an AppSec subject matter expert for delivery teams
  • Design and embed security into modern application stacks and CI/CD pipelines
  • Present designs and recommendations to design authorities and senior stakeholders
  • Identify control gaps, define remediation plans, and manage residual risk
  • Support governance, peer review, and architectural assurance processes

What you'll bring

  • Deep application security experience across cloud-native, microservices, containerised and Kubernetes environments
  • Strong expertise in SAST, DAST, IAST, MAST, SCA, SBOMs, and supply-chain security
  • Proven experience integrating security testing into CI/CD (eg GitHub Actions, GitLab, Jenkins, Azure DevOps)
  • Threat modelling, secure SDLC design, and risk-based security policy development
  • Experience in vulnerability and exposure management and network security concepts (segmentation, logging, scanning)
  • Familiarity with industry frameworks (OWASP SAMM/ASVS, NIST SSDF, SLSA, CSA)
  • Ability to communicate complex security concepts to both technical and non-technical stakeholders
  • Experience working in large, complex IT transformation programmes

Tools & technologies

  • AppSec tools such as Checkmarx, Invicti, Snyk, Black Duck, Tenable (or similar)
  • Architecture modelling (eg BizzDesign, Archi, UML)
  • Jira and Confluence

Qualifications (preferred)

  • Degree in cybersecurity, computer science, software engineering, or related field
  • CISSP, CISM, or equivalent cybersecurity certification
  • SABSA or TOGAF certification

This is an opportunity to shape secure architecture at scale, influence senior stakeholders, and drive developer-centric security practices in a complex enterprise environment.

More details available on successful application.

Apply Now
Apply Now

Job Details

Company
Talent Smart Limited
Location
Edinburgh, Midlothian, United Kingdom EH120
Employment Type
Contract
Salary
GBP 675 - 690 Daily
Posted