Job Specifications
The Company
Superb opportunity to join a leading financial services client with offices in Edinburgh.
This is an initial 6-month contract inside IR35. There will be a requirement to be in the office up to 3-days per week.
The Role
We are seeking an experienced Security Design Engineer (AppSec) to lead end-to-end security solution design across complex technology environments. You will produce high-quality architecture and design artefacts aligned to business and security standards, influence strategic direction, and provide hands-on application security expertise across large-scale transformation programmes.
What you'll do
Own and deliver secure solution designs, architecture patterns, design decisions, and risk assessments
Partner with enterprise and solution architects to ensure alignment with strategic architecture
Provide technical leadership and act as an AppSec subject matter expert for delivery teams
Design and embed security into modern application stacks and CI/CD pipelines
Present designs and recommendations to design authorities and senior stakeholders
Identify control gaps, define remediation plans, and manage residual risk
Support governance, peer review, and architectural assurance processes
What you'll bring
Deep application security experience across cloud-native, microservices, containerised and Kubernetes environments
Strong expertise in SAST, DAST, IAST, MAST, SCA, SBOMs, and supply-chain security
Proven experience integrating security testing into CI/CD (eg GitHub Actions, GitLab, Jenkins, Azure DevOps)
Threat modelling, secure SDLC design, and risk-based security policy development
Experience in vulnerability and exposure management and network security concepts (segmentation, logging, scanning)
Familiarity with industry frameworks (OWASP SAMM/ASVS, NIST SSDF, SLSA, CSA)
Ability to communicate complex security concepts to both technical and non-technical stakeholders
Experience working in large, complex IT transformation programmes
Tools & technologies
AppSec tools such as Checkmarx, Invicti, Snyk, Black Duck, Tenable (or similar)
Architecture modelling (eg BizzDesign, Archi, UML)
Jira and Confluence
Qualifications (preferred)
Degree in cybersecurity, computer science, software engineering, or related field
CISSP, CISM, or equivalent cybersecurity certification
SABSA or TOGAF certification
This is an opportunity to shape secure architecture at scale, influence senior stakeholders, and drive developer-centric security practices in a complex enterprise environment.
More details available on successful application.
About the Company
Talent Smart is expanding with consistent efforts to progress our business from the inception of our operations. We are successful in leveraging on our expertise, technology and infrastructure platforms to deliver the desired output and become a preferred partner to our clients. We have focused on value creation for our clients with the right blend of processes, technologies and our skilled in-house staff. We help our clients by reducing the financial and opportunity costs of an employee. We focus on continuous improvement o...
Know more