Security Designer Engineer; AppSec

Dev/Null Security is seeking a Security Design Engineer (App Sec) to manage end‑to‑end solution design and be responsible for delivering design documents in line with functional and non‑functional business requirements, strategies, principles, standards, and patterns. Alongside the creation of high‑level designs, you will be required to publish new architecture patterns, key decisions, design deviations, and technical risks and issues where appropriate.

• Cybersecurity Expertise:
  Significant experience and proven technical depth within application security, such as hands‑on experience securing modern application architectures (microservices, cloud‑native, containerized environments).
• Knowledge of SCA tools and methodologies (e.g., dependency analysis, open‑source license compliance, vulnerability triage, supply‑chain risk management).
• Deep experience implementing and optimising AST capabilities, including SAST, DAST, IAST, MAST and container/K8s security scanning.
• Demonstrated success designing and integrating security testing pipelines within CI/CD environments (Git Hub Actions, Git Lab, Jenkins, Azure Dev Ops, etc.).
• Strong background in threat modelling, secure SDLC design, and establishing risk‑based security policies for code, dependencies, and build systems.
• Ability to evaluate, select, and architect App Sec technologies, including enterprise SCA/AST platforms, SBOM solutions, and vulnerability management workflows.
• Experience collaborating with engineering teams to prioritise and remediate vulnerabilities, provide secure coding guidance, and enable developer‑centric security practices.
• Familiarity with industry frameworks and standards (OWASP SAMM, ASVS, CSA, NIST SSDF, supply‑chain security frameworks such as SLSA).
• Experience across vulnerability and exposure management including detection, analysis, management and resolution activities.

Experience with in network security, such as:

• Segmentation and Micro‑Segmentation and its affects on vulnerability scanning.
• Defining and enforcing policies for secure network operations and appropriate access for vulnerability scanning.
• Establishing appropriate logging for the monitoring and analysis of network traffic to detect and respond to threats.
• Broad background across information technology with the ability to communicate clearly with non‑security technical SMEs at a comfortable level.
• Experience and understanding of both the roles and interlock between enterprise & solution architecture.
• Experience in both operational and transformation cybersecurity roles or a clear working understanding of both perspectives.
• Experience working in large‑scale IT transformation programmes.
• Ability to manage separation of control from technical design authority responsibilities – represent Cyber Services at technical and security design authorities to ensure that solutions are secure.
• Experience ensuring compliance with security controls to identify control gaps, develop remediation plans and determine residual risk across both local and national programmes.

• Bachelors or master’s degree in cybersecurity, computer science, software engineering, or related field preferred.
• CISSP/CISM certification or other broad cybersecurity industry‑recognised certificate preferred.
• SABSA or TOGAF certified preferred.

• Experience with Checkmarx, Invicti, Snyk, Black Duck, Tenable, or other related Application Security Testing products.
• Bizz Design, Archi, or generic UML visualisation experience for high‑level designs.
• High proficiency and expertise in Jira for project & tasks management.
• Working proficiency in Confluence for documentation.

While Dev Null Security is a remote‑first company, our consulting team may be required to travel to client sites a few times per week, depending on project and customer needs.

We believe that a career in cybersecurity should be accessible to everyone. We actively welcome applicants from all walks of life, regardless of race, ethnicity, gender identity, age, sexual orientation, disability, neurodiversity, socioeconomic background, or any other aspect of identity.

As a growing company, we’re committed to fostering an inclusive, equitable, and accessible hiring experience. We proactively offer adjustments during application and assessment – tell us what you need.