{ “@context”: “http://schema.org”, “@type”: “JobPosting”, “title”: “Senior Software Security Engineer”, “description”: “
Requirements
- 5+ years of experience in Security Engineering with a focus on product security and/or application security
- Bachelor’s degree in Computer Science, Information Security, or a related technical field
- In-depth knowledge of Linux and Docker container-based infrastructures, including their orchestration (e.g. Kubernetes)
- Working knowledge of techniques, standards, and state-of-the-art authentication and authorization technologies, applied cryptography, security vulnerabilities and remediations
- Significant software development experience. Experience in Go (our main backend language), Typescript/Javascript, C/C++, Python and Bash is desirable
- Working knowledge of web-related protocols and technologies (HTTP, REST APIs, DOM, CSP), networking protocols (IP, TCP, UDP), and security protocols (TLS)
- Experience in performing threat modeling, with a good grasp of common threat vectors and frameworks
- Strong knowledge of security principles, best practices, and industry standards, such as NIST, ISO 27001, and CIS Critical Security Controls, OWASP ASVS and Testing Guides
- Familiarity with industry-standard security frameworks such as OWASP and NIST
- Experience with security tools such as SAST, DAST, IAST, and SCA
- Exceptional analytical and investigative skills, with hands-on experience in root cause analysis
- Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
- Experience with CI/CD pipeline, security tools integration, and secure SDLC
- Experience with cloud-based infrastructure (AWS, Azure, or Google Cloud), and best practices on how to secure cloud environments
- (Desirable) Familiarity with security considerations for AI/ML systems is desirable
- (Desirable) Understanding of distributed systems design, implementation and operation
- (Desirable) Understanding of privacy threats and controls, including how to adapt generic best practices to specific scenarios in the product by providing detailed specifications to stakeholders
- (Desirable) Exploit development experience, and good understanding of the necessary conditions to trigger different vulnerability types, and the maximum impact achievable
- (Desirable) Experience with enterprise log collection and analysis platforms (e.g., Splunk, OSQuery)
- Master's degree or equivalent experience preferred
- Security certifications are a plus, including OSCP, OSEE, SANS/GIAC, CCSP, and CISSP
- Excellent verbal and written communication, with the ability to translate complex security concepts to technical and non-technical stakeholders
- Demonstrated ability to design, document, and implement new security processes
- Experience in a high-growth technology environment or SaaS business
- Ability to remain calm under pressure, especially during incidents or audits
What the job involves
- The Senior Software Security Engineer will be responsible for analysing software designs and implementations from a security perspective, identifying and proposing remediations to security issues throughout the software development lifecycle (SDLC)
- Perform threat modelling, risk assessments, and architecture reviews to identify and mitigate risk
- Support the engineering teams on definition on detailed security requirements to meet compliance requirements and industry best practices
- Perform security code reviews looking for potential security vulnerabilities
- Act as a subject matter expert to advise and answer questions from engineering and compliance teams on technical product security matters
- Define and oversee the deployment of Software Composition Analysis (SCA) tools to compile SBOMs of software components, helping to identify known vulnerabilities and license compliance violations
- Define and oversee the deployment of automated security testing tools into CI pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Secret Detection scanning tools
- Manual penetration testing of web applications (backend and frontend). Manual penetration testing skills in the domains of cloud infrastructure, embedded/OS or mobile are desirable
- Write custom scripts or unit test cases to check for vulnerabilities or broken/missing security controls
- Recommend improvements to existing security scanning tools and processes, and propose new ones
- Periodically triage the findings from the automated security scanning tools
- Validate potential security vulnerabilities to determine whether they are actual true positives, or false positives (i.e. non-applicable) in the product context. Write proof of concept exploits when necessary to achieve this
- Assess the risk of vulnerabilities and threats in order to help the business determine their remediation priority order
- Communicate the identified security issues to engineering and compliance stakeholders, and manage them throughout the SDLC process to ensure they are properly addressed
- Establish and maintain secure coding standards, baseline product security requirements and more general best practices to provide guidance to development teams
- Assist the program area with implementing a secure Continuous Integration/Continuous Delivery (CI/CD) pipeline utilizing DevSecOps principles and practices to increase automation
- Implement automated security controls as part of CI/CD pipelines
- Support product security incident response processes, including root cause analysis (identify the affected product components, data, and the overall impact level) and definition of mitigation strategies
- Define clear criteria and protocols for security incident response
- Conduct post-incident analysis to compile lists of lessons learned, and measures to prevent similar incidents from reoccuring, and refine response strategies
- Monitor emerging security threats, vulnerabilities, and trends to proactively investigate, remediate, and integrate new protections
- Ensure products comply with relevant security standards, certifications, and regulations (e.g., OWASP, NIST)
Company: Deepstreamtech
Location: City of Edinburgh
Job Description:
Requirements
- 5+ years of experience in Security Engineering with a focus on product security and/or application security
- Bachelor’s degree in Computer Science, Information Security, or a related technical field
- In-depth knowledge of Linux and Docker container-based infrastructures, including their orchestration (e.g. Kubernetes)
- Working knowledge of techniques, standards, and state-of-the-art authentication and authorization technologies, applied cryptography, security vulnerabilities and remediations
- Significant software development experience. Experience in Go (our main backend language), Typescript/Javascript, C/C++, Python and Bash is desirable
- Working knowledge of web-related protocols and technologies (HTTP, REST APIs, DOM, CSP), networking protocols (IP, TCP, UDP), and security protocols (TLS)
- Experience in performing threat modeling, with a good grasp of common threat vectors and frameworks
- Strong knowledge of security principles, best practices, and industry standards, such as NIST, ISO 27001, and CIS Critical Security Controls, OWASP ASVS and Testing Guides
- Familiarity with industry-standard security frameworks such as OWASP and NIST
- Experience with security tools such as SAST, DAST, IAST, and SCA
- Exceptional analytical and investigative skills, with hands-on experience in root cause analysis
- Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
- Experience with CI/CD pipeline, security tools integration, and secure SDLC
- Experience with cloud-based infrastructure (AWS, Azure, or Google Cloud), and best practices on how to secure cloud environments
- (Desirable) Familiarity with security considerations for AI/ML systems is desirable
- (Desirable) Understanding of distributed systems design, implementation and operation
- (Desirable) Understanding of privacy threats and controls, including how to adapt generic best practices to specific scenarios in the product by providing detailed specifications to stakeholders
- (Desirable) Exploit development experience, and good understanding of the necessary conditions to trigger different vulnerability types, and the maximum impact achievable
- (Desirable) Experience with enterprise log collection and analysis platforms (e.g., Splunk, OSQuery)
- Master’s degree or equivalent experience preferred
- Security certifications are a plus, including OSCP, OSEE, SANS/GIAC, CCSP, and CISSP
- Excellent verbal and written communication, with the ability to translate complex security concepts to technical and non-technical stakeholders
- Demonstrated ability to design, document, and implement new security processes
- Experience in a high-growth technology environment or SaaS business
- Ability to remain calm under pressure, especially during incidents or audits
What the job involves
- The Senior Software Security Engineer will be responsible for analysing software designs and implementations from a security perspective, identifying and proposing remediations to security issues throughout the software development lifecycle (SDLC)
- Perform threat modelling, risk assessments, and architecture reviews to identify and mitigate risk
- Support the engineering teams on definition on detailed security requirements to meet compliance requirements and industry best practices
- Perform security code reviews looking for potential security vulnerabilities
- Act as a subject matter expert to advise and answer questions from engineering and compliance teams on technical product security matters
- Define and oversee the deployment of Software Composition Analysis (SCA) tools to compile SBOMs of software components, helping to identify known vulnerabilities and license compliance violations
- Define and oversee the deployment of automated security testing tools into CI pipelines, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Secret Detection scanning tools
- Manual penetration testing of web applications (backend and frontend). Manual penetration testing skills in the domains of cloud infrastructure, embedded/OS or mobile are desirable
- Write custom scripts or unit test cases to check for vulnerabilities or broken/missing security controls
- Recommend improvements to existing security scanning tools and processes, and propose new ones
- Periodically triage the findings from the automated security scanning tools
- Validate potential security vulnerabilities to determine whether they are actual true positives, or false positives (i.e. non-applicable) in the product context. Write proof of concept exploits when necessary to achieve this
- Assess the risk of vulnerabilities and threats in order to help the business determine their remediation priority order
- Communicate the identified security issues to engineering and compliance stakeholders, and manage them throughout the SDLC process to ensure they are properly addressed
- Establish and maintain secure coding standards, baseline product security requirements and more general best practices to provide guidance to development teams
- Assist the program area with implementing a secure Continuous Integration/Continuous Delivery (CI/CD) pipeline utilizing DevSecOps principles and practices to increase automation
- Implement automated security controls as part of CI/CD pipelines
- Support product security incident response processes, including root cause analysis (identify the affected product components, data, and the overall impact level) and definition of mitigation strategies
- Define clear criteria and protocols for security incident response
- Conduct post-incident analysis to compile lists of lessons learned, and measures to prevent similar incidents from reoccuring, and refine response strategies
- Monitor emerging security threats, vulnerabilities, and trends to proactively investigate, remediate, and integrate new protections
- Ensure products comply with relevant security standards, certifications, and regulations (e.g., OWASP, NIST)
#J-18808-Ljbffr…
Posted: May 20th, 2026