Security Design Engineer in Edinburgh

Dev/Null Security is seeking a Security Design Engineer to manage end-to-end solution design and be responsible for delivering design documents in line with functional and non-functional business requirements, strategies, principles, standards, and patterns. As a Security Design Engineer you will work with stakeholders including the relevant enterprise architect to ensure design decisions in delivery align to strategic direction. You should be comfortable presenting and sharing solutions at design authorities, to senior leadership and stakeholders.

You will support and maintain the in-house developed Unified Policy Portal (UPP), a web application with an Azure hosted Data Lake backend, used for firewall rule recertification for CheckPoint, Illumio and Fortinet. The role involves architecting new features to incorporate new requirements to support WAF, Network Segmentation and Proxy capabilities. Additionally, assisting with re-platforming the service to a new infrastructure.

• Cybersecurity Expertise: Significant experience and proven technical depth and experience within software architecture, such as; System Design, design complex systems using architecture patterns. Data Modelling, create data models by defining data structures and produce entity relationship diagrams. API Design, integrate various systems using robust API frameworks. Broad background across information technology with the ability to communicate clearly with non-security technical SMEs at a comfortable level. Experience and understanding of both the roles and interlock between enterprise and solution architecture. Experience in both operational and transformation cybersecurity roles or a clear working understanding of both perspectives. Experience working in large-scale IT transformation programmes. Ability to manage separation of control from technical design authority responsibilities - represent Cyber Services at technical and security design authorities to ensure that solutions are secure. Experience ensuring compliance with security controls to identify control gaps, develop remediation plans and determine residual risk across both local and national programmes.

• Bachelors or master's degree in cybersecurity, computer science, software engineering, or related field preferred
• CISSP/CISM certification or other broad cybersecurity industry-recognised certificate preferred
• SABSA or TOGAF certified preferred

• Working experience with CheckPoint, Illumio, and/or Fortinet or similar related firewall technology.
• BizzDesign, Archi, or generic UML visualisation experience for high-level designs.
• High proficiency and expertise in Jira for project & tasks management.
• Working proficiency in Confluence for documentation.

While DevNull Security is a remote-first company, our consulting team may be required to travel to client sites up to 2–3 times per week, depending on project and customer needs. We believe that a career in cybersecurity should be accessible to everyone. We actively welcome applicants from all walks of life, regardless of race, ethnicity, gender identity, age, sexual orientation, disability, neurodiversity, socioeconomic background, or any other aspect of identity. As a growing company, we’re committed to fostering an inclusive, equitable, and accessible hiring experience. We proactively offer adjustments during application and assessment - tell us what you need.