Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design secure applications and manage end-to-end security solutions.
- Company: Join a remote-first cybersecurity company committed to inclusivity.
- Benefits: Flexible work, competitive salary, and opportunities for professional growth.
- Why this job: Make a real impact in the cybersecurity field with innovative projects.
- Qualifications: Experience in application security and strong collaboration skills required.
- Other info: Travel to client sites may be needed; adjustments offered during hiring.
The predicted salary is between 36000 - 60000 ÂŁ per year.
Dev/Null Security is seeking a Security Design Engineer (AppSec) to manage end‑to‑end solution design and be responsible for delivering design documents in line with functional and non‑functional business requirements, strategies, principles, standards, and patterns. Alongside the creation of high‑level designs, you will be required to publish new architecture patterns, key decisions, design deviations, and technical risks and issues where appropriate.
Requirements
- Cybersecurity Expertise: Significant experience and proven technical depth within application security, such as hands‑on experience securing modern application architectures (microservices, cloud‑native, containerized environments). Knowledge of SCA tools and methodologies (e.g., dependency analysis, open‑source license compliance, vulnerability triage, supply‑chain risk management). Deep experience implementing and optimising AST capabilities, including SAST, DAST, IAST, MAST and container/K8s security scanning. Demonstrated success designing and integrating security testing pipelines within CI/CD environments (GitHub Actions, GitLab, Jenkins, Azure DevOps, etc.). Strong background in threat modelling, secure SDLC design, and establishing risk‑based security policies for code, dependencies, and build systems. Ability to evaluate, select, and architect AppSec technologies, including enterprise SCA/AST platforms, SBOM solutions, and vulnerability management workflows. Experience collaborating with engineering teams to prioritise and remediate vulnerabilities, provide secure coding guidance, and enable developer‑centric security practices. Familiarity with industry frameworks and standards (OWASP SAMM, ASVS, CSA, NIST SSDF, supply‑chain security frameworks such as SLSA). Experience across vulnerability and exposure management including detection, analysis, management and resolution activities.
- Network Security: Experience within network security, such as segmentation and micro‑segmentation and its effects on vulnerability scanning. Defining and enforcing policies for secure network operations and appropriate access for vulnerability scanning. Establishing appropriate logging for the monitoring and analysis of network traffic to detect and respond to threats.
- Information Technology: Broad background across information technology with the ability to communicate clearly with non‑security technical SMEs at a comfortable level. Experience and understanding of both the roles and interlock between enterprise & solution architecture. Experience in both operational and transformation cybersecurity roles or a clear working understanding of both perspectives. Experience working in large‑scale IT transformation programmes. Ability to manage separation of control from technical design authority responsibilities – represent Cyber Services at technical and security design authorities to ensure that solutions are secure. Experience ensuring compliance with security controls to identify control gaps, develop remediation plans and determine residual risk across both local and national programmes.
Qualifications & Certifications
- Bachelors or master’s degree in cybersecurity, computer science, software engineering, or related field preferred.
- CISSP/CISM certification or other broad cybersecurity industry‑recognised certificate preferred.
- SABSA or TOGAF certified preferred.
Platform & Technology
- Experience with Checkmarx, Invicti, Snyk, BlackDuck, Tenable, or other related Application Security Testing products.
- BizzDesign, Archi, or generic UML visualisation experience for high‑level designs.
- High proficiency and expertise in Jira for project & tasks management.
- Working proficiency in Confluence for documentation.
Working at DevNull Security
While DevNull Security is a remote‑first company, our consulting team may be required to travel to client sites a few times per week, depending on project and customer needs. We believe that a career in cybersecurity should be accessible to everyone. We actively welcome applicants from all walks of life, regardless of race, ethnicity, gender identity, age, sexual orientation, disability, neurodiversity, socioeconomic background, or any other aspect of identity. As a growing company, we’re committed to fostering an inclusive, equitable, and accessible hiring experience. We proactively offer adjustments during application and assessment – tell us what you need.
Security Designer Engineer (AppSec) in Sheffield employer: Dev/Null Security
Contact Detail:
Dev/Null Security Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Security Designer Engineer (AppSec) in Sheffield
✨Tip Number 1
Network like a pro! Reach out to folks in the cybersecurity field, especially those who work at Dev/Null Security. A friendly chat can open doors and give you insights that might just land you an interview.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your AppSec projects or contributions. Whether it's a GitHub repo or a personal website, having tangible evidence of your expertise can make you stand out.
✨Tip Number 3
Prepare for the interview by brushing up on common AppSec scenarios. Think about how you'd tackle real-world security challenges and be ready to discuss your thought process. We want to see your problem-solving skills in action!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen. Plus, we love seeing candidates who take that extra step to connect with us directly.
We think you need these skills to ace Security Designer Engineer (AppSec) in Sheffield
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter to highlight your experience in application security. We want to see how your skills align with the specific requirements mentioned in the job description.
Showcase Your Expertise: Don’t hold back on detailing your hands-on experience with modern application architectures and security testing tools. We love seeing real examples of how you've tackled challenges in your previous roles.
Be Clear and Concise: When writing your application, keep it straightforward and to the point. We appreciate clarity, so make sure your key achievements and experiences stand out without unnecessary fluff.
Apply Through Our Website: We encourage you to submit your application directly through our website. It’s the best way for us to receive your details and ensures you’re considered for the role!
How to prepare for a job interview at Dev/Null Security
✨Know Your AppSec Inside Out
Make sure you brush up on your application security knowledge. Familiarise yourself with the latest trends in securing modern architectures, like microservices and cloud-native environments. Be ready to discuss specific tools and methodologies you've used, such as SCA tools and vulnerability management workflows.
✨Showcase Your Design Skills
Prepare to talk about your experience in creating high-level designs and architecture patterns. Bring examples of design documents you've delivered that align with business requirements. This will demonstrate your ability to manage end-to-end solution design effectively.
✨Collaborate Like a Pro
Highlight your experience working with engineering teams to prioritise vulnerabilities and provide secure coding guidance. Be prepared to share how you've enabled developer-centric security practices in past roles, as collaboration is key in this position.
✨Be Ready for Technical Questions
Expect questions around threat modelling, secure SDLC design, and risk-based security policies. Brush up on industry frameworks like OWASP SAMM and NIST SSDF, as these will likely come up during the interview. Showing your familiarity with these standards will set you apart.
