Security Engineer
Description:
The Security Test Engineer will be responsible for ensuring the security robustness of software and firmware components within our product portfolio. This role involves conducting threat modeling, security testing, and vulnerability assessments, while ensuring compliance with internal processes and industry standards. The ideal candidate will be passionate about cybersecurity, detail-oriented, and experienced in testing within industrial environments.
PLEASE NOTE the client will only accept candidates who are authorised to work in the UK, without the requirement for sponsorship or ANY type of visa (e.g. dependant/spousal, post-study etc.).
In addition, this role hybrid based with 4 days in the Scottish office, therefore you should currently be located in Scotland.
PRINCIPLE JOB RESPONSIBILITIES
Perform security requirements analysis and threat modeling.
Conduct risk analysis and define test strategies aligned with security objectives.
Plan, execute, and report on security testing activities, including:
Tool and technique selection
Security requirements testing
Threat mitigation testing
Vulnerability testing
Abuse case testing
Attack surface analysis
Regression testing
Test automation
Analyse, report, and track security defects.
Ensure compliance with internal processes and applicable standards (e.g. IEC 62443, ISO 27001).
Support internal and external audits as required.
Drive continuous improvement by staying updated on emerging threats, tools, and best practices.
Occasional travel may be required, such as training or customer support.
REQUIRED QUALIFICATIONS AND EXPERIENCE
Minimum 5 years of experience in software and/or firmware testing
Engineering degree in Software, Computer Science, Cybersecurity or equivalent demonstrated knowledge.
Proficiency with tools such as Burp Suite, OWASP ZAP, Nessus, Metasploit, Wireshark, Nmap, Fortify, Checkmarx.
Knowledge of scripting languages such as Python, JavaScript, Bash, or PowerShell.
Understanding of encryption algorithms, key management, and secure protocols (TLS, SSH, etc.)
Strong understanding of common vulnerabilities (e.g., OWASP Top 10, CWE/SANS Top 25).
Familiarity with Linux, Windows, and network protocols (TCP/IP, DNS,
Understanding of industrial protocols (e.g., Serial, Modbus, HART).
Knowledge of industry standards : IEC 62443, ISO 27001, NIST, OWASP.
Experience implementing DevSecOps best practices ; Azure DevOps experience is a plus.
Self-directed and motivated in a team orientated environment