Job Specifications
The Embedded Security Developer will be responsible for ensuring the secure design and implementation of embedded firmware and software components within our product portfolio. This role involves applying secure coding practices, performing threat modelling, and ensuring compliance with industry standards and internal processes. The ideal candidate will have a strong background in embedded systems development and a passion for cybersecurity.
PRINCIPLE JOB RESPONSIBILITIES
Perform security requirements analysis
Conduct risk analysis and threat modelling
Ensure secure design principles are applied such as least privilege, defence in depth, and secure defaults
Ensure secure implementation of requirements and threat mitigations, including:
Follow secure coding guidelines to prevent common vulnerabilities (e.g., buffer overflows, injection flaws)
Application of Static Code Analysis to identify security vulnerabilities in code
Application of Software Composition Analysis to ensure supply chain security
Unit testing and code reviews
Defect analysis and remediation
Ensure compliance with internal processes and applicable standards (e.g., IEC 62443, ISO 27001)
Support internal and external audits as required
Drive continuous improvement by staying updated on emerging threats, tools, and best practices
Occasional travel may be required, such as training or customer support.
Other responsibilities or tasks that are within your skills and abilities, whenever reasonably instructed. The business reserves the right to make reasonable adjustments in line with business requirements. This job description is non-contractual and is for information and mutual understanding of both parties.
REQUIRED QUALIFICATIONS AND EXPERIENCE
Minimum 5 years of experience in developing embedded firmware
Engineering degree in Software, Computer Science, Cybersecurity or equivalent demonstrated knowledge.
Strong C/C++ programming skills
Understanding of encryption algorithms, key management, and secure protocols (TLS, SSH, etc.)
Strong understanding of common vulnerabilities (e.g., OWASP Top 10, CWE/SANS Top 25)
Familiarity with Linux, Windows, RTOS and network protocols (TCP/IP, DNS, HTTP/S)
Understanding of industrial protocols (e.g., Serial, Modbus, HART)
Knowledge of industry standards: IEC 62443, ISO 27001, NIST, OWASP
Experience implementing DevSecOps best practices; Azure DevOps experience is a plus
Self-directed and motivated in a team orientated environment
About the Company
We provide a bespoke service in sourcing IT Talent and finding opportunities within the IT sector throughout Scotland, the UK, and also have an international reach.
As well as general IT roles, we also have dedicated divisions specialising in Cyber Security and Cloud & FinOps.
Our focus is on face-to-face contact with all our customers, both clients and candidates. This enable us to build stronger business relationships and ensure we find people fit for your business and a business fit for you.
We value face-to-face meet...
Know more