Senior Application Developer (Security)

About Us

Leighton: 32 years and counting. Experienced and agile. Trusted by some of the world’s biggest brands. We develop and deliver custom software. We use technology to make money, save money, create efficiencies, integrate systems, solve problems. To help our customers thrive. We have a pool of talent. To manage projects. Test to high standards. Create user experiences for every type of user. We include, include, include. Our service is personal. We know your name. We can do amazing things with tech. We’ve got the talent. We decide what’s best for our customer together.

Our Values

The Leighton culture defines how we do business and how we interact with our colleagues and customers. It makes us unique and provides us with a competitive advantage

• We act with honesty and truth, always!
• We collaborate to bring our purpose to life in a caring and supportive way
• We nurture our amazing people to be the best version of themselves
• Passionate about what we do, proud of what we achieve
• Our curiosity inspires the amazing

Key Responsibilities:

• Code Security Analysis: Review backend code to identify security flaws, misconfigurations, or vulnerabilities.

• Threat Modelling: Lead and contribute to threat modeling sessions — analyse how our products handle data, map potential attack vectors (especially OWASP Top 10), and design mitigation strategies.

• Secure Development Practices: Help the development team adopt secure coding practices, identify systematic security issues, and uplift the overall engineering team's security awareness.

• Security Tooling Integration: Use tools like Snyk (for third-party dependency scanning) to monitor for vulnerabilities. Translate scan results into actionable tickets in Jira.

• Collaboration & Enablement: Work closely with engineering teams to triage issues, build secure-by-design features, and guide developers in resolving security concerns.

• Security Champion: Act as an internal advocate for security, promoting a culture of shared responsibility and continuous improvement.

Mandatory Experience:

• Solid experience as a developer having utilised (JavaScript/Python)

• Ability to read and understand code quickly, including unfamiliar codebases

• Familiarity with modern security tools (e.g., Snyk, OWASP ZAP, Burp Suite)

• Strong understanding of common web vulnerabilities (OWASP Top 10)

• Experience with threat modeling and secure design principles

• Comfortable translating technical findings into prioritised improvements for the engineering team

Behaviours

• An open and genuine communicator
• Able to take responsibility for your actions
• Always learning and wanting to improve
• Takes responsibility for own development
• Love what you do
• Value and support your team
• Embrace who you are
• Open minded and willing to explore new ideas

What We Offer

We value our team and to attract exceptional people, we offer an excellent package! In 2023 we were recognised as one of the Best Workplaces in Tech by Great Place To Work UK, the global authority on workplace culture.

As a Leighton employee you can look forward to:

• A competitive salary this will be dependent on experience.
• A contributory pension scheme
• 25 days annual leave, plus bank holidays and the opportunity to buy or sell holiday
• A flexible approach to working hours
• Continuous personal development, career path and training
• And more....