Senior Frontend Development Engineer - Security

Senior Frontend Development Engineer - Security.

Position Overview: Were seeking a Senior Frontend Development Engineer to lead the development of secure web applications and mobile experiences while implementing robust security practices across our digital platforms. This role combines advanced frontend development skills with deep security expertise to protect our customers and business from evolving cyber threats.

Key Responsibilities:

Frontend Development & Security Integration

• Architect and develop secure frontend applications using modern frameworks (Svelte React Flutter etc.)
• Implement security-first design principles in web and mobile application development
• Build and maintain security libraries components and frameworks for development teams
• Design secure authentication and authorization flows (OAuth 2.0 SAML JWT)
• Implement Content Security Policy (CSP) CORS and other browser security mechanisms

Application Security Leadership

• Conduct security code reviews and vulnerability assessments for frontend applications
• Implement OWASP Top 10 mitigation strategies across all web properties
• Design and implement secure API consumption patterns and data handling
• Lead security testing initiatives including SAST DAST and penetration testing coordination
• Develop secure coding standards and security guidelines for development teams

Infrastructure Security & Performance

• Configure and optimize CDN security settings (Fastly)
• Implement and manage Web Application Firewall (WAF) rules and policies
• Design DDoS protection strategies and rate limiting mechanisms
• Optimize application performance while maintaining security standards
• Monitor and respond to security incidents affecting frontend applications

Security Tools & Monitoring

• Implement security monitoring and alerting for frontend applications
• Integrate security scanning tools into CI/CD pipelines
• Configure and manage security headers and SSL/TLS implementations
• Develop automated security testing and compliance validation
• Create security dashboards and reporting mechanisms

Team Leadership & Education

• Mentor development teams on secure coding practices
• Conduct security training and awareness sessions
• Collaborate with DevSecOps Security and SRE teams on security initiatives
• Lead incident response for application security events
• Stay current with emerging security threats and mitigation techniques

Required Qualifications:

• Experience: 7 years in frontend development with 4 years focused on application security
• Security Expertise: Deep understanding of OWASP Top 10 security vulnerabilities and mitigation strategies
• Frontend Technologies: Expert-level proficiency in JavaScript TypeScript HTML5 CSS3
• Frameworks: Strong experience with Svelte or React with security considerations
• Security Tools: Hands-on experience with SAST/DAST tools vulnerability scanners penetration testing
• Web Security: Extensive knowledge of CSP CORS XSS prevention CSRF protection input validation
• Infrastructure: Experience with CDN configuration WAF management and DNS security
• Authentication: Implementation experience with OAuth SAML JWT and multi-factor authentication
• Compliance: Understanding of PCI DSS GDPR CCPA and other relevant security standards
• DevSecOps: Experience integrating security into CI/CD pipelines

Preferred Qualifications:

• Certifications: CISSP CEH OSCP AWS Security Specialty or equivalent security certifications
• Cloud Security: Experience with AWS/Azure/GCP security services and configurations
• Mobile Security: Understanding of mobile application security (iOS/Android)
• API Security: Experience with GraphQL security REST API protection and microservices security
• Threat Modeling: Experience with application threat modeling and risk assessment
• Incident Response: Background in security incident response and forensics
• E-commerce Security: Experience securing e-commerce platforms and payment processing
• Zero Trust: Understanding of Zero Trust architecture principles

Technical Skills:

• Languages: JavaScript TypeScript Python (for security scripting)
• Security Frameworks: OWASP ASVS NIST Cybersecurity Framework
• Security Tools: Burp Suite OWASP ZAP Nessus Qualys Checkmarx Veracode
• Monitoring: SIEM integration security logging threat detection
• Infrastructure: Terraform Docker Kubernetes security configurations
• Version Control: Git with security branch protection and code signing