Job Description

Senior Frontend Development Engineer - Security .

Position Overview: We're seeking a Senior Frontend Development Engineer to lead the development of secure web applications and mobile experiences while implementing robust security practices across our digital platforms. This role combines advanced frontend development skills with deep security expertise to protect our customers and business from evolving cyber threats.

Key Responsibilities:

Frontend Development & Security Integration

• Architect and develop secure frontend applications using modern frameworks (Svelte, React, Flutter, etc.)
• Implement security-first design principles in web and mobile application development
• Build and maintain security libraries, components, and frameworks for development teams
• Design secure authentication and authorization flows (OAuth 2.0, SAML, JWT)
• Implement Content Security Policy (CSP), CORS, and other browser security mechanisms

Application Security Leadership

• Conduct security code reviews and vulnerability assessments for frontend applications
• Implement OWASP Top 10 mitigation strategies across all web properties
• Design and implement secure API consumption patterns and data handling
• Lead security testing initiatives including SAST, DAST, and penetration testing coordination
• Develop secure coding standards and security guidelines for development teams

Infrastructure Security & Performance

• Configure and optimize CDN security settings (Fastly)
• Implement and manage Web Application Firewall (WAF) rules and policies
• Design DDoS protection strategies and rate limiting mechanisms
• Optimize application performance while maintaining security standards
• Monitor and respond to security incidents affecting frontend applications

Security Tools & Monitoring

• Implement security monitoring and alerting for frontend applications
• Integrate security scanning tools into CI/CD pipelines
• Configure and manage security headers and SSL/TLS implementations
• Develop automated security testing and compliance validation
• Create security dashboards and reporting mechanisms

Team Leadership & Education

• Mentor development teams on secure coding practices
• Conduct security training and awareness sessions
• Collaborate with DevSecOps, Security, and SRE teams on security initiatives
• Lead incident response for application security events
• Stay current with emerging security threats and mitigation techniques

Required Qualifications:

• Experience : 7+ years in frontend development with 4+ years focused on application security
• Security Expertise : Deep understanding of OWASP Top 10, security vulnerabilities, and mitigation strategies
• Frontend Technologies : Expert-level proficiency in JavaScript, TypeScript, HTML5, CSS3
• Frameworks : Strong experience with Svelte, or React with security considerations
• Security Tools : Hands-on experience with SAST/DAST tools, vulnerability scanners, penetration testing
• Web Security : Extensive knowledge of CSP, CORS, XSS prevention, CSRF protection, input validation
• Infrastructure : Experience with CDN configuration, WAF management, and DNS security
• Authentication : Implementation experience with OAuth, SAML, JWT, and multi-factor authentication
• Compliance : Understanding of PCI DSS, GDPR, CCPA, and other relevant security standards
• DevSecOps : Experience integrating security into CI/CD pipelines

Preferred Qualifications:

• Certifications : CISSP, CEH, OSCP, AWS Security Specialty, or equivalent security certifications
• Cloud Security : Experience with AWS/Azure/GCP security services and configurations
• Mobile Security : Understanding of mobile application security (iOS/Android)
• API Security : Experience with GraphQL security, REST API protection, and microservices security
• Threat Modeling : Experience with application threat modeling and risk assessment
• Incident Response : Background in security incident response and forensics
• E-commerce Security : Experience securing e-commerce platforms and payment processing
• Zero Trust : Understanding of Zero Trust architecture principles

Technical Skills:

• Languages : JavaScript, TypeScript, Python (for security scripting)
• Security Frameworks : OWASP ASVS, NIST Cybersecurity Framework
• Security Tools : Burp Suite, OWASP ZAP, Nessus, Qualys, Checkmarx, Veracode
• Monitoring : SIEM integration, security logging, threat detection
• Infrastructure : Terraform, Docker, Kubernetes security configurations
• Version Control : Git with security branch protection and code signing

Job Tags

Similar Jobs