Security Engineer - Front End

RESPONSIBILITIES:
Kforce has a client in Tampa, FL that is seeking a Senior Frontend Development Engineer to lead the development of secure web applications and mobile experiences while implementing robust security practices across our digital platforms.

Frontend Development & Security Integration:
* Architect and develop secure frontend applications using modern frameworks (Svelte, React, Flutter, etc.)
* Implement security-first design principles in web and mobile application development
* Build and maintain security libraries, components, and frameworks for development teams
* Design secure authentication and authorization flows (OAuth 2.0, SAML, JWT)
* Implement Content Security Policy (CSP), CORS, and other browser security mechanisms
Application Security Leadership
* Conduct security code reviews and vulnerability assessments for frontend applications
* Implement OWASP Top 10 mitigation strategies across all web properties
* Design and implement secure API consumption patterns and data handling
* Lead security testing initiatives including SAST, DAST, and penetration testing coordination
* Develop secure coding standards and security guidelines for development teams

Infrastructure Security & Performance:
* Configure and optimize CDN security settings (Fastly)
* Implement and manage Web Application Firewall (WAF) rules and policies
* Design DDoS protection strategies and rate limiting mechanisms
* Optimize application performance while maintaining security standards
* Monitor and respond to security incidents affecting frontend applications

Security Tools & Monitoring:
* Implement security monitoring and alerting for frontend applications
* Integrate security scanning tools into CI/CD pipelines
* Configure and manage security headers and SSL/TLS implementations
* Develop automated security testing and compliance validation
* Create security dashboards and reporting mechanisms

REQUIREMENTS:
* Certifications: CISSP, CEH, OSCP, AWS Security Specialty, or equivalent security certifications
* Experience: 7+ years in frontend development with 4+ years focused on application security
* Deep understanding of OWASP Top 10, security vulnerabilities, and mitigation strategies
* Expert-level proficiency in JavaScript, TypeScript, HTML5, CSS3
* Frameworks: Strong experience with Svelte, or React with security considerations
* Hands-on experience with SAST/DAST tools, vulnerability scanners, penetration testing
* Extensive knowledge of CSP, CORS, XSS prevention, CSRF protection, input validation
Experience with CDN configuration, WAF management, and DNS security
* Authentication: Implementation experience with OAuth, SAML, JWT, and multi-factor authentication
* Compliance: Understanding of PCI DSS, GDPR, CCPA, and other relevant security standards
* DevSecOps: Experience integrating security into CI/CD pipelines
Preferred Qualifications:
* Cloud Security: Experience with AWS/Azure/Google Cloud Platform security services and configurations
* Mobile Security: Understanding of mobile application security (iOS/Android)
* API Security: Experience with GraphQL security, REST API protection, and microservices security
* Threat Modeling: Experience with application threat modeling and risk assessment
* Incident Response: Background in security incident response and forensics
* E-commerce Security: Experience securing e-commerce platforms and payment processing
* Zero Trust: Understanding of Zero Trust architecture principles
Technical Skills:
* Languages: JavaScript, TypeScript, Python (for security scripting)
* Security Frameworks: OWASP ASVS, NIST Cybersecurity Framework
* Security Tools: Burp Suite, OWASP ZAP, Nessus, Qualys, Checkmarx, Veracode
* Monitoring: SIEM integration, security logging, threat detection
* Infrastructure: Terraform, Docker, Kubernetes security configurations
* Version Control: Git with security branch protection and code signing

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.