Senior Dotnet Developer

Job Description

We are looking for a skilled Senior. NET Developer with strong experience in secure application development, vulnerability assessment, and remediation practices. The ideal candidate should be proficient in the. NET ecosystem (C#, ASP. NET, NET Core) and have hands-on experience in implementing secure coding standards, identifying security flaws, and integrating DevSecOps practices into the development lifecycle.

Responsibilities

• Design, develop, and maintain secure web applications using ASP. NET MVC /. NET Core / Web API.
• Perform secure code reviews, vulnerability analysis, and penetration testing support during development.
• Collaborate with security and DevOps teams to identify and fix vulnerabilities across the SDLC.
• Implement and enforce OWASP Top 10 and SANS security standards in all development activities.
• Work with tools like SonarQube, Fortify, Checkmarx, Veracode, Burp Suite, or OWASP ZAP for code and application scanning.
• Ensure compliance with security policies, data privacy, and regulatory requirements (e. g., GDPR, ISO 27001).
• Support incident response teams by analysing and resolving reported vulnerabilities.
• Participate in threat modelling, risk assessment, and security design reviews.
• Develop and maintain automated CI/CD pipelines with integrated security scans.
• Mentor junior developers in secure coding practices and contribute to internal security knowledge sharing.
  
  

• Strong proficiency in C#, ASP. NET Core, Web API, LINQ, Entity Framework, SQL Server.
• Hands-on experience with security testing tools (e. g., SonarQube, OWASP ZAP, Burp Suite, Fortify, Checkmarx).
• Deep understanding of web application vulnerabilities (XSS, SQL Injection, CSRF, Authentication and Authorisation flaws, etc. ).
• Experience implementing OAuth2 OpenID Connect, JWT, and IdentityServer.
• Knowledge of SSL/TLS, HTTPS, encryption/decryption, and certificate management.
• Experience in DevOps/DevSecOps practices using Azure DevOps, Jenkins, GitHub Actions, or similar.
• Familiarity with container security (Docker, Kubernetes) and cloud security (Azure/AWS).
• Understanding of API security and secure RESTful service design.
• Certifications such as CEH, CSSLP, AZ-500 or similar are a plus.
• Experience with microservices architecture and zero-trust security models.
• Exposure to threat modelling frameworks (STRIDE, DREAD).
• Awareness of compliance standards (PCI-DSS, SOC, and 2 NIST).
• Strong problem-solving and analytical skills.
• Excellent communication and documentation abilities.
• Ability to work independently and as part of a cross-functional team.
• Continuous learning mindset towards modern security and development trends.