Senior Systems Developer at HSRC

Job Advert Summary    

• The Senior Systems Developer is a critical, handson role responsible for the design,development, and operational stability of missioncritical systems and data pipelines. This role goes beyond coding to encompass architectural contribution, enforcing modern DevOps practices, ensuring platform resilience, and mentoring junior team members. The ideal candidate will thrive in a cloudnative environment and champion security and performance by design.

Minimum Requirements    

• Proficient in C# (including .NET Core / .NET 6/7) and PHP development.
• Strong experience with web application development (HTML, CSS, JavaScript, jQuery, or modern frameworks)
• Experience with MySQL, SQL Server, or other relational databases.
• Solid understanding of OOP, MVC, and software design patterns.
• Experience with RESTful APIs, Web Services, and integration between systems.
• Familiarity with version control systems (e.g., Git).
• Experience in deploying and maintaining applications in Windows and/or Linux environments.
• Strong problemsolving skills and ability to troubleshoot complex issues.
• Excellent communication and collaboration skills.

Education & Experience

• Bachelor’s degree in Computer Science, Software Engineering, or related field (or equivalent work experience).
• 5 years of professional experience in software development, with demonstrated expertise in C# and PHP.

Behavioral Competencies

• Ownership: Takes full accountability for the delivery and operational state of assigned systems.
• Mentorship: Proven ability to elevate the technical skill set of team members through code review and paired programming.
• ProblemSolving: Excellent analytical skills with a focus on solving complex architectural challenges under pressure.
• Communication: Ability to articulate complex technical concepts to nontechnical stakeholders (e.g., researchers, business administrators).

Duties & Responsibilities    

• Design, develop, test, and deploy software applications using C# (.NET) and PHP.
• Collaborate with business stakeholders and the technical team to gather and refine requirements.
• Lead the architecture and implementation of scalable, maintainable, and highperformance software solutions.
• Maintain and enhance existing systems, troubleshooting and resolving technical issues.
• Write clean, welldocumented, and reusable code following industry best practices.
• Implement and enforce coding standards, testing strategies, and version control practices.
• Mentor and guide junior developers to enhance team capability and knowledge sharing.
• Participate in code reviews, design sessions, and technical decisionmaking.
• Stay uptodate with emerging technologies and recommend improvements to existing systems.
• Own the entire software development lifecycle (SDLC) for assigned system components, from initial requirement gathering through deployment and monitoring.
• Contribute significantly to the overall system architecture, ensuring solutions align with enterprise standards for security, data governance, and scalability.
• Champion and implement DevOps methodologies to automate build, testing, and deployment processes using pipelines (e.g., GitLab).

Secure Software Development Lifecycle (SSDLC)

• Mandatory Security Testing: Integrate and enforce static (SAST) and dynamic (DAST) application security testing into the Continuous Integration/Continuous Deployment (CI/CD)   pipeline.
•  Vulnerability Remediation: Ensure timely prioritisation, fixing, and retesting of vulnerabilities found in the code base and thirdparty libraries (Dependency Scanning).
•  Secure Code Review: Lead and perform peer reviews specifically focused on identifying common security flaws (e.g., OWASP Top 10) before merging code.

Cloud/Infrastructure Security (SecDevOps)

•  Infrastructure as Code (IaC) Security: Securely design and deploy infrastructure by eliminating hardcoded secrets and enforcing leastprivilege principles.
•  Secrets Management: Implement and manage robust solutions for handling API keys, credentials, and sensitive configuration data, ensuring they are never stored in source code.
•  Logging and Monitoring: Ensure all deployed systems generate appropriate, tamperproof logs for security auditing and integrate them with the organisation's Security Information and Event Management (SIEM) platform.

Data and Access Control

• Data Protection by Design: Implement proper data classification and ensure sensitive research data is encrypted both in transit (using the highest version of TLS) and at rest (using strong encryption standards like AES256).
• Least Privilege Access: Design systems and access controls based on the principle of least privilege (only granting the minimum access necessary for the service or user to function).
• Authentication and Authorisation: Enforce MultiFactor Authentication (MFA) for all administrative access and design robust, contextaware authorisation mechanisms within the applications.

Compliance and Training

•  Regulatory Compliance: Ensure all system designs and data handling processes comply with relevant research regulations (e.g., GDPR or specific funding agency requirements).
•  Threat Modeling: Lead threat modeling exercises for new features or projects to proactively identify and mitigate security risks early in the design phase.
•  Security Mentorship: Mentor and train junior developers on secure coding practices, promoting a strong organisational security culture.