Senior Application Security Engineer (Hybrid/Dublin)

We are seeking an experienced Application Security Engineer to join our team and play a crucial role in ensuring the security of our applications and software systems.

In this role, you will be responsible for assessing and mitigating security risks in our applications, conducting security code reviews, implementing security best practices and collaborating with development teams to enhance our application security posture. You will perform vulnerability assessments, recommend remediation actions, and ensure compliance with industry best practices and standards. The ideal candidate has strong knowledge of secure coding practices, application vulnerabilities, and security assessment tools.

We face constant change in our Threat Landscape, Business Needs, Technology Landscape and Regulatory Requirements. Our cyber security defences need to respond in order to protect our personal data, our operational systems and our valuable and sensitive corporate information (including intellectual property, financial data and market sensitive information).

We are seeking an experienced Application Security Engineer to join our team and play a crucial role in ensuring the security of our applications and software systems.

This role will operate on a hybrid model, with 3 days working in the office and two days from home. Please note that these roles do not qualify for sponsorship for non -EU citizens/work permit holders. You must have full working and VISA right in Ireland or the EU to be eligible to apply.

You will be responsible for the below points, and you must have previous experience in these areas: 

• Application Security Assessment:
  • Conduct thorough security assessments of applications, including web, mobile (iOS + Android), and desktop applications, to identify vulnerabilities and potential risks
  • Perform static code analysis, dynamic application testing, and manual code reviews
  • Uncover security weaknesses and recommend appropriate remediation actions
  • Strong analytical and problem-solving skills, with the ability to assess risks and propose effective security solutions.
• Security Code Review:
  • Review PR’s to identify security flaws, design weaknesses, and deviations
  • Provide guidance and recommendations on secure coding techniques, libraries, and frameworks to ensure the development of secure and resilient applications
• Security Testing and Automation:
  • Implement automated security testing tools and frameworks to enhance security
  • Conduct penetration testing and vulnerability scanning
• Vulnerability Management:
  • Identify and prioritise application vulnerabilities based on risk and potential impact
  • Collaborate on resolution of identified vulnerabilities and track remediation efforts
  • Develop and implement vulnerability management processes and procedures

Key Experience/Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field
• Minimum of 7+ years in software development working either backend, frontend or middleware delivering software products.
• Strong knowledge and understanding of application security principles, secure coding practices, and common vulnerabilities
• Hands-on experience with application security assessment tools
• Experience in performing security code reviews and manual application penetration testing
• Solid understanding of secure software development lifecycle (SDLC) methodologies
• Familiarity with programming languages (e.g., Java, .NET, Python, JavaScript) and web technologies (e.g., HTML, REST, SOAP)
• Knowledge of secure coding practices for web and mobile applications
• Understanding of cloud security concepts and technologies (AWS, Azure, or similar)
• Excellent leadership and delegation skills; influencing and managing activities as part of a cross functional areas to plan and execute effective delivery
• Excellent communication skills, with a strong ability to effectively communicate both internally and externally at levels up to Director and C Suite, and ability to make complex technology problem simple to the business. Must be capable of understanding and communicating the big picture
• Strong negotiation skills with proven ability to maintain relationships with stakeholders and to influence stakeholders in support of project delivery
• Robust relationship management, capable of working with all levels within the organisation by building effective relationships
• Highly motivated, driven, pragmatic and completely focused on project delivery for business benefit

Desirable Skills:

• Security Architecture and Design:
  • Collaborate & Participate in the design and implementation of secure software architectures, ensuring that security requirements and industry best practices are incorporated from the early stages of the development lifecycle
• Security Awareness and Training:
  • Contribute to the delivery of security awareness and training programs
  • Promote a security-first culture and guidance on secure coding standards, secure software development methodologies, and emerging security trends
• Incident Response and Forensics:
  • Assist in incident response activities related to application security incidents
  • Perform forensic analysis and recommend improvements to prevent future incidents