181 Application Security jobs in Ireland

SMBC Group is a top-tier global financial group. Headquartered in Tokyo and with a 400-year history, SMBC Group offers a diverse range of financial services, including banking, leasing, securities, credit cards, and consumer finance. The Group has more than 130 offices and 80,000 employees worldwide in nearly 40 countries. Sumitomo Mitsui Financial Group, Inc. (SMFG) is the holding company of SMBC Group, which is one of the three largest banking groups in Japan. SMFG's shares trade on the Tokyo, Nagoya, and New York (NYSE: SMFG) stock exchanges.

In the Americas, SMBC Group has a presence in the US, Canada, Ireland, Mexico, Brazil, Chile, Colombia, and Peru. Backed by the capital strength of SMBC Group and the value of its relationships in Asia, the Group offers a range of commercial and investment banking services to its corporate, institutional, and municipal clients. It connects a diverse client base to local markets and the organization's extensive global network. The Group's operating companies in the Americas include Sumitomo Mitsui Banking Corp. (SMBC), SMBC Nikko Securities America, Inc., SMBC Capital Markets, Inc., SMBC MANUBANK, JRI America, Inc., SMBC Leasing and Finance, Inc., Banco Sumitomo Mitsui Brasileiro S.A., and Sumitomo Mitsui Finance and Leasing Co., Ltd.

• This is a hybrid role, requiring the successful candidate to attend our Tralee office.

SMBC is seeking a Senior Application Security Engineer who is interested in building a career at a fast growing and reputable Bank. Senior Application Security Engineer will be responsible for ensuring that all code scanning vulnerabilities follow organizational policies and work closely with developers to ensure issues are fixed before releasing code to production. This candidate will have a strong development background and the ability to read and explain code deficiencies to stakeholders in various programming and scripting languages. Acts as a subject matter expert who uses expertise to resolve complex problems in consideration of established policies, guidelines or processes.

This role reports into SMBC AD Head of Application Security.

• Strong ability to work with stakeholders and being able to explain code issues and fixes to development community.
• You will work very closely with developers on day-to-day basis to ensure all code in the environment is scanned and reported focusing on SAST, SCA, DAST, IAST and Container Security issues.
• Interface with development and security architecture teams on topics related to application security for example vulnerability remediation, best practices, threat modeling, etc.
• Interface with the vulnerability management team to ensure vulnerabilities identified are reported and validated according to SLA's
• Publish and present high level management reports on State of AppSec Program within Americas Division entities.
• Some manual testing activities validate vulnerability or penetration testing findings
• Weekend and night work may be needed at times based on project, support, and business needs.

• 7+ years of experience as a Application Security analyst or Application Penetration Testing analyst
• Expertise with programming languages, C#, C++, Java, Python, .Net
• Ability to read and understand code deficiencies – Required.
• Ability to write code fixes for stakeholders and create automation scripts to support internal cybersecurity projects.
• Experience in developing and maturing CI/CD pipeline with respect to code quality and detecting vulnerabilities.
• 4+ years of experience with Static Application Security Testing (SAST) or Dynamic App Security Testing (DAST)
• 2+ years of experience with container security issues and container technologies
• Through understanding of the components of the Secure Software Development Lifecycle
• Strong knowledge of OWASP Top 10 or CWE
• Understanding of common software threats and mitigations
• Must be process and detail oriented, ability to create detailed process documentation.
• Experience with Jira/Confluence
• Bug Bounty and/or penetration testing experience a bonus.
• Have strong verbal and written communication skills.
• Ability to demonstrate a self-motivated and disciplined approach to learning and working.
• Ability to work in a team environment and demonstrate leadership skills when needed.
• Possess a highly developed sense of personal accountability and follow-through with an ability to effectively prioritize multiple personal tasks, projects, and goals.

SMBC's employees participate in a hybrid workforce model that provides employees with an opportunity to work from home, as well as, from an SMBC office. SMBC requires that employees live within a reasonable commuting distance of their office location. Prospective candidates will learn more about their specific hybrid work schedule during their interview process.

SMBC provides reasonable accommodations during candidacy for applicants with disabilities consistent with applicable federal, state, and local law. If you need a reasonable accommodation during the application process, please let us know

We are seeking an experienced Application Security Engineer to join our Product Security team. The ideal candidate will play a critical role in ensuring the security of our software development lifecycle, deployed application security posture, and operations in accordance with NIST guidelines. This role requires a deep understanding of software security best practices, DevSecOps principles, and the operation of security tooling.

Key Responsibilities:

• Security Integration in SDLC:
• Collaborate with development teams to integrate security best practices into all phases of the Software Development Life Cycle (SDLC).
• Implement and manage security automation tools (e.g., SAST, DAST, SCA, OSS).
• DevSecOps Implementation:
• Support the adoption and implementation of DevSecOps practices across the organization, ensuring security is integrated into the CI/CD pipeline.
• Automate security testing, monitoring, and reporting processes using industry-standard tools and frameworks.
• Collaborate with DevOps teams to ensure application security scanning and remediation requirements are met.
• Vulnerability Management:
• Conduct regular vulnerability assessments and penetration testing on applications and infrastructure.
• Monitor and analyze security incidents and vulnerabilities reported by various sources, including threat intelligence feeds.
• Work closely with development and operations teams to prioritize and remediate vulnerabilities in a timely manner.
• Compliance and Reporting:
• Ensure all development activities comply with the organization's security policies and standards, and other relevant cybersecurity frameworks and regulations.
• Develop and maintain security documentation, including security policies, procedures, and guidelines.
• Contribute reporting on security findings, incidents, and remediation efforts for stakeholders and leadership.
• Security Awareness and Training:
• Provide training and guidance to development, operations, and QA teams on application security practices, DevSecOps, and policy standards.
• Stay updated with the latest security trends, vulnerabilities, and compliance requirements.

Required / Basic Qualifications:

• 4+ years experience in Application Security / DevOps Engineering
• Deep understanding of software security best practices, DevSecOps principles, and the operation of security tooling.
• Proficiency in scripting such as Python, Bash, Javascript, etc.
• Experience implementing security tools such as OWASP ZAP, Veracode, SonarQube, and GitHub Advanced Security.
• Experience with Supply Chain security tooling such as JFrog Xray/Curation, Blackduck, Sonatype, FOSSA
• Proficiency in CI/CD tools such as GitHub Actions, Jenkins, GitLab CI, or Azure DevOps.
• Knowledge of containerization technologies (Docker, Kubernetes) and cloud security (AWS, Azure, GCP).

Preferred Qualifications:

• Knowledge of healthcare, privacy, and financial compliance regulations
• Strong analytical and troubleshooting skills with an understanding of IT business operations and information security
• Strong problem-solving skills and the ability to think critically about security challenges.
• Excellent communication skills, with the ability to explain complex security concepts to non-technical stakeholders.
• Ability to work collaboratively in a fast-paced, team-oriented environment.
• Previous penetration testing experience

Education:

• Bachelor's degree in Computer Science, Information Security, or a related field.

Senior Engineer – Application Security Tools
Location
: Hybrid, 1 week per month onsite in Galway 

Duration:
12 Months initially

Rate:
up to €375 per day 

We're looking for a
Senior Engineer
to join our
Application Security Tools Squad
, building scalable tools that integrate security into the heart of our development lifecycle. You'll support over 10,000 developers by delivering and maintaining solutions like
SAST, SCA
, and
secret scanning
within CI/CD pipelines.

What You'll Do:

• Build and integrate modern AppSec tools including
  SAST, SCA
  , and
  secret scanning
  into CI/CD pipelines.
• Architect and deploy scalable, secure tools and libraries used across the development landscape.
• Evaluate open-source and vendor technologies to eliminate security vulnerabilities from our applications.
• Elevate engineering excellence through automation, DevSecOps, and continuous improvement.
• Collaborate across squads and product areas to ensure effective, secure software delivery.

What You Bring:

• Strong engineering background and experience deploying multi-tiered, cloud-based applications.
• Proficiency with tools and technologies such as
  Java, Python, AWS, GIT, Jenkins, Spring Boot, REST, SOAP,
  and
  front-end frameworks
  (React, Angular, etc.).
• Automation and pipeline implementation experience (CI/CD, testing frameworks).
• Security mindset with exposure to
  Pen Testing, WAF, DAST, SAST, SCA
  is a plus.
• Experience with data processes, modeling, and BI tools like
  PowerBI, Tableau
  , or
  Oracle
  is a bonus.
• Agile team player with excellent communication and mentoring skills.
• AWS certification or equivalent cloud experience preferred.

Call Settings Override From <--> Record Yes No Always use these settings

Role - Application Security Engineer

Location - Dublin, Ireland (Hybrid)

Type - B2B Contract

Job Description:

• Application Security Assessment: Conduct thorough security assessments of applications, including web, mobile, and desktop applications, to identify vulnerabilities and potential security risks. Perform static code analysis, dynamic application testing, and manual code reviews to uncover security weaknesses and recommend appropriate remediation actions.
• Vulnerability Management: Identify and prioritise application vulnerabilities based on risk levels and potential impact. Collaborate with development teams to ensure timely resolution of identified vulnerabilities and track the progress of remediation efforts. Develop and implement vulnerability management processes and procedures.
• Security Code Review: Review application code to identify security flaws, design weaknesses, and deviations from secure coding best practices. Provide guidance and recommendations to development teams on secure coding techniques, libraries, and frameworks to ensure the development of secure and resilient applications.
• Security Architecture and Design: Collaborate with software architects and development teams to embed security controls and mechanisms into application designs. Participate in the design and implementation of secure software architectures, ensuring that security requirements and industry best practices are incorporated from the early stages of the development lifecycle.
• Security Testing and Automation: Develop and implement automated security testing tools and frameworks to enhance the efficiency and effectiveness of security assessments. Conduct penetration testing and vulnerability scanning to identify potential vulnerabilities and ensure the security robustness of applications.
• Security Awareness and Training: Contribute to the development and delivery of security awareness and training programs for development teams. Promote a culture of secure coding practices, providing guidance on secure coding standards, secure software development methodologies, and emerging security trends.
• Incident Response and Forensics: Assist in incident response activities related to application security incidents. Collaborate with incident response teams to investigate and analyse security incidents, perform forensic analysis, and recommend improvements to prevent future incidents.
• Security Compliance and Standards: Stay up to date with industry security standards, regulations, and frameworks relevant to application security. Ensure compliance with security standards such as OWASP, PCI DSS, and GDPR, and participate in security audits and assessments as required.

Key Experience/Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field
• Strong knowledge and understanding of application security principles, secure coding practices, and common vulnerabilities
• Hands-on experience with application security assessment tools
• Experience in performing security code reviews and manual application penetration testing
• Solid understanding of secure software development lifecycle (SDLC) methodologies
• Familiarity with programming languages (e.g., Java, .NET, Python, JavaScript) and web technologies (e.g., HTML, CSS, REST, SOAP)
• Knowledge of secure coding practices for web and mobile applications
• Understanding of cloud security concepts and technologies (AWS, Azure, or similar)
• Excellent leadership and delegation skills; influencing and managing activities as part of a cross functional areas to plan and execute effective delivery
• Excellent communication skills, with a strong ability to effectively communicate both internally and externally at levels up to Director and C Suite, and ability to make complex technology problem simple to the business. Must be capable of understanding and communicating the big picture
• Strong negotiation skills with proven ability to maintain relationships with stakeholders and to influence stakeholders in support of project delivery
• Strong analytical and problem-solving skills, with the ability to assess risks and propose effective security solutions
• Robust relationship management, capable of working with all levels within the organisation by building effective relationships
• Highly motivated, driven, pragmatic and completely focused on project delivery for business benefit

APPLICATION SECURITY ENGINEER

Overview:

We are working on behalf of our client, a leading global financial organization, to recruit a Senior Application Security Engineer. This role offers the opportunity to work closely with development teams to ensure application security across the organization's global operations while contributing to the continuous improvement of secure software practices.

Role Description:

The Application Security Engineer will be responsible for identifying, assessing and mitigating application vulnerabilities. The role requires a strong development background, the ability to read and explain code deficiencies and experience guiding remediation efforts across multiple programming and scripting languages. The successful candidate will act as a subject matter expert, collaborating with security and development teams to uphold organizational security standards. This role reports to the Head of Application Security.

Key Responsibilities:

• Work closely with developers to review code, explain vulnerabilities and ensure issues are resolved prior to production release.
• Conduct and manage assessments using SAST, SCA, DAST, IAST and container security tools.
• Collaborate with security architecture and vulnerability management teams to ensure vulnerabilities are reported, validated and remediated according to SLAs.
• Contribute to the development and maturation of CI/CD pipelines to integrate security controls and automated vulnerability detection.
• Publish and present management reports on the state of the Application Security program across the organization.
• Perform manual testing to validate vulnerabilities or penetration testing findings.
• Occasionally support projects outside normal working hours, including evenings or weekends, based on business needs.

Qualifications and Skills:

• 7+ years of experience as an Application Security Analyst or Application Penetration Testing Analyst.
• Strong programming skills in C#, C++, Java, Python and .Net, with the ability to read and interpret code vulnerabilities.
• Experience writing code fixes and automation scripts to support internal cybersecurity initiatives.
• 4+ years of experience with SAST or DAST; 2+ years with container security technologies.
• Comprehensive understanding of Secure Software Development Lifecycle (SSDLC) practices.
• Strong knowledge of OWASP Top 10, CWE and common software threats and mitigations.
• Detail-oriented with experience creating process documentation.
• Familiarity with Jira and Confluence.
• Bonus: Bug bounty program or penetration testing experience.
• Excellent verbal and written communication skills with the ability to convey technical information clearly to multiple stakeholders.
• Self-motivated, disciplined and able to prioritize multiple tasks and projects effectively.
• Ability to demonstrate leadership within a team and take accountability for outcomes.

Role: Application Security Engineer

Contract length: 12 months

Location: Dublin

Mode: HYbrid

Job Description: We are seeking an experienced Application Security Engineer to join our team and play a crucial role in ensuring the security of our applications and software systems.

In this role, you will be responsible for assessing and mitigating security risks in our applications, conducting security code reviews, implementing security best practices and collaborating with development teams to enhance our application security posture. You will perform vulnerability assessments, recommend remediation actions, and ensure compliance with industry best practices and standards. The ideal candidate has strong knowledge of secure coding practices, application vulnerabilities, and security assessment tools.

We face constant change in our Threat Landscape, Business Needs, Technology Landscape and Regulatory Requirements. Our cyber security defences need to respond in order to protect our personal data, our operational systems and our valuable and sensitive corporate information (including intellectual property, financial data, and market sensitive information).

We are seeking an experienced Application Security Engineer to join our team and play a crucial role in ensuring the security of our applications and software systems.

This role will operate on a hybrid model, with 3 days working in the office and two days from home.

Please note that these roles do not qualify for sponsorship for non -EU citizens/work permit holders. You must have full working and VISA right in Ireland or the EU to be eligible to apply.

Your role:

• Application Security Assessment: Conduct thorough security assessments of applications, including web, mobile, and desktop applications, to identify vulnerabilities and potential security risks. Perform static code analysis, dynamic application testing, and manual code reviews to uncover security weaknesses and recommend appropriate remediation actions.
• Vulnerability Management: Identify and prioritise application vulnerabilities based on risk levels and potential impact. Collaborate with development teams to ensure timely resolution of identified vulnerabilities and track the progress of remediation efforts. Develop and implement vulnerability management processes and procedures.
• Security Code Review: Review application code to identify security flaws, design weaknesses, and deviations from secure coding best practices. Provide guidance and recommendations to development teams on secure coding techniques, libraries, and frameworks to ensure the development of secure and resilient applications.
• Security Architecture and Design: Collaborate with software architects and development teams to embed security controls and mechanisms into application designs. Participate in the design and implementation of secure software architectures, ensuring that security requirements and industry best practices are incorporated from the early stages of the development lifecycle.
• Security Testing and Automation: Develop and implement automated security testing tools and frameworks to enhance the efficiency and effectiveness of security assessments. Conduct penetration testing and vulnerability scanning to identify potential vulnerabilities and ensure the security robustness of applications.
• Security Awareness and Training: Contribute to the development and delivery of security awareness and training programs for development teams. Promote a culture of secure coding practices, providing guidance on secure coding standards, secure software development methodologies, and emerging security trends.
• Incident Response and Forensics: Assist in incident response activities related to application security incidents. Collaborate with incident response teams to investigate and analyse security incidents, perform forensic analysis, and recommend improvements to prevent future incidents.
• Security Compliance and Standards: Stay up to date with industry security standards, regulations, and frameworks relevant to application security. Ensure compliance with security standards such as OWASP, PCI DSS, and GDPR, and participate in security audits and assessments as required.

Key Experience/Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field
• Strong knowledge and understanding of application security principles, secure coding practices, and common vulnerabilities
• Hands-on experience with application security assessment tools
• Experience in performing security code reviews and manual application penetration testing
• Solid understanding of secure software development lifecycle (SDLC) methodologies
• Familiarity with programming languages (e.g., Java, .NET, Python, JavaScript) and web technologies (e.g., HTML, CSS, REST, SOAP)
• Knowledge of secure coding practices for web and mobile applications
• Understanding of cloud security concepts and technologies (AWS, Azure, or similar)
• Excellent leadership and delegation skills; influencing and managing activities as part of a cross functional areas to plan and execute effective delivery
• Excellent communication skills, with a strong ability to effectively communicate both internally and externally at levels up to Director and C Suite, and the ability to make complex technology problems simple to the business. Must be capable of understanding and communicating the big picture
• Strong negotiation skills with proven ability to maintain relationships with stakeholders and to influence stakeholders in support of project delivery
• Strong analytical and problem-solving skills, with the ability to assess risks and propose effective security solutions
• Robust relationship management, capable of working with all levels within the organisation by building effective relationships
• Highly motivated, driven, pragmatic and completely focused on project delivery for business benefit

Job Type: Fixed term

Contract length: 12 months

Pay: €350.00-€450.00 per day

Experience:

• Application security principles: 5 years (required)
• Security Compliance and Standards: 4 years (required)
• Security Testing and Automation: 5 years (required)
• Security Code Review: 3 years (required)
• Java, .NET, Python, JavaScript: 3 years (required)
• Security Architecture and Design: 4 years (required)

Key Experience/Qualifications

• Bachelor's degree in Computer Science, Information Security, or a related field
• Strong knowledge and understanding of application security principles, secure coding practices, and common vulnerabilities
• Hands-on experience with application security assessment tools
• Experience in performing security code reviews and manual application penetration testing
• Solid understanding of secure software development lifecycle (SDLC) methodologies
• Familiarity with programming languages (e.g., Java, .NET, Python, JavaScript) and web technologies (e.g., HTML, CSS, REST, SOAP)
• Knowledge of secure coding practices for web and mobile applications
• Understanding of cloud security concepts and technologies (AWS, Azure, or similar)
• Excellent leadership and delegation skills; influencing and managing activities as part of a cross functional areas to plan and execute effective delivery
• Excellent communication skills, with a strong ability to effectively communicate both internally and externally at levels up to Director and C Suite, and ability to make complex technology problem simple to the business. Must be capable of understanding and communicating the big picture
• Strong negotiation skills with proven ability to maintain relationships with stakeholders and to influence stakeholders in support of project delivery
• Strong analytical and problem-solving skills, with the ability to assess risks and propose effective security solutions
• Robust relationship management, capable of working with all levels within the organisation by building effective relationships
• Highly motivated, driven, pragmatic and completely focused on project delivery for business benefit

Job Type: Specified-purpose

Contract length: 12 months

Bachelor's degree in Computer Science, Information Security, or a related field

• Strong knowledge and understanding of application security principles, secure coding practices, and common vulnerabilities

• Hands-on experience with application security assessment tools

• Experience in performing security code reviews and manual application penetration testing

• Solid understanding of secure software development lifecycle (SDLC) methodologies

• Familiarity with programming languages (e.g., Java, .NET, Python, JavaScript) and web technologies (e.g., HTML, CSS, REST, SOAP)

• Knowledge of secure coding practices for web and mobile applications

• Understanding of cloud security concepts and technologies (AWS, Azure, or similar)

• Excellent leadership and delegation skills; influencing and managing activities as part of a cross functional areas to plan and execute effective delivery

• Excellent communication skills, with a strong ability to effectively communicate both internally and externally at levels up to Director and C Suite, and ability to make complex technology problem simple to the business. Must be capable of understanding and communicating the big picture

• Strong negotiation skills with proven ability to maintain relationships with stakeholders and to influence stakeholders in support of project delivery

• Strong analytical and problem-solving skills, with the ability to assess risks and propose effective security solutions

• Robust relationship management, capable of working with all levels within the organization by building effective relationships

• Highly motivated, driven, pragmatic and completely focused on project delivery for business benefit

We are hiring for an Application Security Engineer on a 12-month contract in Dublin (hybrid model: 3 days office, 2 days remote).

Key Details:

• Location: Dublin (EU work rights required)

• Contract: 12 months, market rate

• Focus: Application security assessments, code reviews, vulnerability management, secure SDLC, penetration testing, and collaboration with dev teams.

• Skills: Secure coding, OWASP, SDLC, appsec tools, penetration testing, cloud security (AWS/Azure), and strong communication skills.

If interested and available, please share your updated CV and I'll get in touch.