Our StoryUnum Technology Centre in Carlow serves as a strategic software development and IT services centre supporting Unum, a leading provider of income protection in the US. Our team of IT professionals build solutions and critical business applications to digitally transform the way we do business.We’re looking for a Senior Application Security Engineer to lead the integration of secure development practices across our SDLC in both cloud and on-prem environments. This role combines hands-on technical expertise with strategic influence, focusing on secure architecture, CI/CD automation, and developer enablement. You’ll collaborate with cross-functional teams to drive threat modeling, build secure-by-default tooling, and mentor engineers across Ireland and the US—helping to elevate our overall security maturity and culture.Key ResponsibilitiesSecure Software Development & DevSecOps IntegrationArchitect and integrate security into CI/CD pipelines using modern automation and guardrails.Develop secure frameworks, SDKs, and CI integrations to enable frictionless adoption of security controls.Maintain secure coding standards and guidance tailored to our technology stack.Collaborate with DevOps and platform teams to enhance container and infrastructure security (Docker, Kubernetes, IaC).Threat Modeling, Reviews & RemediationLead threat modeling workshops across product and platform teams.Identify and assess vulnerabilities using SAST, DAST, SCA, manual code reviews, and penetration testing.Promote reusable remediation patterns for code and infrastructure vulnerabilities.Leverage threat intelligence to prioritize mitigations based on business risk.Engineering & AutomationBuild and maintain automation tools for vulnerability triage, mitigation, and reporting.Strengthen API security through robust authentication protocols (OAuth 2.0, OpenID Connect, SAML).Integrate with API gateways (e.g., Layer7, MuleSoft) to enforce secure communication and tokenization.Support secure deployment of microservices and distributed systems using best-in-class tooling.Security Culture & EnablementMentor engineers and analysts, fostering secure development capabilities across teams.Lead internal workshops, onboarding sessions, and lunch-and-learns to promote security awareness.Collaborate with Security Champions to build advocacy and threat modeling expertise.Create internal documentation, playbooks, and training materials aligned with real-world threats.Cross-Functional Leadership & CollaborationAct as a bridge between Security, Engineering, and Product teams to align on secure architecture and SDLC practices.Participate in incident response, forensic analysis, and post-incident remediation.Support compliance initiatives (SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR) through technical guidance and documentation.Define and track KPIs to measure and improve security maturity across the organization.Required Qualifications5+ years in application security, software engineering, or a related technical security role.Proficient in at least one modern programming language (e.g., Java, C#, Python, JavaScript).Experience with security tools: SAST, DAST, SCA, IaC scanners, RASP.Strong knowledge of cloud infrastructure (AWS preferred), containers (Docker, Kubernetes), and CI/CD security.Familiarity with OWASP Top 10, ASVS, CVSS, MITRE ATT&CK, STRIDE, and software supply chain security.Technical SkillsDeep understanding of API security protocols and secure service-to-service communication.Experience with secure artifact/package management and container registries.Ability to script or build internal tools to scale security practices.Hands-on experience with DevSecOps tools (GitHub Actions, Jenkins, GitLab CI, Terraform, etc.).Compliance & GovernanceWorking knowledge of privacy and security regulations (GDPR, CCPA, HIPAA, PCI, SOC 2, ISO 27001).Experience supporting audits, risk assessments, and policy development.Preferred QualificationsProfessional certifications (e.g., OSCP, CSSLP, CISSP, Security+).Contributions to open-source security projects or community involvement.Experience with policy-as-code tools (e.g., Open Policy Agent).Familiarity with secure runtimes (e.g., Firecracker), sidecars, or service meshes (e.g., Istio).Key AttributesStrategic thinker with a hands-on, problem-solving mindset.Strong communicator, able to engage both technical and non-technical stakeholders.Collaborative leader with a growth mindset and a passion for mentoring.Comfortable navigating fast-paced, cross-functional environments.What We OfferOur size and successful history in Carlow means we can offer you exceptional development and progression, supported by continual learning programs, IT Certifications & third level tuition reimbursement. We offer work-life-balance with flexible working arrangements (including hybrid) and initiatives in support of your well-being. Our attractive range of benefits and reward initiatives includes competitive compensation, 25 days annual leave, paid health insurance, pension scheme, annual performance-based bonus, paid maternity/paternity/adoptive leave, reward programs, and an opportunity to engage with charity and community activities.CompanyUnum
#J-18808-Ljbffr