Role: Application Security Engineer
Contract length: 12 months
Location: Dublin
Mode: HYbrid
Job Description: We are seeking an experienced Application Security Engineer to join our team and play a crucial role in ensuring the security of our applications and software systems.
In this role, you will be responsible for assessing and mitigating security risks in our applications, conducting security code reviews, implementing security best practices and collaborating with development teams to enhance our application security posture.
You will perform vulnerability assessments, recommend remediation actions, and ensure compliance with industry best practices and standards.
The ideal candidate has strong knowledge of secure coding practices, application vulnerabilities, and security assessment tools.
We face constant change in our Threat Landscape, Business Needs, Technology Landscape and Regulatory Requirements.
Our cyber security defences need to respond in order to protect our personal data, our operational systems and our valuable and sensitive corporate information (including intellectual property, financial data, and market sensitive information).
We are seeking an experienced Application Security Engineer to join our team and play a crucial role in ensuring the security of our applications and software systems.
This role will operate on a hybrid model, with 3 days working in the office and two days from home.
Please note that these roles do not qualify for sponsorship for non -EU citizens/work permit holders.
You must have full working and VISA right in Ireland or the EU to be eligible to apply.
Your role:
Application Security Assessment: Conduct thorough security assessments of applications, including web, mobile, and desktop applications, to identify vulnerabilities and potential security risks.
Perform static code analysis, dynamic application testing, and manual code reviews to uncover security weaknesses and recommend appropriate remediation actions.
Vulnerability Management: Identify and prioritise application vulnerabilities based on risk levels and potential impact.
Collaborate with development teams to ensure timely resolution of identified vulnerabilities and track the progress of remediation efforts.
Develop and implement vulnerability management processes and procedures.
Security Code Review: Review application code to identify security flaws, design weaknesses, and deviations from secure coding best practices.
Provide guidance and recommendations to development teams on secure coding techniques, libraries, and frameworks to ensure the development of secure and resilient applications.
Security Architecture and Design: Collaborate with software architects and development teams to embed security controls and mechanisms into application designs.
Participate in the design and implementation of secure software architectures, ensuring that security requirements and industry best practices are incorporated from the early stages of the development lifecycle.
Security Testing and Automation: Develop and implement automated security testing tools and frameworks to enhance the efficiency and effectiveness of security assessments.
Conduct penetration testing and vulnerability scanning to identify potential vulnerabilities and ensure the security robustness of applications.
Security Awareness and Training: Contribute to the development and delivery of security awareness and training programs for development teams.
Promote a culture of secure coding practices, providing guidance on secure coding standards, secure software development methodologies, and emerging security trends.
Incident Response and Forensics: Assist in incident response activities related to application security incidents.
Collaborate with incident response teams to investigate and analyse security incidents, perform forensic analysis, and recommend improvements to prevent future incidents.
Security Compliance and Standards: Stay up to date with industry security standards, regulations, and frameworks relevant to application security.
Ensure compliance with security standards such as OWASP, PCI DSS, and GDPR, and participate in security audits and assessments as required.
Key Experience/Qualifications
Bachelor's degree in Computer Science, Information Security, or a related field
Strong knowledge and understanding of application security principles, secure coding practices, and common vulnerabilities
Hands-on experience with application security assessment tools
Experience in performing security code reviews and manual application penetration testing
Solid understanding of secure software development lifecycle (SDLC) methodologies
Familiarity with programming languages (e.g., Java, .NET, Python, JavaScript) and web technologies (e.g., HTML, CSS, REST, SOAP)
Knowledge of secure coding practices for web and mobile applications
Understanding of cloud security concepts and technologies (AWS, Azure, or similar)
Excellent leadership and delegation skills; influencing and managing activities as part of a cross functional areas to plan and execute effective delivery
Excellent communication skills, with a strong ability to effectively communicate both internally and externally at levels up to Director and C Suite, and the ability to make complex technology problems simple to the business.
Must be capable of understanding and communicating the big picture
Strong negotiation skills with proven ability to maintain relationships with stakeholders and to influence stakeholders in support of project delivery
Strong analytical and problem-solving skills, with the ability to assess risks and propose effective security solutions
Robust relationship management, capable of working with all levels within the organisation by building effective relationships
Highly motivated, driven, pragmatic and completely focused on project delivery for business benefit
Job Type: Fixed term
Contract length: 12 months
Pay: €******-€****** per day
Experience:
Application security principles: 5 years (required)
Security Compliance and Standards: 4 years (required)
Security Testing and Automation: 5 years (required)
Security Code Review: 3 years (required)
Java, .
NET, Python, JavaScript: 3 years (required)
Security Architecture and Design: 4 years (required)