Company
QT Technologies Ireland Limited
Job Area
Engineering Group, Engineering Group > Security Engineering
General Summary
A Product Security Engineer focused on vulnerability management and its automation will strengthen the security posture of our software systems. The role owns the end‑to‑end vulnerability lifecycle, from identification and assessment through remediation and reporting, and builds scalable automation for vulnerability management activities.
About the Role
Primary responsibilities include managing intake and triage of vulnerabilities across internal and third‑party software components, building and running automation for those purposes, and working closely with engineering teams to assess severity, impact, and exposure. The engineer prioritises remediation efforts based on risk, drives timely resolution in alignment with organizational security policies, SLAs, and compliance requirements, and designs, develops, and maintains infrastructure and systems that scale these activities.
Day‑to‑day tasks involve working with vulnerability management infrastructure such as scanning tools, ticketing systems, and reporting dashboards. The engineer leverages commercial platforms and custom-built tooling to automate vulnerability tracking, analysis, and reporting, with a focus on scaling workflows through automation and AI‑assisted capabilities. Advised developers on practical fixes, mitigations, and secure implementation patterns is a core duty, ensuring rapid and effective remediation.
Risk‑based decision‑making drives vulnerability assessment and remediation prioritization. The engineer performs applicability and exploitability analysis to determine true product impact, and collaborates with development, infrastructure, and incident response teams to prevent future vulnerabilities. Monitoring external threat intelligence sources—including CVE disclosures, vendor advisories, and zero‑day reports—helps identify exposures and coordinate appropriate response actions.
Success in this role requires strong technical expertise, execution, and collaboration to deliver consistent, scalable, and accountable vulnerability remediation practices across the organization.
Required Qualifications
Strong proven experience managing the end‑to‑end vulnerability lifecycle, including intake, triage, risk assessment, remediation tracking, and reporting.
Demonstrated ability to perform risk‑based vulnerability prioritisation, including applicability and exploitability analysis beyond raw CVSS scoring.
Solid understanding of secure software development practices and common vulnerability classes (e.g., injection flaws, insecure dependencies, misconfigurations).
Experience scaling vulnerability management programs through automation, custom tooling, or AI‑assisted analysis.
Hands‑on experience with vulnerability scanning tools and remediation tracking workflows (e.g., scanners, ticketing systems, dashboards).
Experience analysing vulnerabilities in third‑party and open‑source software, including CVE review and vendor advisory intake.
Ability to provide clear, actionable remediation guidance to developers, including recommended fixes and mitigation strategies.
Proficiency in Python, C and C++.
Basic understanding of operating‑system fundamentals (e.g., access control, permissions, processes).
Strong analytical and problem‑solving skills, with the ability to assess complex technical environments.
Excellent written and verbal communication skills.
Ability to operate effectively in fast‑paced environments with multiple stakeholders and competing priorities.
Familiarity with AI advances in this area.
Preferred Qualifications
Knowledge of regulatory or compliance‑driven security requirements impacting software products (e.g., SDLC, CRA).
Familiarity with software composition analysis (SCA), SBOMs, and vulnerability metadata such as VEX.
Experience integrating vulnerability management with CI/CD pipelines or engineering workflows.
Familiarity with external threat intelligence sources, including zero‑day disclosures and coordinated vulnerability response.
Education Qualifications
Bachelor’s degree in computer science, electrical engineering, or a related technical field, or equivalent practical experience.
2+ years of hands‑on experience in product security, vulnerability management, or other relevant application security roles.
Where you will be working
Cork is Ireland’s second largest economic engine and offers a high quality of life. The city’s location, connected airport, and diverse community provide a supportive environment for both professional and personal growth.
Equal Opportunities
We are an Equal Opportunity employer; all qualified applicants will receive consideration for employment without regard to race, colour, religion, sexual orientation, gender identity, national origin, disability, veteran status, or any protected classification.
What’s on Offer
Salary, stock and performance‑related bonus
Maternity/Paternity Leave
Employee stock purchase scheme
Matching pension scheme
Education Assistance
Relocation and immigration support (if needed)
Life, Medical, Income and Travel Insurance
Subsidised memberships for physical and mental well‑being
Bicycle purchase scheme
Employee run clubs, including running, football, chess, badminton and more
Minimum Qualifications
Bachelor’s degree in Engineering, Computer Science, or related field and 2+ years of Security Engineering or related work experience.ORMaster’s degree in Engineering, Computer Science, or related field and 1+ year of Security Engineering or related work experience.ORPhD in Engineering, Computer Science, or related field.
References to a particular number of years of experience are for indicative purposes only. Applications from candidates with equivalent experience will be considered, provided that the candidate can demonstrate an ability to fulfil the principal duties of the role and possesses the required competencies.
#J-18808-Ljbffr