(Apply in 3 Minutes) Senior Application Security Engineer

Our Story
Unum Technology Centre in Carlow serves as a strategic software development and IT services centre supporting Unum, a leading provider of income protection in the US. Our team of IT professionals build solutions and critical business applications to digitally transform the way we do business.

We’re looking for a Senior Application Security Engineer to lead the integration of secure development practices across our SDLC in both cloud and on-prem environments. This role combines hands-on technical expertise with strategic influence, focusing on secure architecture, CI/CD automation, and developer enablement. You’ll collaborate with cross-functional teams to drive threat modeling, build secure-by-default tooling, and mentor engineers across Ireland and the US—helping to elevate our overall security maturity and culture.

Key Responsibilities

Secure Software Development & DevSecOps Integration

- Architect and integrate security into CI/CD pipelines using modern automation and guardrails.

- Develop secure frameworks, SDKs, and CI integrations to enable frictionless adoption of security controls.

- Maintain secure coding standards and guidance tailored to our technology stack.

- Collaborate with DevOps and platform teams to enhance container and infrastructure security (Docker, Kubernetes, IaC).

Threat Modeling, Reviews & Remediation

- Lead threat modeling workshops across product and platform teams.

- Identify and assess vulnerabilities using SAST, DAST, SCA, manual code reviews, and penetration testing.

- Promote reusable remediation patterns for code and infrastructure vulnerabilities.

- Leverage threat intelligence to prioritize mitigations based on business risk.

Engineering & Automation

- Build and maintain automation tools for vulnerability triage, mitigation, and reporting.

- Strengthen API security through robust authentication protocols (OAuth 2.0, OpenID Connect, SAML).

- Integrate with API gateways (e.g., Layer7, MuleSoft) to enforce secure communication and tokenization.

- Support secure deployment of microservices and distributed systems using best-in-class tooling.

Security Culture & Enablement

- Mentor engineers and analysts, fostering secure development capabilities across teams.

- Lead internal workshops, onboarding sessions, and lunch-and-learns to promote security awareness.

- Collaborate with Security Champions to build advocacy and threat modeling expertise.

- Create internal documentation, playbooks, and training materials aligned with real-world threats.

Cross-Functional Leadership & Collaboration

- Act as a bridge between Security, Engineering, and Product teams to align on secure architecture and SDLC practices.

- Participate in incident response, forensic analysis, and post-incident remediation.

- Support compliance initiatives (SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR) through technical guidance and documentation.

- Define and track KPIs to measure and improve security maturity across the organization.

Required Qualifications

- 5+ years in application security, software engineering, or a related technical security role.

- Proficient in at least one modern programming language (e.g., Java, C#, Python, JavaScript).

- Experience with security tools: SAST, DAST, SCA, IaC scanners, RASP.

- Strong knowledge of cloud infrastructure (AWS preferred), containers (Docker, Kubernetes), and CI/CD security.

- Familiarity with OWASP Top 10, ASVS, CVSS, MITRE ATT&CK, STRIDE, and software supply chain security.

Technical Skills

- Deep understanding of API security protocols and secure service-to-service communication.

- Experience with secure artifact/package management and container registries.

- Ability to script or build internal tools to scale security practices.

- Hands-on experience with DevSecOps tools (GitHub Actions, Jenkins, GitLab CI, Terraform, etc.).

Compliance & Governance

- Working knowledge of privacy and security regulations (GDPR, CCPA, HIPAA, PCI, SOC 2, ISO 27001).

- Experience supporting audits, risk assessments, and policy development.

Preferred Qualifications

- Professional certifications (e.g., OSCP, CSSLP, CISSP, Security+).

- Contributions to open-source security projects or community involvement.

- Experience with policy-as-code tools (e.g., Open Policy Agent).

- Familiarity with secure runtimes (e.g., Firecracker), sidecars, or service meshes (e.g., Istio).

Key Attributes

- Strategic thinker with a hands-on, problem-solving mindset.

- Strong communicator, able to engage both technical and non-technical stakeholders.

- Collaborative leader with a growth mindset and a passion for mentoring.

- Comfortable navigating fast-paced, cross-functional environments.

Location: Carlow - Hybrid work model.

What We Offer

Our size and successful history in Carlow means we can offer you exceptional development and progression, supported by continual learning programs, IT Certifications & third level tuition reimbursement. We offer work-life-balance with flexible working arrangements (including hybrid) and initiatives in support of your well-being. Our attractive range of benefits and reward initiatives includes competitive compensation, 25 days annual leave, paid health insurance, pension scheme, annual performance-based bonus, paid maternity/paternity/adoptive leave, reward programs, and an opportunity to engage with charity and community activities.

Company: Unum

#J-18808-Ljbffr