Senior Application Security Engineer at Brightflag

Brightflag is seeking a Senior Application Security Engineer to enhance their engineering team and ensure secure feature delivery. The candidate will embed security into the SDLC, review security impact, assess designs, and conduct secure code reviews. They will enhance DevOps security by integrating SAST, DAST, and security automation into CI/CD.

The role will involve collaborating with the Product & Engineering teams to embed security in requirements, technical designs, and implementation to ensure alignment with InfoSec and Engineering security standards. The candidate will support the external penetration testing process and ensuring findings translate into actionable security improvements.

Role involves:

• Driving the Secure By Design approach.
• Conducting penetration testing.
• Improving DevOps security.
• Developing and delivering security training.
• Securing the integration of AI/ML-based features.
• Collaborating with the DevOps and AWS infrastructure security team.
• Supporting and guiding the external penetration testing process.

Requirements:

• 5+ years’ experience in application security, penetration testing, or a similar security-focused engineering role.
• Bachelor’s degree in computer science or a related field, or equivalent industry certifications.
• Deep understanding of web application security, threat modelling, and secure software development practices
• Strong experience embedding security tools (SAST, DAST, dependency scanning) into CI/CD pipelines and hands-on experience in penetration testing of web applications.
• Excellent knowledge of OWASP vulnerabilities and secure coding principles.
• Familiarity with emerging cybersecurity exploits, attack techniques, and mitigation strategies.
• In-depth knowledge of web application architectures and secure software development practices.
• Strong understanding of network protocols, cryptographic technologies, and authentication/authorisation models.
• Proficiency in Java and secure coding practices.
• Strong coding, scripting, and automation experience, with an emphasis on reducing security toil through tooling.
• Ability to work independently as the expert in application security
• Experience working as a trusted partner to software engineers to drive security adoption effectively and in a collaborative manner
• Strong and pragmatic problem-solving capabilities so that security enables development with security and engineering needs being balanced effectively
• Ability to take ownership of security beyond identifying problems; this person is accountable for ensuring security is implemented correctly
• Excellent communication skills, with the ability to clearly explain security concepts to software engineers, DevOps, and leadership without unnecessary complexity
• Fluent English

Brightflag offers:

• Competitive salary.
• Share options.
• 25 days holidays + 4 company ‘Reset’ days throughout the year.
• Comprehensive health insurance, life insurance and long term illness/income protection.
• Fully flexible work location and work patterns (remote within Ireland, the Netherlands, Germany, Sweden, or Poland).
• Learning subsidy of €2,000 annually.
• Access to Pluralsight.