Application Security Engineer

Job Title:                     Application Security Engineer Reports To:                 Head of Information Security Department:              Information Security   Location:                     Remote - Ireland Hours of Work:          37.5 hours weekly         Job Overview: As a Prometric Application Security Engineer you will be a member of our growing cybersecurity team with a focus on application security. In this role you will be responsible for executing and driving security posture validation, application penetration testing and the management of vulnerabilities on systems within Prometric’s global network. You will work closely with development teams on the security application security testing (SAST) program. You will also work with development, and infrastructure teams to ensure effective and secure coding practices and deployments. This role will also work with other members of the information security team on vulnerability management and dynamic application security testing (DAST). The ideal candidate will have a strong background in SAST/DAST tools, working knowledge of the MITRE ATT&CK framework and general web development and networking skills. Ideally at least 5 years of relevant application security experience.   Main Duties & Responsibilities: Provide hands-on support for the triage, delivery, and on-going support for the DAST/SAST program and tools. Collaborate with development, architecture, engineering, and information security colleagues on application security design and remediation. Work with teams to ensure vulnerability pipelines are tracked, communicated, and optimized. Additionally work to automate the discovery and fixing of issues by leveraging the security tool stack. Support the vulnerability management team’s work on assessments and audits of endpoint security configurations to ensure compliance with industry standards and best practices. Developing and maintaining the application security policies, standards, and procedures.   Analyse/optimize existing threat models and create threat models for core applications. Provide on-going support for Prometric’s voluntary responsible disclosure program to ensure disclosures are triaged appropriately.  Support incident response activities. Stay current with emerging threats and application security technologies.                                                                                       Essential Criteria: Bachelor’s degree in computer science, Information Security, or related field (or equivalent experience). 3 years of cybersecurity work experience. Experience with DAST/SAST tools. Application/product security assurance experience Experience creating threat models for web application software. Familiarity with DevOps workflows and pipelines. Knowledge of continuous integration/continuous deployment (CI/CD) methodologies. Experience designing, deploying, and maintaining security controls. Experience with infrastructure vulnerability assessments. Must have very strong problem solving/troubleshooting skills. Must be able to pay strong attention to detail while multi-tasking and maintaining organizational skills.   Desirable Criteria: Technical Certification in Security is not required but is desired. Time management and strong communication skills Proven ability to work independently and collaboratively in a fast-paced environment, managing multiple priorities and delivering high-quality results on time.   Employee Benefits:  Pension Scheme Healthcare Scheme Life Assurance Employee Health and Wellbeing Initiatives Enhanced Annual Leave 24/7 Employee Assistance Programme Enhanced Maternity/Paternity Leave Social Club Free carparking