Product Security Engineer
Description
Our Story
Unum Technology Centre in Carlow serves as a strategic software development and IT services centre supporting Unum, a leading provider of income protection in the US. Our team of IT professionals build solutions and critical business applications to digitally transform the way we do business.
Key Responsibilities
Secure Software Development & DevSecOps Integration
- Architect and integrate security into CI/CD pipelines using modern automation and guardrails.
- Develop secure frameworks, SDKs, and CI integrations to enable frictionless adoption of security controls.
- Maintain secure coding standards and guidance tailored to our technology stack.
- Collaborate with DevOps and platform teams to enhance container and infrastructure security (Docker, IaC).
Threat Modeling, Reviews & Remediation
- Lead threat modeling workshops across product and platform teams.
- Identify and assess vulnerabilities using SAST, DAST, SCA, manual code reviews, and penetration testing.
- Promote reusable remediation patterns for code and infrastructure vulnerabilities..
Engineering & Automation
- Build and maintain automation tools for vulnerability triage, mitigation, and reporting.
- Strengthen API security through robust authentication protocols (OAuth 2.0, OpenID Connect, SAML).
- Support secure deployment of software.
- Mentor engineers and analysts, fostering secure development capabilities across teams.
- Collaborate with Security Champions to build advocacy and threat modeling expertise.
Cross-Functional Leadership & Collaboration
- Act as a bridge between Security, Engineering, and Product teams to align on secure architecture and SDLC practices.
- Support compliance initiatives.
Required Qualifications
- 5+ years in software engineering, or a related technical security role.
- Proficient in at least one modern programming language (e.g., Java, C#, Python, JavaScript).
- Experience with security tools: SAST, DAST, SCA, IaC scanners
- Strong knowledge of cloud infrastructure of one cloud environment
- Familiarity with OWASP Top 10, ASVS, CVSS,
Technical Skills
- Deep understanding of API security protocols and secure service-to-service communication.
- Ability to script or build internal tools to scale security practices.
- Hands-on experience with DevSecOps tools (GitHub Actions, Jenkins, GitLab CI, Terraform, etc.).
Compliance & Governance
- Working knowledge of privacy and security regulations
- Experience supporting audits, risk assessments, and policy development.
Nice to have Qualifications
- Professional certifications (e.g., OSCP, CSSLP, CISSP, Security+).
- Contributions to open-source security projects or community involvement.
- Experience with policy-as-code tools.
- Familiarity with secure runtimes
Key Attributes
- Strategic thinker with a hands-on, problem-solving mindset.
- Strong communicator, able to engage both technical and non-technical stakeholders.
- Collaborative leader with a growth mindset and a passion for mentoring.
- Comfortable navigating fast-paced, cross-functional environments.
#LI-SF1
#LI-Hybrid
#Hybrid
What We Offer
Our size and successful history in Carlow means we can offer you exceptional development and progression, supported by continual learning programs, IT Certifications & third level tuition reimbursement. We offer work-life-balance with flexible working arrangements (including hybrid) and initiatives in support of your well-being. Our attractive range of benefits and reward initiatives includes competitive compensation, 25 days annual leave, paid health insurance, pension scheme, annual performance-based bonus, paid maternity/paternity/adoptive leave, reward programs, and an opportunity to engage with charity and community activities.
Company:
Unum