Application Security Engineer

TL;DR

Application Security Engineer (AppSec/DevSecOps): Embed security into the software development lifecycle (SDLC) by leading threat modeling and secure design, performing application security testing, and integrating security into CI/CD pipelines. Focus on secure SDLC execution, vulnerability validation and remediation verification, and scaling AppSec with automation and AI/ML to improve vulnerability detection and prioritization.

Location: hirify.global Cork office (Ireland) — hybrid work model with a minimum of two days per week in the office.

Company

hirify.global provides a cloud-native security platform to help organizations adopt Zero Trust and protect sensitive data.

What you will do

• Lead threat modeling and secure design (shift-left), and define/enforce secure coding standards (e.g., OWASP Top 10).
• Run application security activities across SDLC, including code reviews, SAST, DAST, penetration testing, and vulnerability triage/validation.
• Integrate security tools into CI/CD pipelines and automate scanning, reporting, and ticketing workflows; build AppSec tooling to scale across products.
• Assess risk (exploitability and impact), prioritize vulnerabilities, and track remediation while maintaining security posture visibility.
• Partner with engineering and product teams to explain findings, recommend practical fixes, and provide training and technical mentorship.
• Act as a security champion across R&D and communicate risk clearly to engineers, product managers, and leadership.

Requirements

• 5+ years of experience in application security and/or software engineering with a security focus.
• Bachelor’s degree in Computer Science, Security, or equivalent experience.
• Strong knowledge of application security concepts and web/application vulnerabilities (OWASP Top 10), plus secure coding practices.
• Hands-on experience with threat modeling and architecture reviews; ability to read/write/review code (preferably C++ and Java).
• Hands-on experience with AppSec tooling such as SAST, DAST, and SCA (and related security testing/validation activities).
• Experience integrating security into CI/CD and DevSecOps pipelines; ability to apply AI/ML to enhance vulnerability detection, prioritization, and remediation workflows.

Nice to have

• Security certifications (e.g., CISSP, CSSLP, OSCP).
• Experience with cloud-native stacks and Windows internals.
• Experience applying AI/automation in security workflows.
• Familiarity with regulatory and compliance frameworks (e.g., SOC2, ISO27001).

Culture & Benefits

• Hybrid work model based in the hirify.global Cork office with at least two office days per week.
• Security embedded into the SDLC with close collaboration across engineering and product teams.
• Mentorship and enablement for engineers and junior AppSec team members.
• Inclusive hiring approach encouraging applications even if not every qualification is met.

Hiring process

• Interviews focused on AppSec/DevSecOps experience, secure SDLC practices, and security testing/validation skills.
• Discussion of collaboration and communication approach with technical and non-technical stakeholders.