Back to search
Bold Penguin Linkedin · Posted yesterday

Senior Application Security Engineer

Dublin

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Brief Description

YOUR ROLE

As a Senior Application Security Engineer, you will strengthen the security of our applications, identify and remediate vulnerabilities directly in the code, and promote secure development best practices. You will operate and tune application security tooling, embed security into our development pipelines, and help engineers fix issues before they are ever committed while collaborating with development and infrastructure teams to implement solutions and manage projects independently.

What You'll Do

  • Identify, triage, and remediate application vulnerabilities directly in the code — writing the fix and shepherding it through review and deployment with the owning team, not just filing tickets.
  • Validate and reproduce findings to eliminate false positives, assess real exploitability and business impact, and drive remediation to closure against defined SLAs.
  • Operate, tune, and continuously improve application security tooling (SAST, DAST, software composition analysis and dependency scanning, secrets scanning, and container/image scanning), integrating findings into developer workflows.
  • Embed security into CI/CD pipelines and Git-based workflows so vulnerabilities are caught automatically — and, wherever possible, fixed — before code reaches production.
  • Partner with development teams to define and roll out secure coding standards and pre-commit / pre-merge checks, shifting security left so issues are caught and fixed before code is committed.
  • Lead threat modeling for new features and architecture changes, and perform security-focused code reviews for sensitive changes.
  • Maintain application security standards (OWASP Top 10 prevention, input validation and output encoding, parameterized queries, secure-by-default design) and enforce secure API practices.
  • Strengthen software supply chain and repository security.
  • Maintain compliance with industry-standard frameworks and produce evidence for audits (SOC 2, NYDFS, and PCI DSS).
  • Coach developers through hands-on enablement and a security champions program, and provide application security expertise during incident response.
  • Lead security projects independently, delivering them on time while aligning with business and security goals.
  • Other duties and responsibilities as assigned.

Requirements

YOUR LOCATION

This is a fully remote role, with the exception of onboarding and optional in-office events.

Skills And Qualifications

  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or relevant work experience.
  • Minimum of 4-6 years of practical experience in application security, secure software engineering or software engineering with a strong security focus.
  • Current, hands-on development ability in one or more languages used in modern web platforms (e.g., Python, JavaScript/TypeScript, Go, or Java) — you can read, write, and ship production code to fix vulnerabilities, not just describe them.
  • Deep, practical knowledge of the OWASP Top 10, common web and API vulnerability classes, and secure coding practices.
  • Hands-on experience with application security tooling categories — SAST, DAST, SCA / dependency scanning, and secrets scanning — and integrating them into developer workflows.
  • Experience performing threat modeling and security-focused code reviews.
  • Working knowledge of application security in a cloud environment (AWS preferred).
  • Strong collaboration and communication skills — you can influence developers, explain remediation clearly, and make security the easy choice.

Nice To Haves

  • Relevant certifications such as OSWE, GWAPT, CSSLP, OSCP, or AWS Certified Security - Specialty
  • Experience with multi-account cloud setups or advanced cloud security architectures.
  • Experience with container and Kubernetes security, and Infrastructure-as-Code security (e.g., Terraform).
  • Experience working in a regulated environment (SOC 2, PCI DSS, NYDFS, or similar).
  • Bug bounty participation, security research, CTF, or other offensive-security experience.
  • Background in InsurTech, FinTech, or another data-sensitive industry.

Physical Requirements

  • Must be able to sit/stand/walk for prolonged periods of time, (up to 8 hours per day) at a desk working on a computer.
  • Must be able to use standard office equipment for extended periods of time, including but not limited to, a mouse, keyboard, phone and video conferencing.

Summary

Bold Penguin is the premier digital broker for commercial insurance. Their technology expands top-of-funnel demand and increases yield for enterprise partners. Through digital distribution, wholesale capabilities, and AI-driven insights, they transform the lifecycle of both simple and complex risks, from prospecting to placement.

Benefits

We offer competitive compensation and progressive benefits that include:

  • Medical, Dental, and Vision
  • Flexible PTO Policy
  • 401(k) with a company match
  • Employee Assistance Program
  • Parental Leave
  • Disability and Life Benefits

Stay connected to the Glacier. We have great SLACK channels for work and play. We also like to video conference and hold all-hands "Waddles" regularly.

Penguin bling. Like swag themed after a certain Antarctic bird? Just. You. Wait.

Bold Penguin believes in inclusion. That’s why we’re proud to be an equal opportunity employer that considers all qualified applicants regardless of race, color, religion, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. To learn more about our results-focused culture and employee-focused perks, read more on our careers page.

Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent