Start date: ASAP
Duration: 12-month contract
Location: 1 week in Galway office, 3 weeks working from home
Rate: €450 - €480 per day
Summary
This is a principal engineering role in the new Application Security Platform Squad. This is a new squad, building a new platform, offering the successful candidate the opportunity to build the squad and platform from the ground up.
Verizon's 2024 Data Breach Investigation Report (containing 10,000 confirmed data breaches) states that ~70% of breaches involved exploitation of a web application. Our client has hundreds of web applications on the Internet that make hundreds of releases a month to production. These applications are the main point of interaction that their 40M customers have with our client. It is crucial to our clients’ reputation, and their customers’ livelihoods, that these applications are secure.
The focus of the Application Security Platform squad will be to improve the security and vulnerability scanning coverage, and experience, for our clients’ developer community, driving a “security first” culture across the enterprise. For instance, this will involve creating a centralized scanning service to integrate policy management and security profiling into the developer workflow.
Key Skills
- 8 years of demonstrated experience in designing and developing enterprise-standard applications using one or more major programming languages (e.g. Java/Python/Go), frameworks (Spring, Apache Commons, Angular) and pipeline/build tools (e.g. Maven, Git, Jenkins, AWS CFT/CDK)
- Experience building scalable applications on Kubernetes, or similar platforms
- Experience providing technical leadership, mentoring & coaching to less experienced engineers.
- AWS certification preferred and have working experience with cloud environments.
- Any application security experience, including Pen Testing, Static Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Web Application Firewalls (WAF) would be considered a plus.
- Experience with unit and functional testing with tools such as JUnit, PyUnit, Mockito, Cucumber, Karate, Cypress or similar
- Hands on experience with automation & pipeline implementation (Testing, Continuous Integration / Continuous Delivery pipeline).
- You possess strong engineering skills and have experience deploying maintainable, scalable multi-tiered applications.
- You are capable of designing and developing tools/applications using some of the following technologies: Java; Popular opensource frameworks/libraries (e.g. Spring, SpringBoot, Apache Commons, etc.); SOA and API frameworks such as SOAP and REST; Pipeline/Build tools including GIT, Maven, Jenkins, and AWS CFT/CDK; Front end languages/frameworks including JavaScript/Typescript, jQuery, Angular, NodeJS, Springboard or React a plus.
- You have experience with test automation, including solid understanding of test tools.
- You have experience working in an agile environment (Scrum).
- Ability to communicate optimally to positively influence peers, business unit and technology decision makers.
- Strong analytical skills and ability to tackle issues and work through ambiguous situations by making timely decisions based on facts, knowledge, experience, and judgement.
- You have a passion for continual learning and are always ready to guide, support and/or mentor other members of your team!
- Design, develop, test, deploy and maintain SAST, SCA and secret scanning tools into the CI/CD pipeline and developer workflow tools.
- Continued focus on engineering excellence, including improving automation, test coverage, release velocity and production health.
- You are a creator and a doer who will help us tackle real-life problems and meet real consumer needs.
- You have strong communication skills and technical expertise to drive and participate in meaningful discussions. You are a collaborative team-player in an autonomous team, owning all aspects of delivery (coding, quality, DevSecOps). You build relationships with key business partners and quickly establish trust to ensure effective delivery.
- You clearly detail requirements, and system designs in a way that can be understood by both technical and non-technical individuals.
