Senior Application Security Engineer

The Opportunity

As an Application Security Engineer at Brightflag, you will play an integral role in the success of our engineering team and help ensure that features are delivered securely. We have a number of high-profile customers across Europe, the US, and Australia, and we are growing quickly. Our engineers take ownership of their work, solve complex problems creatively, and contribute to building exceptional products. We build products using an Agile, process-driven methodology. As a subject matter expert, you will work with the Product & Engineering teams to embed security in requirements, technical designs, and implementation to ensure alignment with our InfoSec and Engineering security standards.

What You Will Be Doing

• Drive our Secure By Design approach: embed security into the SDLC by reviewing requirements with security impact, assessing technical designs, and performing secure code reviews.
• Conduct penetration testing on application features for vulnerabilities, including OWASP Top 10 issues and emerging threats, and work with engineering to remediate findings.
• Improve DevOps security by integrating static analysis (SAST), dependency scanning, dynamic testing (DAST), and security automation into CI/CD, ensuring security across our tech stack (includes Java, Spring, MySQL, Elastic, AWS).
• Develop and deliver security training and mentoring to software engineers, ensuring security knowledge is shared across teams.
• Secure the integration of AI/ML-based features by applying security best practices to data-driven applications and mitigating risks unique to LLMs and data pipelines.
• Collaborate with our DevOps and AWS infrastructure security team, supporting testing and scanning of vulnerabilities in the application tech stack.
• Support and guide the external penetration testing process, ensuring findings translate into actionable security improvements.

Skills & Experience

To be successful in the role, you need:

• 5+ years’ experience in application security, penetration testing, or a similar security-focused engineering role.
• Bachelor’s degree in computer science or a related field, or equivalent industry certifications.
• Deep understanding of web application security, threat modelling, and secure software development practices
• Strong experience embedding security tools (SAST, DAST, dependency scanning) into CI/CD pipelines and hands-on experience in penetration testing of web applicationsExcellent knowledge of OWASP vulnerabilities and secure coding principles.
• Familiarity with emerging cybersecurity exploits, attack techniques, and mitigation strategies.
• In-depth knowledge of web application architectures and secure software development practices.
• Strong understanding of network protocols, cryptographic technologies, and authentication/authorisation models.
• Proficiency in Java and secure coding practices.
• Strong coding, scripting, and automation experience, with an emphasis on reducing security toil through tooling.
• Ability to work independently as the expert in application security 
• Experience working as a trusted partner to software engineers to drive security adoption effectively and in a collaborative manner
• Strong and pragmatic problem-solving capabilities so that security enables development with security and engineering needs being balanced effectively
• Ability to take ownership of security beyond identifying problems; this person is accountable for ensuring security is implemented correctly
• Excellent communication skills, with the ability to clearly explain security concepts to software engineers, DevOps, and leadership without unnecessary complexity

The following are a bonus!

• Experience with Java web applications, Spring, and Spring Security.
• Experience securing SaaS multi-tenant applications.
• Experience with AWS or other cloud platforms.
• High-growth startup experience.
• Security certifications (e.g., OSCP, CISSP, AWS Security Specialty, Google Professional Cloud Security Engineer, GIAC GWAPT, GIAC GPEN).

Life @ Brightflag

• A huge opportunity to make a real impact, to shape what we do and where we are going.
• The exposure and challenge you need to learn, grow and progress your career in a rapidly growing scale-up.
• Complex technical and business problems to solve and the trust and autonomy you need to go and solve them.
• A sound, helpful team, in a friendly, values-driven and inclusive environment.
• Competitive salary. 
• Share options.
• 25 days holidays + 4 company ‘Reset’ days throughout the year.

• Comprehensive health insurance, life insurance and long term illness/income protection.

• Fully flexible work location and work patterns so you can balance life at home with life at work - come to the office, work at home… or enjoy a blend of both at your discretion.  
• Learning subsidy of €2,000/US$2,200/AU$3,200 annually, to spend as you wish, plus study and examination leave where applicable. Our ‘bookworm’ program also enables you to order a book a month.. on us!
• Access to Pluralsight - the on demand learning platform for tech teams.
• The Tax-Saver or Cycle-to-Work Scheme.  
• Wellbeing program & stipend.
• Home office set-up supports.

We are a diverse and inclusive bunch of people. We welcome diverse perspectives and people who make every day count and strive for constant improvement. We do not discriminate based on gender, ethnicity, sexual orientation, religion, civil or family status, age, disability, or race. 

Location & Eligibility

This role offers a flexible work location across Ireland. Whether that be in the office, remote from anywhere in Ireland, or a mix of office/remote work in Ireland, you choose what works best for your lifestyle.

Your time is valuable. To help with your application, we advise that regrettably we cannot offer work permit sponsorship/ self sponsorship for this role. 

About Brightflag

Hello, We’re Brightflag - one of the fastest-growing tech startups in the legal world - we’re on a mission to transform legal operations. Our patented AI-powered software combined with a best-in-class Customer Success team empowers corporate legal teams to do better, no matter the starting point. Our SaaS platform was the first to apply artificial intelligence and machine learning to legal operations management and has invested more than 100,000+ hours in its development. Using Brightflag, corporate legal teams achieve visibility into their operations, streamline internal workflows, and engage with outside counsel more efficiently. You can learn more about Brightflag Here.