![SoftCo Logo](https://storage.hirehive.com/user/Company_46244/3d263ca48515639.jpg?sv=2024-05-04&st=2026-03-07T10%3A22%3A33Z&se=2026-06-05T10%3A22%3A33Z&sr=b&sp=r&rscd=inline%3Bfilename%3D"3d263ca48515639.jpg"&sig=%2FD9U%2F6ML%2FkUIf5fh4uQtcmEO08wdDjGflF0dj%2FCwA0c%3D)
About SoftCo
SoftCo is an AI- native Procure-to-Pay (P2P) and Accounts Payable (AP) automation company built for complex organisations. In a market full of rigid templates and “plug-and-play” promises, our approach is different. We tailor automation around the organisation, not the organisation around the software.
For over 35 years, we’ve helped finance teams move from reactive, manual processes to controlled, scalable and strategic P2P operations. Our AI-native platform strengthens accuracy, visibility and insight, but it’s our delivery expertise that ensures it works in the real world.
Our success at a glance:
1M+ users worldwide
Trusted by organisations including Volkswagen, Patagonia, Primark, Logitech and all 80 departments of the Finnish Government
Global reach with offices in the US, Finland, UK, Kosovo and Ireland
A reputation for owning where precision engineering meets long-term partnership
Join us as Senior Application Security Engineer and and play a key role in strengthening application security across our engineering practices, helping ensure our platform remains secure, resilient, and trusted as we continue to scale globally.
Senior Application Security Engineer – Your role
In this role you will champion security across our engineering culture. You will define and drive our AppSec strategy, embed secure practices throughout the SDLC, and serve as a trusted partner for Development, Product, and DevOps teams.
You will mentor engineers on security, champion secure coding practices, and instill a security-first mindset across development teams. If you thrive at the intersection of engineering and security and excel at identifying and mitigating vulnerabilities at scale, this is the opportunity for you.
Your responsibilities
Partner with engineering and product teams to embed security across the SDLC.
Design, implement, and maintain scalable security automation in cloud environments (AWS and Azure), including SAST, DAST, SCA, and Infrastructure-as-Code scanning.
Define and manage penetration testing scope in collaboration with external vendors, ensuring coverage of high-risk applications, services, and cloud components, and integrating findings into remediation workflows.
Lead and design threat modeling, secure design/code reviews, application-level and AI-system risk assessments.
Define and enforce secure coding standards, guidelines, and reusable patterns.
Harden CI/CD pipelines and embedded continuous security testing protocols.
Automate workflows and streamline detection, remediation, and reporting.
Lead vulnerability assessments, triage findings, and oversee remediation efforts.
Troubleshoot and resolve application, cloud, and AI-related security incidents.
Support incident responses for application-layer security issues and lead root cause analysis.
Coordinate with engineering teams to ensure timely closure of identified risks.
Manage role-based access controls and permissions to safeguard sensitive data.
Act as a hands-on advisor to developers on secure coding and architecture.
Build and lead an Application Security Champions Program to scale awareness.
Deliver targeted training to increase adoption of secure practices.
Mentor and guide new junior AppSec engineers to foster growth.
Represent AppSec in cross-functional engineering/security forums.
Align security roadmap priorities with broader engineering and business goals.
Ensure all implementation tasks and remediation activities related to security are translated into user stories / tickets and tracked on teams’ Agile boards for visibility and accountability.
Your profile
BS/MS in Computer Science, Information Security, or related field (or equivalent experience).
5+ years in Application Security, Secure Development, DevSecOps, or related security roles.
Proven hands-on experience mitigating application vulnerabilities using manual & automated approaches such as: SAST, DAST, SCA, dynamic analysis.
Solid understanding of cloud security (AWS, Azure, or GCP).
Strong understanding of SSDLC with proven ability to embed security in Agile/DevOps environments.
Strong understanding of ML/AI architecture components (data pipelines, training workflows, model serving, inference endpoints) and associated security risks.
Able to take ownership while effectively partnering across distributed teams.
Strong investigative mindset with a focus on root cause and proactive problem-solving.
Demonstrated ability to design, implement, and maintain security tools and processes.
Preferred certifications: OSCP, OSWE, CSSLP, GWEB, CISSP.
What We Offer
Competitive remuneration and performance-based bonus
Company-paid health insurance, pension and life assurance
Hybrid Working Model (2 days per week in office following onboarding period)
On-site gym with company-funded fitness classes (Dublin office)
Long service incentive awards and employee referral programme
Structured learning and development investment
Our structure gives you real ownership and direct exposure to senior leadership. Progression is based on capability, not hierarchy.
Our Culture
Our culture is built on the values that shape how we work together and how we deliver for our customers.
Initiative, accountability, and collaboration are central to how we operate. Our teams work across disciplines and locations to solve complex problems and deliver meaningful outcomes.
We encourage clear thinking, ownership and continuous learning. Expertise is respected and people are trusted to take responsibility for the work they lead.
Different perspectives strengthen our teams and improve the systems we build. We are committed to creating an inclusive environment where everyone can contribute and grow.
SoftCo is proud to be an equal opportunities employer and welcomes applications from all backgrounds. Learn more at softco.com/about-us.