Our Story

Unum Technology Centre in Carlow serves as a strategic software development and IT services centre supporting Unum, a leading provider of income protection in the US. Our team of IT professionals build solutions and critical business applications to digitally transform the way we do business.

Our global security team act as a strategic advisor, managing information security standards and compliance in alignment with business priorities. We are looking for an Application Security Manager to help evolve a Security Software Group (CoE), in a DevSecOps environment, with a remit to;

• Provide Dev support for code testing and vulnerability resolution

• Create guidance for common remediations, general threats, secure coding practices

• Build security related services and security support such as libraries/SDKs

• Work Hand-in-Hand with Security Champions who are also App Dev Team members

• Work with Security Champions on Threat Modeling

The Manager role will also involve mentoring a number of Analyst and Engineers in our Irish office that work with our US colleagues in different IT security teams.

The Role

• Build relationships with developers, stakeholders and scrum masters to incorporate security principles into engineering design and deployments

• Supervise testing and validation in application security controls across projects

• Oversee implementation of defensive practices and countermeasures across infrastructure and applications

• Draft and uphold CI/CD security strategy and practices in tandem with other technical team leads

• Simplify automation that applies security inter-workings with CI/CD pipelines

• Serve as a point of contact for security-based escalations and remain tightly involved through resolution

• Build services and tools to enable developers and engineers to easily use security components produced by application security team members

• Support the ability to “shift left” and incorporate security early on and throughout the development lifecycle creating a robust DevSecOps environment.

• Identify vulnerabilities in code through automated and manual assessments, and promote quick remediation

• Communicate vulnerability results in a manner understood by technical and non-technical business units based on risk tolerance and threat to the business, and gain support through influential messaging

• Leverage vulnerability database sources to understand the weakness, probability and remediation options supplied by vendors as well as workarounds

• Join forces and provision security principles in architecture, infrastructure and code

• Regularly research and learn new tactics, techniques and procedures (TTPs) in public and closed forums, and work with colleagues to assess risk and implement/validate controls as necessary through the CI/CD pipeline

• Enrich DevOps architecture with security standards and best practices

• Partner with teams to define key performance indicators (KPIs) and metrics across business units

• Assist with providing daily work direction, technical leadership and mentoring for team members.

• Mentors and coaches team members, ensuring personal development plans are focused on enhancing skills and expertise

• Collaborate with other IT security leaders to help remove obstacles and roadblocks that impact the performance of the overall global IT security team

• Works with other IT security leaders to review the operation and effectiveness of resourcing programs within the organization and contributes ideas for changes and improvements

• Adapts to change, acts as a change agent, and works effectively in a dynamic environment.

What You Offer

• Bachelors Degree preferred, and/or equivalent experience

• 7+ years experience in information technology, information security administration or security operations

• Security expertise in risk assessments, security threats, vulnerabilities and remediation, and general practices

• Experience with DevSecOps and agile workflows, including Scrum and Kanban

• Understanding of OWASP, CVSS, the MITRE ATT&CK framework and the software development lifecycle (SLDC)

• Understanding of containers (e.g., Docker) and container orchestration (e.g., Docker Swarm, Kubernetes)

• Proficient in securing Windows and other operating systems, endpoint applications, networking protocols and devices

• Preferably some experience with operations and security across Amazon Web Services (AWS) and/or Microsoft Azure

• Ability to obtain and maintain technical team and business support to influence a collaborative effort to reduce attack surface while performing rapid, continuous implementation

• Familiarity with one or more programming languages – e.g. Java, C#, Python, or JavaScript

• Strong communication and interpersonal skills

• Self-starter requiring minimal supervision

• Excellence in communicating business risk and remediation requirements from assessments

• Analytical and problem-solving mindset

• Demonstrated strategic and tactical thinking, along with decision-making skills and business acumen

• Knowledge in regulations including GLBA, HIPAA, GDPR, CCPA, and other security frameworks preferred

• CISSP, CCSP, CEH, CCIE, CISM, Security+, or other security related certification preferred.

#LI-GO1

#LI-Hybrid

#Hybrid

What We Offer

Our size and successful history in Carlow means we can offer you exceptional development and progression, supported by continual learning programs, IT Certifications & third level tuition reimbursement. We offer work-life-balance with flexible working arrangements (including hybrid) and initiatives in support of your well-being. Our attractive range of benefits and reward initiatives includes competitive compensation, 25 days annual leave, paid health insurance, pension scheme, annual performance-based bonus, paid maternity/paternity/adoptive leave, reward programs, and an opportunity to engage with charity and community activities.

Company:

Unum

Unum is an equal opportunity employer, considering all qualified applicants and employees for hiring, placement, and advancement, without regard to a person's race, color, religion, national origin, age, genetic information, military status, gender, sexual orientation, gender identity or expression, disability, or protected veteran status.