Application Security Engineer

How You’ll Support Our Mission

ESO’s teams are growing, and our software is in demand globally by firefighters, paramedics, hospitals and governments. To meet this demand, we are building an industry-leading cyber security team in Belfast to protect our customers and data from a variety of fast moving and constantly evolving threats.

We are looking for an Application Security Engineer to join our Belfast and US teams. Work alongside our fire, hospital and EMS Engineering teams to secure our mission-critical applications. These applications are used to help our customers go about their daily job of protecting their communities and saving lives.

You will refine our application design and protection using offensive security techniques like design assessment, research, threat intelligence, threat modelling, and controls optimisation.

You will conduct security assessments of our applications, identify issues, and help address them early in the development cycle. You'll also support developers in improving coding practices to enhance security and assist with remediating findings from security assessments.

Our Security Engineering team operates autonomously within a motivated and forward-thinking Security team. Join our diverse, growing team, working on mission-critical products with training and mentoring support.

What You’ll Be Doing – the day to day

• Have significant impact on the security of our systems that are used by thousands of fire fighters, paramedics and hospitals worldwide.
• Be a key part of our cyber security team, with demonstrable impact on the security of our systems and applications.
• Conduct internal security assessments of APIs and Cloud infrastructure, validate controls, design across our estate, and lead remediation activities prioritization.
• Enhance Secure Development by contributing to threat modelling, risk assessment, evolving Secure Coding Guidelines, and maintaining core security controls like SAST and DAST deployments.
• Provide technical support with risk assessments on PHI, and steering improvements to our environment in line with common standards such as NIST.
• Support External Penetration Testing and application vulnerability efforts, delivering assessments and prioritizing remediation activities across the organization.
• Be across Threat Intelligence relevant to our industry and geographic regions, and translating that to real world defences for us as an organization.
• Work collaboratively cross-team, to impart your expertise across the organisation.
• Be in the detail, working shoulder-to-shoulder with our technology teams.

Who You Are - some of the essential things required to be successful in the role

• At least 4 years' experience in securing software or infrastructure, penetration testing or pure product or application security.
• Expertise in offensive security techniques and methodologies, including ethical security testing.
• Deep understanding of secure coding practices, common vulnerabilities and risk scoring methodologies (OWASP Top 10, CWE, CVSS scoring etc.).
• Experience communicating to stakeholders of varying technical skill levels.

Your experience should include:

• Using offensive security tooling, including tools such as Burp Suite, Kali, Metasploit and such.
• Scripting including the use of python, Powershell, bash or Javascript.
• Securing networks, hosts, web applications and cloud native deployments.
• Working with toolsets such as: vulnerability management, firewalls, SIEM, PAM, IDS/IPS, EDR/XDR, WAF.
• Working with code security controls such as SAST / DAST / IAST / RASP.

You should also:

• Have some knowledge in securing Continuous Integration / Continuous Deployment and associated practices.
• Understand current attack tactics, techniques and procedures along with the use of MITRE Attack framework, as well as other more recent MITRE initiatives.
• Be inquisitive, have a passion for what you do and understanding how your work impacts and contributes ESO’s success.

Who You Are – it’s desirable if you have any of the following

• Certifications such as OSCP or OSCP+, OSCE GPEN, OSWA, OSSTIMM or equivalents.
• Exposure to Infrastructure as Code and Azure native technologies.
• Experience with threat modelling, NIST and CIS frameworks.
• Experience working with and securing FHIR, HL7 APIs, medical applications or hardware.

Benefits & Perks!

• Life insurance (4 x base salary) Income protection insurance.
• A generous pension contribution.
• Private medical insurance including optical and dental.
• A health cash plan.
• Modern City Centre office and a flexible hybrid working policy.
• AwardCo Recognition Program.
• Enhanced paternity leave and pay, enhanced adoptive pay, enhanced maternity pay- 12 weeks full pay after 6 months' service.
• Enhanced short and long-term sick pay.
• 25 days holiday which increases year on year until you reach 5 years of service + 14 additional days.

About ESO

ESO is a fast-paced, growing data, technology and research company passionate about improving community health and safety through the power of data. We pioneer innovative, user-friendly software to meet the changing needs of today’s EMS agencies, fire departments, and hospitals. We’re small enough to be nimble and fun, but big enough to be a great place to work. We serve thousands of customers out of our offices across the US, Canada and Northern Ireland.

Are you ready to Make a Difference?

ESO is committed to creating a diverse and inclusive work environment and is proud to be an equal opportunity employer. We invite you to consider opportunities at ESO regardless of your gender; gender identity; gender reassignment; age; religious or similar philosophical belief; race; national origin; political opinion; sexual orientation; disability; marital or civil partnership status or other non-merit factor.

Our Equal Opportunity Statement of Policy for Northern Ireland is available on request.

Applicant Privacy Notice – please click here to review the applicant privacy notice which details how your data is collected, used and protected.