Introduction 

Are you searching for an opportunity to play a key role in driving the dramatic growth of a highly successful software company? 

At Poppulo, we’re working on what’s next in communications and workplace technology. As a pioneer in this industry, we understand that meaningfully reaching every employee is hard. And so is managing office space in a hybrid world. And so is improving the customer and guest experience. We exist to make each of these things easier. We exist to bring harmony to our customers. 

And we do that at enterprise scale. Our omnichannel employee communications, customer communications, and workplace experience platform is trusted by over 6,000 organizations today, reaching more than 35M employees and delivering content to 500,000+ digital signs.

We know there’s no such thing as a “perfect" candidate - we’re all a work in progress and are growing new skills and capabilities all the time. We encourage you to apply for a position with Poppulo even if you don’t meet 100% of the requirements. We believe in fostering an environment where there is a diversity of perspectives, in hopes that we can all thrive. 

Overview:

Poppulo is seeking a Senior Application Security Engineer to join our security team.The role of the Senior Application Security Engineer is to identify and anticipate vulnerabilities to protect Poppulo assets. They will utilize established and create new processes and capabilities to focus on vulnerability management, secure code development, software development lifecycles, and security assessments. They will support the development and maintenance of business continuity planning, data, systems, and network security for systems and controls related to their job duties.

Should be flexible to work in UK shifts

Role Responsibilities:

  • Perform and support application security reviews, consulting, testing in coordination with developer operations, and threat modeling (using DREAD and STRIDE), including code review and dynamic testing. 
  • Own and perform application security vulnerability management. 
  • Support the bug bounty program. 
  • Facilitate and support the preparation of security releases. 
  • Support and consult with product and development teams regarding application security. 
  • Assist in creation of secure code training to end-users and developers. 
  • Assist in development of automated security testing to validate that secure coding best practices are being used. 
  • Participate in the planning, implementing, and managing of application security measures/technologies to protect the organization's information systems and networks.
  • Assist with the review, development, and implementation of application security policies, procedures, and service documentation.
  • Monitoring application security systems to identify alerts and response efforts for potential application security events/findings.
  • Develop and mentor junior staff through open communication, training and development opportunities, and celebrate their success.
  • Facilitate our secure SDLC (Software Development Life Cycle) which includes AVS (Application Vulnerability Scanning) scanning, SD3+C, and PD3+C methodologies, etc.  
  • Manual Penetration Testing of our Products and Vendor Products. 
  • Develop detailed vulnerability reports for application owners and management teams. 
  • Conduct detailed penetration test report read-outs with application owners and management teams and provide remediation recommendations. 
  • Participate in On-Call rotations.

Skills & Experience Required:

  • Bachelor's degree in Computer Science, Information Systems, Cyber Security related field, or equivalent experience.
  • One or more security-based certifications preferred, such as CISSP, Security +, GWEB, GWAPT, etc.
  • 5+ years’ experience in some form of information security discipline; Information Security Engineering, Application Security Engineering, etc.
  • 5+ years of experience performing network and application security testing. 
  • 5+ years of experience in software engineering working in .NET, JavaScript, React, HTML, AWS (Amazon Web Services) Micro Services, Python, and AWS-based lambda.  
  • 3+ years working on security principles in software engineering with strong knowledge in Open Web Application Security Project (OWASP) security principles. 
  • Experience with the NIST or ISO 27001/2 security frameworks.
  • Experience with the participation of SOC-based independent audits a plus.
  • Ability to use GitLab/GitHub/CICD Pipelines. 
  • Familiarity with common security libraries, security controls, and common security flaws. 
  • Basic development or scripting experience and skills.  
  • Experience with OWASP, static/dynamic analysis, and common security tools. 
  • A deep understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols). 
  • Experience working with developers. 
  • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
  • Experience identifying security issues through code review. 
  • Strong problem-solving skills and self-motivation to learn and upskill regularly.
  • Experience working in a global hybrid environment with teams applying an agile methodology.
  • The ability to work independently and across functional teams while developing key working relationships.
  • IT (Information Technology) experience and understanding of common devices, equipment, environments, network diagrams & systems.
  • Extraordinary communication (verbally and written) and problem-solving skills with an ability to deliver on time and work with minimal direction.
  • Proven record of producing documentation relating to application services.

Preferred:

  • Experience working asynchronously.
  • Involvement in local or regional security user groups or conferences.
  • A team-first, collaborative approach.
  • Ability to explain complex technical issues clearly and confidently in simple and understandable terms.
  • Must be able to adapt quickly to ever changing requirements and priorities.

Who We Are 

We are a values-driven organization that encourages our employees to bring their authentic selves to work every day and empowers everyone to make a tangible impact on our products, clients and culture. We offer a dynamic environment with driven, fun and flexible individuals, who thrive on challenge and responsibility. This is an opportunity to contribute to our culture and join a company that’s on the move. 

Named a Great Place to Work in 2015, 2016, 2017, 2018, 2019, 2020 and 2021 , we are one of the fastest growing technology companies in Ireland with additional offices in the US and the UK. 

This is an opportunity to contribute to our culture and join a company that’s on the move. We live the Poppulo company values each day and they are key to everything we do. 

“Bring Your Best Self”, “See It”, “Own It”, “Solve It”, and “Better Together” 

Poppulo is an equal opportunity employer. 

We disclose your personal information to our private equity sponsor, Vista Equity Partners, and its affiliates, including Vista Consulting Group (collectively, “Vista”), for administration, research, database development, workforce analytics and business operation purposes, in line with the terms of this Privacy Policy. Vista processes and shares your personal information with its affiliates, including other Vista portfolio companies, on the basis of its legitimate interests in managing, administering and improving its business and overseeing the recruitment process and, if applicable, your employment relationship with Four Winds Interactive LLC. If you have consented to us doing so, we also share your personal information with other Vista portfolio companies for the purpose of being considered for other job opportunities in the pooling system, both inside and outside the EEA. Please find a full list of all Vista portfolio companies at: https://www.vistaequitypartners.com/companies/ and Vista’s privacy policy at https://www.vistaequitypartners.com/privacy/. Where this requires us to transfer your personal information outside of the EEA, please refer to the FWI  Privacy Policy for further details on cross-border transfers. In connection with the recruitment process, your personal data may be transferred outside of the EEA to iCIMS and/or Greenhouse, Hirebridge, LLC and Criteria Corp., which provide applicant tracking and evaluation services. Hirebridge, LLC and Criteria Corp. have agreed to comply with the EU Standard Contractual Clauses to ensure that your personal information is adequately protected whilst outside of the EEA. 

Apply for this Job

* Required

resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)


Our system has flagged this application as potentially being associated with bot traffic. Please turn off any VPNs, clear your browser cache and cookies, or try submitting your application in a different browser. If this issue persists, please reach out to our support team via our help center.
Please complete the reCAPTCHA above.