Product Security Engineer, Senior - Vulnerability Management Research and Automation - Cork, Ireland

Company

QT Technologies Ireland Limited

Job Area

Engineering Group, Engineering Group > Security Engineering

General Summary

About the Role:

As a Product Security Engineer focused on vulnerability management and its automation, you will play a critical role in strengthening the security posture of our software systems by owning the end to end vulnerability lifecycle, from identification and assessment through remediation and reporting. This role is well suited for a hands on security professional with strong experience in vulnerability tracking, risk based prioritization, and building and maintaining scalable automation for vulnerability management activities.

Your primary focus will be managing the intake and triage of vulnerabilities across internal and third party software components, and devising and running automation for those purposes. You will work closely with engineering teams to assess severity, impact, and exposure, prioritize remediation efforts based on risk, and drive timely resolution in alignment with organizational security policies, SLAs, and compliance requirements.

You will work extensively with the vulnerability management infrastructure, including scanning tools, ticketing systems, and reporting dashboards that provide visibility into remediation progress and risk trends. This includes leveraging commercial platforms and custom built tooling to automate vulnerability tracking, analysis, and reporting, with a strong emphasis on scaling these workflows through automation and AI assisted capabilities.

You will enable rapid and effective remediation by working directly with developers to recommend practical fixes, mitigations, and secure implementation patterns that can be readily adopted across teams.

A core responsibility of the role is ensuring that vulnerability assessment and remediation prioritization are driven by real world risk. You will perform applicability and exploitability analysis to determine true product impact and ensure informed, risk based decision making rather than reliance on severity scores alone.

You will collaborate closely with development, infrastructure, and incident response teams to ensure vulnerabilities are not only resolved but also prevented through improved processes, secure coding practices, and architectural guidance. You may also monitor external threat intelligence sources, including CVE disclosures, vendor advisories, and zero day reports, to identify relevant exposures and coordinate appropriate response actions.

This is a hands on, operationally focused role that combines deep technical expertise with strong execution and collaboration. You will play a key role in driving consistent, scalable, and accountable vulnerability remediation practices across the organization.

Required Qualifications

• Strong proven experience managing the end to end vulnerability lifecycle, including intake, triage, risk assessment, remediation tracking, and reporting.
• Demonstrated ability to perform risk based vulnerability prioritization, including applicability and exploitability analysis beyond raw CVSS scoring.
• Solid understanding of secure software development practices and common vulnerability classes (e.g., injection flaws, insecure dependencies, misconfigurations).
• Experience scaling vulnerability management programs through automation, custom tooling, or AI assisted analysis.
• Hands on experience with vulnerability scanning tools and remediation tracking workflows (e.g., scanners, ticketing systems, dashboards).
• Experience analyzing vulnerabilities in third party and open source software, including CVE review and vendor advisory intake.
• Ability to provide clear, actionable remediation guidance to developers, including recommended fixes and mitigation strategies.
• Proficiency in Python, C and C++.
• Basic understanding of Operating systems fundamentals (e.g., access control, permissions, processes etc.).
• Strong analytical and problem solving skills, with the ability to assess complex technical environments.
• Excellent written and verbal communication skills.
• Ability to operate effectively in fast paced environments with multiple stakeholders and competing priorities.
• Familiarity with AI advances in this area.

Preferred Qualifications

• Knowledge of regulatory or compliance driven security requirements impacting software products (e.g., SDLC, CRA).
• Familiarity with software composition analysis (SCA), SBOMs, and vulnerability metadata such as VEX.
• Experience integrating vulnerability management with CI/CD pipelines or engineering workflows.
• Familiarity with external threat intelligence sources, including zero day disclosures and coordinated vulnerability response.

Education Qualifications

• Bachelor's degree in computer science, electrical engineering, or a related technical field, or equivalent practical experience.
• 2+ years of hands on experience in product security, vulnerability management, or other relevant application security roles.

Location

Cork has a proud reputation as Ireland's second largest economic engine and is now one of the Top 20 location choices in Europe with 39,000 people being employed by over 170 overseas companies. There's a growing diversity in the region with people from many nationalities relocating to Cork, relishing the opportunity to work and live in a location that offers an excellent quality of life. A gateway to Europe, Cork airport provides access to almost 50 international destinations including transatlantic air routes.

Equal Opportunities

We are an Equal Opportunity employer; all qualified applicants will receive consideration for employment without regard to race, colour, religion, sexual orientation, gender identity, national origin, disability, veteran status, or any protected classification.

Benefits

• Salary, stock and performance related bonus
• Maternity/Paternity Leave
• Employee stock purchase scheme
• Matching pension scheme
• Education Assistance
• Relocation and immigration support (if needed)
• Life, Medical, Income and Travel Insurance
• Subsidised memberships for physical and mental well being
• Bicycle purchase scheme
• Employee run clubs, including running, football, chess, badminton and many more

Minimum Qualifications

• Bachelor's degree in Engineering, Computer Science, or related field and 2+ years of Security Engineering or related work experience.
• Master's degree in Engineering, Computer Science, or related field and 1+ year of Security Engineering or related work experience.
• PhD in Engineering, Computer Science, or related field.

References to a particular number of years experience are for indicative purposes only. Applications from candidates with equivalent experience will be considered, provided that the candidate can demonstrate an ability to fulfill the principal duties of the role and possesses the required competencies.