Unum is looking for an Product Security Engineer to lead the integration of secure development practices across our SDLC in both cloud and on-prem environments. This role combines hands-on technical expertise with strategic influence, focusing on secure architecture, CI/CD automation, and developer enablement. You’ll collaborate with cross-functional teams to drive threat modeling, build secure-by-default tooling, and mentor engineers across Ireland and the US—helping to elevate our overall security maturity and culture.
Key Responsibilities:
Secure Software Development & DevSecOps Integration
- Architect and integrate security into CI/CD pipelines using modern automation and guardrails.
- Develop secure frameworks, SDKs, and CI integrations to enable frictionless adoption of security controls.
- Maintain secure coding standards and guidance tailored to our technology stack.
- Collaborate with DevOps and platform teams to enhance container and infrastructure security (Docker, IaC).
Threat Modeling, Reviews & Remediation
- Lead threat modeling workshops across product and platform teams.
- Identify and assess vulnerabilities using SAST, DAST, SCA, manual code reviews, and penetration testing.
- Promote reusable remediation patterns for code and infrastructure vulnerabilities..
Engineering & Automation
- Build and maintain automation tools for vulnerability triage, mitigation, and reporting.
- Strengthen API security through robust authentication protocols (OAuth 2.0, OpenID Connect, SAML).
- Support secure deployment of software.
- Mentor engineers and analysts, fostering secure development capabilities across teams.
- Collaborate with Security Champions to build advocacy and threat modeling expertise.
Cross-Functional Leadership & Collaboration
- Act as a bridge between Security, Engineering, and Product teams to align on secure architecture and SDLC practices.
- Support compliance initiatives.
Required Qualifications
- 5+ years in software engineering, or a related technical security role.
- Proficient in at least one modern programming language (e.g., Java, C#, Python, JavaScript).
- Experience with security tools: SAST, DAST, SCA, IaC scanners
- Strong knowledge of cloud infrastructure of one cloud environment
- Familiarity with OWASP Top 10, ASVS, CVSS,
Technical Skills
- Deep understanding of API security protocols and secure service-to-service communication.
- Ability to script or build internal tools to scale security practices.
- Hands-on experience with DevSecOps tools (GitHub Actions, Jenkins, GitLab CI, Terraform, etc.).
Compliance & Governance
- Working knowledge of privacy and security regulations
- Experience supporting audits, risk assessments, and policy development.
Nice to have Qualifications
- Professional certifications (e.g., OSCP, CSSLP, CISSP, Security+).
- Contributions to open-source security projects or community involvement.
- Experience with policy-as-code tools.
- Familiarity with secure runtimes
Key Attributes
- Strategic thinker with a hands-on, problem-solving mindset.
- Strong communicator, able to engage both technical and non-technical stakeholders.
- Collaborative leader with a growth mindset and a passion for mentoring.
- Comfortable navigating fast-paced, cross-functional environments
Full Details: HERE