Threat Analyst Engineer
Threat Analyst - Contract Opportunity
Location
Ireland (Hybrid/Remote options subject to client requirements)
Contract Type
12 Month Contract
Eligibility
Applicants must have full rights to work in Ireland without sponsorship.
Eligible candidates may hold:
- Irish Citizenship
- EU Citizenship
- Stamp 4
- Stamp 1G
- Equivalent unrestricted Irish work authorization
Unfortunately, visa sponsorship is not available for this position.
Overview
We are seeking an experienced Threat Analyst / Product Security Analyst to join a highly regulated organisation operating within the Medical Device, Healthcare, Financial Services, or other regulated software environments.
This role will focus on assessing software vulnerabilities, exploitability analysis, product security risk assessments, threat modelling, and supporting secure product development throughout the software lifecycle.
The successful candidate will act as a key link between Security, Product Development, Engineering, and Compliance teams, ensuring vulnerabilities are properly assessed, prioritised, and remediated based on real-world risk.
Key Responsibilities
- Perform vulnerability assessments and exploitability analysis across software products and applications.
- Review and assess CVE, CVSS, and CWE data to determine product and business impact.
- Conduct Threat Modelling activities using methodologies such as STRIDE and PASTA.
- Support Secure SDLC activities including security reviews and risk assessments.
- Analyse outputs from SAST, DAST, SCA, and SBOM tooling and determine remediation priorities.
- Evaluate third-party and open-source software risks.
- Perform product security risk assessments and residual risk evaluations.
- Collaborate with engineering teams to support vulnerability remediation and secure design initiatives.
- Produce clear technical documentation, risk assessments, and audit-ready security artefacts.
- Support security governance activities aligned with regulatory and compliance requirements.
Required Experience
Application & Product Security
- Product Security
- Application Security
- Secure SDLC
- Security Architecture Reviews
- Vulnerability Management
- Security Risk Assessments
Threat Analysis
- Threat Modelling (STRIDE preferred)
- Attack Surface Analysis
- Exploitability Analysis
- Vulnerability Triage
- Residual Risk Assessment
Security Tooling
- SAST
- DAST
- SCA
- SBOM
- Vulnerability Scanning Tools
Vulnerability Management
Experience working with:
- CVE
- CVSS
- CWE
- Vulnerability Remediation
- Dependency Risk Analysis
- Supply Chain Security
Governance & Compliance
Experience working within one or more of:
- NIST
- MITRE ATT&CK
- ISO 27001
- GDPR
- PCI-DSS
- FDA-regulated environments
- Medical Device Security Standards
- Financial Services Security Standards
Preferred Technical Skills
Experience with some of the following:
- Checkmarx
- Fortify
- Veracode
- SonarQube
- Burp Suite
- AppScan
- Snyk
- Black Duck
- JFrog Xray
- Mend
- Dependency-Track
- OWASP Dependency Check
Industry Experience
Candidates must have experience working in a highly regulated environment such as:
- Medical Devices
- Healthcare Software
- Financial Services
- Banking
- FinTech
- Pharmaceutical
- Life Sciences
Ideal Candidate
- Strong understanding of vulnerability assessment and exploitability analysis
- Experienced in Threat Modelling (STRIDE) and secure-by-design principles
- Comfortable assessing findings from SAST, DAST, SCA, and SBOM processes
- Able to distinguish between vulnerabilities that are merely present and vulnerabilities that are genuinely exploitable
- Strong stakeholder management and communication skills
- Able to translate technical risks into business-focused recommendations
FAQs
Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your CV and details on file so when we see similar roles or see skillsets that drive growth in organisations, we will always reach out to discuss opportunities.
Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.
We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.
That's why we recommend registering your CV so you can be considered for roles that have yet to be created.
Yes, we help with CV and interview preparation. From customised support on how to optimise your CV to interview preparation and compensation negotiations, we advocate for you throughout your next career move.
