Threat Analyst Engineer


Limerick
Contract
Negotiable
Research and Development
CR/600309_1783931912
Threat Analyst Engineer

Threat Analyst - Contract Opportunity

Location

Ireland (Hybrid/Remote options subject to client requirements)

Contract Type

12 Month Contract

Eligibility

Applicants must have full rights to work in Ireland without sponsorship.

Eligible candidates may hold:

  • Irish Citizenship
  • EU Citizenship
  • Stamp 4
  • Stamp 1G
  • Equivalent unrestricted Irish work authorization

Unfortunately, visa sponsorship is not available for this position.


Overview

We are seeking an experienced Threat Analyst / Product Security Analyst to join a highly regulated organisation operating within the Medical Device, Healthcare, Financial Services, or other regulated software environments.

This role will focus on assessing software vulnerabilities, exploitability analysis, product security risk assessments, threat modelling, and supporting secure product development throughout the software lifecycle.

The successful candidate will act as a key link between Security, Product Development, Engineering, and Compliance teams, ensuring vulnerabilities are properly assessed, prioritised, and remediated based on real-world risk.


Key Responsibilities

  • Perform vulnerability assessments and exploitability analysis across software products and applications.
  • Review and assess CVE, CVSS, and CWE data to determine product and business impact.
  • Conduct Threat Modelling activities using methodologies such as STRIDE and PASTA.
  • Support Secure SDLC activities including security reviews and risk assessments.
  • Analyse outputs from SAST, DAST, SCA, and SBOM tooling and determine remediation priorities.
  • Evaluate third-party and open-source software risks.
  • Perform product security risk assessments and residual risk evaluations.
  • Collaborate with engineering teams to support vulnerability remediation and secure design initiatives.
  • Produce clear technical documentation, risk assessments, and audit-ready security artefacts.
  • Support security governance activities aligned with regulatory and compliance requirements.

Required Experience

Application & Product Security

  • Product Security
  • Application Security
  • Secure SDLC
  • Security Architecture Reviews
  • Vulnerability Management
  • Security Risk Assessments

Threat Analysis

  • Threat Modelling (STRIDE preferred)
  • Attack Surface Analysis
  • Exploitability Analysis
  • Vulnerability Triage
  • Residual Risk Assessment

Security Tooling

  • SAST
  • DAST
  • SCA
  • SBOM
  • Vulnerability Scanning Tools

Vulnerability Management

Experience working with:

  • CVE
  • CVSS
  • CWE
  • Vulnerability Remediation
  • Dependency Risk Analysis
  • Supply Chain Security

Governance & Compliance

Experience working within one or more of:

  • NIST
  • MITRE ATT&CK
  • ISO 27001
  • GDPR
  • PCI-DSS
  • FDA-regulated environments
  • Medical Device Security Standards
  • Financial Services Security Standards

Preferred Technical Skills

Experience with some of the following:

  • Checkmarx
  • Fortify
  • Veracode
  • SonarQube
  • Burp Suite
  • AppScan
  • Snyk
  • Black Duck
  • JFrog Xray
  • Mend
  • Dependency-Track
  • OWASP Dependency Check

Industry Experience

Candidates must have experience working in a highly regulated environment such as:

  • Medical Devices
  • Healthcare Software
  • Financial Services
  • Banking
  • FinTech
  • Pharmaceutical
  • Life Sciences

Ideal Candidate

  • Strong understanding of vulnerability assessment and exploitability analysis
  • Experienced in Threat Modelling (STRIDE) and secure-by-design principles
  • Comfortable assessing findings from SAST, DAST, SCA, and SBOM processes
  • Able to distinguish between vulnerabilities that are merely present and vulnerabilities that are genuinely exploitable
  • Strong stakeholder management and communication skills
  • Able to translate technical risks into business-focused recommendations

FAQs

Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your resume and details on file so when we see similar roles or see skillsets that drive growth in organizations, we will always reach out to discuss opportunities.

Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.

We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business. 

That's why we recommend registering your resume so you can be considered for roles that have yet to be created. 

Yes, we help with CV and interview preparation. From customized support on how to optimize your CV to interview preparation and compensation negotiations, we advocate for you throughout your next career move.

Handpicked roles for you