Application Security Engineer (Offensive Testing)

  • Dublin
  • Permanent
  • Thu Jan 15 17:25:00 2026
  • 197227

Application Security Engineer (Offensive Testing)

Location: Dublin
Type: Full-Time
Salary: €65,000 – €85,000

A mature security programme supporting a large, transaction-heavy environment is expanding its offensive testing capability. This role sits within an attack surface and application assurance function, focused on identifying real-world risk in modern web, mobile, and API-driven systems.

The position suits someone who prefers manual testing over checkbox scanning, is comfortable engaging directly with engineers, and can clearly articulate how issues should be fixed — not just where they exist.

The Role

You’ll carry out hands-on application penetration testing across web, mobile, and API estates. The work is scoped, repeatable, and embedded into development and remediation cycles rather than one-off assessments.

Expect deep dives into application logic, auth flows, and API behaviour, alongside regular interaction with engineering teams to validate fixes and improve secure design over time.

Responsibilities

  • Perform manual application penetration testing across web, mobile, and API services

  • Test against OWASP methodologies with a focus on logic flaws and abuse cases

  • Scope applications collaboratively to ensure meaningful coverage

  • Identify, validate, and prioritise vulnerabilities using CVSS and contextual risk

  • Produce clear, evidence-backed reports with practical remediation guidance

  • Retest fixes and confirm risk reduction post-remediation

  • Research emerging attack techniques and incorporate them into testing approaches

  • Contribute to improving internal testing standards and playbooks

Experience & Skills

  • 3+ years hands-on application penetration testing experience

  • Strong understanding of OWASP WSTG and common application attack paths

  • Confident using tools such as Burp Suite Pro and related testing utilities

  • Experience testing REST APIs; SOAP a plus

  • Comfortable explaining technical findings to developers and security stakeholders

  • Strong report writing and documentation skills

  • Ability to manage multiple testing engagements without quality drop-off

Nice to Have

  • Mobile application testing (iOS / Android)

  • Offensive security certifications (OSCP, BSCP, CPTS, similar)

  • Exposure to AI-enabled applications or model-backed APIs

  • Some network or infrastructure testing experience

  • Development background or scripting familiarity

Reperio Human Capital acts as an Employment Agency and an Employment Business.