Application Security Specialist
- Sydney CBD
- Dec 22, 2021
As a Security Architect, your team will be supporting our platforms through the provision of security architecture services and help to make technology choices that drive change YOUR WHY
Your purpose is to provide expertise to inform and validate the secure design and development of our platform, including changes to existing applications both in the cloud and on-prem. You'll work closely with other personnel such as software architects, developers, and DevOps to ensure appropriate controls are in place and monitored to secure data at rest and in transit. You will determine security requirements in alignment with industry bodies like OWASP, plan and facilitate implementation and testing (SAST, DAST, IAST and RASP) and drive the systematic management and remediation of vulnerabilities, incidents, and gaps to application services, through cost-effective application of defined security patterns.
You will define processes to enforce the security application development lifecycle and balance requirements of speed and security. You will run internal pre and post production pen tests on a regular basis and interact with third parties to coordinate external pen testing of our platform. You will further contribute to company security standards, policies and procedures, and mentor others as required.
This role reports to the Head of Information Security. HOW YOU'LL SPEND YOUR TIME
While you should be able to work across all aspects of the Digital Bank, your primary focus will include:
Build a very close working relationship with wider Product, DevOps, and Engineering teams to advise on security architecture as well as security requirements in new and existing products or software.
Create and maintain application security policies including secure coding policies, procedure, and standards to include necessary security checkpoints, code review etc as part of software development life cycle (SDLC).
Perform application vulnerability assessment, code reviews and risk assessments by partnering with Developers to implement security remediation for identified weakness. Ensure appropriate security controls and processes such as threat modelling and security testing are embedded into the Engineering development processes in a seamless manner. Drive the continued education of engineers and DevOps team around security requirements. Work closely with IT consultants and service providers to scope, manage and remediate regular penetration testing assessments.
Continually review and improve the security function by identifying possible improvements, developing skills, identifying new techniques, and developing automation to mitigate security risks and incidents efficiently.
Apply threat intelligence and other information sources to identify events/risks relevant to the company and integrate this into existing security processes for targeted remediation. Contribute to various projects and support the Head of Security in the delivery of the cybersecurity roadmap in accordance with timeframes and budget.
Producing metrics reporting the state of application security programs and performance of development teams against requirements. WHAT MAKES YOU TICK
Ideally 4-5 years relevant experience in security, preferably in application security or software engineering role
Experience with and knowledge of security principles, techniques, technologies, threat modelling and vulnerability assessment.
Relevant security certifications (CISSP, GIAC, Security+, CEH, OSCP etc) Strong understanding of prominent application vulnerabilities, such as OWASP Top 10 and similar application security methodologies e.g., CWE/SANS Top 25.
Strong technical skills including networking, software engineering, systems administration, penetration testing and vulnerability assessments
Familiarity with AWS security, including Amazon WAF, GuardDuty, Shield configuration, CloudFront, SSE-C etc.
Experience with manual and automated secure code and architecture reviews. Experience with security tools including static/dynamic, white-box/black-box code analysis and vulnerability scanning such as Snyk, AquaSec, DependaBot and SonarCloud. Experience in working with software developers to advise on security controls and requirements
Experience in application development and scripting using Java, Groovy, Python and Bash Experience in highly automated DevOps environments and familiarity with toolsets including Git, ARM, EBS, Cloud Formation, Docker, Kubernetes, Puppet, Chef etc Excellent stakeholder management
Excellent clear communication in both written and verbal
Excellent report writing skills and experience