Web Application Security Engineer

Job Title: Web Application Security Engineer
Contract Type: Permanent
Location: Sydney C B D
Salary: $140000 - $180000 per annum, Benefits: Bonus + Equity +Tech Allowance
Start Date: 2019-08-29
Reference: V-106052-1
Contact Name: Jason Bidwell
Contact Email:
Job Published: October 08, 2019 12:07

Job Description

Our client has a world-class Transaction Marketing Platform for some of the world’s more notable brands. They are seeking talented and motivated Web Application Security Engineer to join a growing, international team made up world-class tech professionals.

You will join a small security team but be able to work autonomously with the opportunity to set up the penetration testing capability. Ideally coming from a software development background as you will work closely with developers during the design phase to embed security measures within the products. This is a great opportunity to be part of a growing, fun and collaborative culture with some of the best tech minds in the business.

Key Responsibilities:

Actioning of security controls at all phases of the (S)SDLC, including:
  • Manual and automated penetration testing for security quality assurance of applications and websites
  • Auditing of system and AWS cloud infrastructure configurations for security weaknesses
  • Reviewing source code for security vulnerabilities
  • Establishing threat modelling documentation for engineering teams and assist in system design to ensure the necessary technical controls are in place to maintain the CIA triangle
  • Working with Product Team to ensure security and privacy concerns are adequately addressed in feature specifications and in accordance with our legal and compliance requirements
  • Verifying the successful resolution of past vulnerabilities and implement automated tests to detect regressions
  • Maintaining a register of known vulnerabilities
  • Scaling and automating security checks by augmenting CI/CD pipelines with security tooling
  • Documenting of security guidelines and practices
  • Providing application and code security training through workshops and presentations
Key Skills:
  • Experience performing web application vulnerability assessments, using a documented testing methodology (e.g. OWASP, OSSTMM, PTES, etc.)
  • Practical skills in assessing web applications for weaknesses (e.g. XSS, SQLi, CSRF, LFI/RFI, etc.)
  • Collaborate with Engineers to develop an understanding of their systems and data flows
  • Demonstrable skills in identifying threats and attack vectors for systems based on interviews and architecture documentation
  • Knowledge of secure coding best practices and the ability to identity security vulnerabilities in source code
  • A creative mind; able to identify novel ways of bypassing security controls and unintended interactions between multiple systems
  • A hunger for new knowledge and drive to learn; actively participating in the security community and regularly practicing to improve your skills
Your CV should include:
  • Links to source code repositories that can evidence your skills and experience, e.g. scripts, tools, CTF solutions, etc.
  • Links to security communities you actively participate on, e.g. forums, CTFs, bug bounties, etc.
We can offer a highly competitive base salary plus Super, Bonus, Equity and Tech Allowance! Modern and bright offices with a great culture and friendly collaborative team. Please apply online or call Jason Bidwell on 02 9270 5238 for further details