Web Application Security Engineer

Job Title: Web Application Security Engineer
Contract Type: Permanent
Location: Sydney C B D
Salary: $140000 - $180000 per annum, Benefits: Bonus + Equity +Tech Allowance
Start Date: 2019-08-29
Reference: V-106052-1
Contact Name: Jason Bidwell
Contact Email:
Job Published: October 08, 2019 12:07

Job Description

Our client has a world-class Transaction Marketing Platform for some of the world’s more notable brands. They are seeking talented and motivated Web Application Security Engineer to join a growing, international team made up world-class tech professionals.

You will join a small security team but be able to work autonomously with the opportunity to set up the penetration testing capability. Ideally coming from a software development background as you will work closely with developers during the design phase to embed security measures within the products. This is a great opportunity to be part of a growing, fun and collaborative culture with some of the best tech minds in the business.

Key Responsibilities:

Actioning of security controls at all phases of the (S)SDLC, including:
  • Manual and automated penetration testing for security quality assurance of applications and websites
  • Auditing of system and AWS cloud infrastructure configurations for security weaknesses
  • Reviewing source code for security vulnerabilities
  • Establishing threat modelling documentation for engineering teams and assist in system design to ensure the necessary technical controls are in place to maintain the CIA triangle
  • Working with Product Team to ensure security and privacy concerns are adequately addressed in feature specifications and in accordance with our legal and compliance requirements
  • Verifying the successful resolution of past vulnerabilities and implement automated tests to detect regressions
  • Maintaining a register of known vulnerabilities
  • Scaling and automating security checks by augmenting CI/CD pipelines with security tooling
  • Documenting of security guidelines and practices
  • Providing application and code security training through workshops and presentations
Key Skills:
  • Experience performing web application vulnerability assessments, using a documented testing methodology (e.g. OWASP, OSSTMM, PTES, etc.)
  • Practical skills in assessing web applications for weaknesses (e.g. XSS, SQLi, CSRF, LFI/RFI, etc.)
  • Collaborate with Engineers to develop an understanding of their systems and data flows
  • Demonstrable skills in identifying threats and attack vectors for systems based on interviews and architecture documentation
  • Knowledge of secure coding best practices and the ability to identity security vulnerabilities in source code
  • A creative mind; able to identify novel ways of bypassing security controls and unintended interactions between multiple systems
  • A hunger for new knowledge and drive to learn; actively participating in the security community and regularly practicing to improve your skills
Your CV should include:
  • Links to source code repositories that can evidence your skills and experience, e.g. scripts, tools, CTF solutions, etc.
  • Links to security communities you actively participate on, e.g. forums, CTFs, bug bounties, etc.
We can offer a highly competitive base salary plus Super, Bonus, Equity and Tech Allowance! Modern and bright offices with a great culture and friendly collaborative team. Please apply online or call Jason Bidwell on 02 9270 5238 for further details

Employee turnover on the rise?

Stop it now with our

Ultimate Guide to Remote Employee Retention!

Get your free guide now >>