The e-commerce landscape is changing at a rapid pace and Australian business, consumers and the broader community require services that are relevant to how they will transact, get online, shop, pay and deliver.
The Application Security Specialist provides expertise to inform and validate the secure design and development of web and mobile based solutions. The position will be a part of the team responsible for security across the entire software development lifecycle, including developing education and awareness of secure development practices, engaging with business stakeholders and validating the security of applications and services.
Strategy Execution and Customer
- Ensure that application security is an embedded and critical part of the application delivery lifecycle (including during the early stages of projects) regardless of delivery methodology
- Perform application vulnerability assessments
- Performing secure code review across a variety of programming languages
- Automate security testing and processes as part of CI/CD.
- Identify inherent vulnerabilities and information security risks within systems and applications
- Performing assessments of SDLC processes
- Developing testing scripts and procedures
- Ability to present findings to technical staff and business stakeholders
- Clearly document and communicate security findings, risk description, risk level, and recommended solutions to stakeholders
- Strong ethics and understanding of ethics in business and information security
- Other security-related tasks that may be assigned according to skills
- Ability to complete tasks and deliver professionally written reports for clients
- Manage security incidents when required
- Document security policies, standards and guidelines
- Train and educate developers and teams in secure coding techniques.
- Train and mentor other members of the Application Security Team.
Essential Experience
Industry and Function
- Strong experience with web and mobile application security
- Experience with configuration management tools such as Puppet, Chef or Ansible. Any security automation experience.
- Strong platform experience. EG) Linux, Redhat, CentOS or similar.
- Proven experience with continuous integration and relevant tools such as Bamboo, Jenkins or similar
- Proven experience with AWS and knowledge of the breath of services and their application.
- Proven experience working with of agile practices and methodologies.
Relationships
- Ability to work productively and collaboratively within a cross-functional or cross-skilled team
- Ability to engage and influence others on architectural, development, process and operational improvement
- Drive a culture of innovation and continuous improvement in security.
Role Challenges
- Actively encourage and assist with fostering a strong DevOps/DevSecOps culture within the organisation.
- Evaluate, compare and prioritise competing requests, requirements and interests.
- Breadth and diversity of technologies and security techniques that need to be understood.
For more information or a confidential discussion, please contact <Chris Yang> quoting reference: <186887>.
Please click the apply button if you think you are the right person.
