Hey there, Senior AppSec Engineers. Are you someone who’s equally skilled with pen testing some infra or a webapp, as you are with engaging with software engineers and helping them improve the ways they write secure code?
Can you read and review code yourself, contribute to daily stand-ups with the devs, and also run internal red and purple team engagements?
Are you able to tackle new product architecture and threat modelling, while being in the repos and playing with weird and wonderful tech on a daily basis?
Can you guarantee the security of production apps/platforms? Can you do this while keeping a few project plates spinning at once, prioritising their needs in real-time?
If you’re drawn to a purpose driven bunch who play with some very cool, very unique products, and a well-funded business and making moves in their market appeals to you, this full-time gig in Sydney might be right up your alley.
For some of the particulars, you’ll be splitting your time between home and the extremely cool Sydney CBD office (seriously, the office has a “cool” factor few others do), and you’ll earn a flexible base salary around $165k - $185k, aligned with your skills and experience (super applied atop this base figure).
How will you be spending your time in this role? You’ll be responsible for the security across a couple of different products. Very interesting products, it must be said. Some hard, some soft. You’ll also be designing a water-tight SDLC framework that utilises all the bells and whistles.
You’ll also be pen testing webapps, API’s, and infra, with the goal of uplifting their security.
How about making certain that software produced achieves all required compliance, security and privacy needs? Yessir. Will you also be helping to fly the security flag across the broader business? You will.
Generally, you’ll be plying your trade in an environment with some of the most complicated threats around. As such, your threat modelling and threat analysis will be… more involved than the average.
What will keep you in very good standing for this role? Given the breadth of responsibilities with this role, it’s not beginner friendly, alas. Atop a foundational background in software/CS, if you can point to the below skills and experience, you’ll be in a good position.
- While experience trumps certs, formal qualification in something relevant like CS, or Information Systems would be well received.
- Demonstrable experience working in a senior application security capacity – as one example, can you succinctly and elegantly explain the difference between symmetric and asymmetric encryption?
- Being handy with Linux is a must for this role.
- You’ll need to be able to write your own code (Python, for instance), and be acutely aware of the unique security risks in CI/CD.
- Strong knowledge of SAST/DAST practices.
- Knowledge of cloud security practices would be well received.
If this has piqued your interest, let’s chat in confidence. Consider applying or reaching out as there’s more info that can be shared with you.
HOW TO APPLY Firstly, please know that any application you make is treated with abject confidentiality. The only people who will know you’ve applied are you & me. Say hi, and let’s chat about what you want.
Click APPLY and/or contact Michael directly on mpearman@decipherbureau.com for a 100% confidential, informal conversation where your privacy will absolutely be respected.
Decipher Bureau and the clients we partner with are committed to creating a diverse environment and are proud to be equal opportunity employers. All qualified applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran, or disability status.