Application Security Lead

Join to apply for the Application Security Lead role at Cbus Super Fund

2 days ago Be among the first 25 applicants

Join to apply for the Application Security Lead role at Cbus Super Fund

Get AI-powered advice on this job and more exclusive features.

Direct message the job poster from Cbus Super Fund

About Cbus

Created by workers, for workers, Cbus Super is one of Australia's most successful Superannuation funds. For almost four decades we've proudly represented those who help shape Australia, hard-working individuals who deserve to make the most of their retirement, no matter the industry. As an award-winning fund we've been recognised for the benefits provided to our members and our innovative investment approach. All while staying committed to our member first ethos as a proud Industry Fund.

About the Role

We're looking for a passionate and experienced Application Security (AppSec) Lead to join our internet-facing software engineering team. This is a unique opportunity to shape the security posture of customer-facing applications and services, working at the intersection of engineering and security. This role combines hands-on technical expertise with strategic leadership, ensuring secure design, development, and deployment of customer-facing systems.

This role demands strong subject matter expertise in enterprise secure development practices, along with the ability to influence and drive process improvements across the organisation. Working across multiple complex projects, the AppSec Lead will engage with a wide range of internal and external stakeholders to ensure alignment with Cbus' security policies, standards, and control frameworks.

Key Accountabilities:

• Drive threat modeling, secure coding practices, and security automation.
• Collaborate with developers to integrate security into CI/CD pipelines and monitor for vulnerabilities in code and dependencies.
• Collaborate with developers, architects, security engineers, and external vendors to promote secure coding and engineering standards across all stages of development.
• Partner with security, risk, compliance, and delivery teams to identify, assess, and address cybersecurity risks, ensuring implementation of agreed controls.
• Conduct and facilitate threat modelling and application-level risk assessments and perform security evaluations on both internal and third-party applications.
• Elicit and translate key business requirements into actionable security requirements to ensure alignment with Cbus' security objectives.
• Define, track, and report on key security metrics to measure application security posture and communicate findings to stakeholders.
• Provide security training and mentor developers/peers, participate in code reviews, and promote a culture of security awareness.
• Contribute to secure system architecture design and define cyber and information security requirements for projects and transformation initiatives.
• Support service transition into Security Services Governance and Ops teams, assist with regulatory compliance activities, and translate technical risks into business impacts.

About You

You're a seasoned security professional with a strong foundation in software engineering and deep expertise in application and API security across web, mobile, and cloud environments. You're confident leading strategic initiatives, influencing architecture decisions, and translating complex security concepts into clear, actionable guidance for diverse stakeholders. Whether driving secure SDLC practices, shaping threat modelling frameworks, or aligning security with business goals, you're passionate about building secure, scalable systems that enable innovation and resilience.

Your Skills & Experience

• Extensive Application Security or Software Engineering experience with a security focus. Tertiary qualifications in IT, Software Engineering, Cybersecurity or relevant certifications (CISSP, CCSP, GSSP, GWAPT, etc).
• Strong understanding of web application security (OWASP Top 10, API security, etc.).
• Strong ability to conduct threat modelling and security assessments of applications (Web/Mobile/SaaS) is crucial for this role.
• Experience with secure SDLC, DevSecOps, and cloud-native architectures (AWS, Azure, GCP)
• Excellent communication and leadership skills.
• Familiarity with container security and modern development environments.
• Display strong understanding of Infrastructure as Code (Terraform, CloudFormation, Ansible).
• Familiarity with CI/CD tools (Jenkins, Azure DevOps) and Agile practices and experience in automating security processes would be advantageous.
• Knowledge of regulatory requirements (e.g., CPS234, Privacy), awareness of current and emerging cybersecurity threats and ability to assess their potential impact on Cbus' major stakeholders would be beneficial.
• Strong communication skills, ability to explain security concepts and issues to business stakeholders.

Belong at Cbus

We value difference, and embrace people with diverse backgrounds, experiences, gender identities, abilities and thinking styles. We believe that, with diversity of perspectives and experiences, you get better teams and outcomes. We're looking for people of all genders, races, nationalities, orientations and of all abilities to join us.

We're keen to hear from you

If you've read through the requirements of this role and you feel like you haven't fully met the criteria, we would still encourage you to apply. We're aware of accessibility barriers when it comes to applying for a job and we want to help. If you require assistance with your application, please contact our Talent Acquisition Team via

Like to know more about working with Cbus? Listen to some of our videos with members of the Cbus team on our website,

Applications Close: 15 September 2025

This is permanent full-time position based in Melbourne. To be considered, all applicants must have working rights in Australia.

Agencies, please note: All Cbus vacancies are managed by our internal Talent Acquisition Team. Should external assistance be required we will reach out to our preferred agency partners, Thank you.

Seniority level

• Seniority levelMid-Senior level

Employment type

• Employment typeFull-time

Job function

• Job functionInformation Technology

Referrals increase your chances of interviewing at Cbus Super Fund by 2x

Get notified about new Application Security Manager jobs in Melbourne, Victoria, Australia.

Security Engineering Manager - Vulnerability Management, Application Security (Remote ANZ)

Melbourne, Victoria, Australia 1 week ago

Melbourne, Victoria, Australia 2 weeks ago

Senior Consultant SpiderLabs - Penetration Tester (Sydney, Melbourne, Canberra)

Melbourne, Victoria, Australia 3 months ago

Melbourne, Victoria, Australia 3 days ago

We're unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

---