Application Security Engineer

Overview

Join to apply for the Application Security Engineer role at Cbus Super Fund.

Direct message the job poster from Cbus Super Fund.

About Cbus

Created by workers, for workers, Cbus Super is one of Australia's most successful Superannuation funds. For almost four decades we've proudly represented those who help shape Australia, hard-working individuals who deserve to make the most of their retirement, no matter the industry. As an award-winning fund we've been recognised for the benefits provided to our members and our innovative investment approach. All while staying committed to our member first ethos as a proud Industry Fund.

About the Role

The Application Security (AppSec) Engineer will play a key role in ensuring that security requirements are effectively embedded into Cbus' projects and transformation initiatives. This role demands strong subject matter expertise in enterprise secure development practices, along with the ability to influence and drive process improvements across the organisation. Working across multiple complex projects, the AppSec Engineer will engage with a wide range of internal and external stakeholders to ensure alignment with Cbus' security policies, standards, and control frameworks.

Key Accountabilities

• Collaborate with developers, architects, engineers, and external vendors to promote secure coding and engineering standards across all stages of development.
• Partner with security, risk, compliance, and delivery teams to identify, assess, and address cybersecurity risks, ensuring implementation of agreed controls.
• Conduct and facilitate threat modelling and application-level risk assessments and perform security evaluations on both internal and third-party applications.
• Embed secure engineering practices into CI/CD pipelines and monitor for vulnerabilities in code and dependencies.
• Elicit and translate key business requirements into actionable security requirements to ensure alignment with Cbus' security objectives.
• Define, track, and report on key security metrics to measure application security posture and communicate findings to stakeholders.
• Provide security training and mentor developers/peers, participate in code reviews, and promote a culture of security awareness.
• Contribute to secure system architecture design and define cyber and information security requirements for projects and transformation initiatives.
• Support service transition into Security Services Governance and Ops teams, assist with regulatory compliance activities, and translate technical risks into business impacts.

About You

You're a seasoned security professional with a strong foundation in software engineering and a deep understanding of application and API security across web, mobile, and cloud environments. You bring deep expertise in application security principles and best practices with ability to translate complex security concepts into clear, actionable insights for non-technical stakeholders. Whether automating security processes in CI/CD pipelines or staying ahead of emerging threats, you're passionate about building secure, scalable systems that support business goals.

Your Skills & Experience

• Tertiary qualifications in IT, Software Engineering, Cybersecurity or relevant certifications (CISSP, CCSP, GSSP, GWAPT, etc) with a strong secure coding background.
• Hands-on experience with security tools (SAST, DAST, SCA) and ability to conduct threat modelling and risk assessments is crucial for this role.
• Display strong understanding of Infrastructure as Code (Terraform, CloudFormation, Ansible) and common vulnerabilities (OWASP Top 10).
• Familiarity with CI/CD tools (Jenkins, Azure DevOps) and Agile practices and experience in automating security processes would be advantageous.
• Proficiency in Cloud platforms (AWS, Azure, GCP).
• Knowledge of regulatory requirements (e.g., CPS234, Privacy), awareness of current and emerging cybersecurity threats and ability to assess their potential impact on Cbus' major stakeholders would be beneficial.
• Strong communication skills, ability to explain security concepts and issues to business stakeholders.

Belong at Cbus

We value difference, and embrace people with diverse backgrounds, experiences, gender identities, abilities and thinking styles. We believe that, with diversity of perspectives and experiences, you get better teams and outcomes. We're looking for people of all genders, races, nationalities, orientations and of all abilities to join us.

We're keen to hear from you

If you've read through the requirements of this role and you feel like you haven't fully met the criteria, we would still encourage you to apply. If you require assistance with your application, please contact our Talent Acquisition Team via

Applications Close: 12 September 2025

This is permanent full-time position based in Melbourne. To be considered, all applicants must have working rights in Australia.

Agencies, please note: All Cbus vacancies are managed by our internal Talent Acquisition Team. Should external assistance be required we will reach out to our preferred agency partners. Thank you.

Seniority level

• Associate

Employment type

• Full-time

Job function

• Information Technology

Note: This refined description intentionally excludes referrals and other nearby job postings to maintain focus on the specific role.

#J-18808-Ljbffr

---