Principal Application Security Engineer

Airlock Digital is a global leader in application control and allowlisting. We seek to empower every organization to run only what they trust and operate free from malware and ransomware.

Location: Australia
Remote

What We Are Looking For

As the Principal Application Security Engineer, you will play a foundational role in building and leading Airlock Digitals application security capability. You will establish application security best practices and work closely with our engineers and developers in our Product and Technology teams. This is a hands-on technical leadership role that requires expertise in secure software development, security architecture, and security testing. This is a new capability at Airlock Digital, and you will have the unique opportunity to build and shape a new application security function from the ground up.

Key Responsibilities

• Establish and drive Airlock Digitals application security program, aligning with industry best practices, our Technology and Security strategy, and our companys values and goals.
  
• Work closely with Product teams to define and implement security processes into our Software Development Life Cycle. You will act as a partner with Product, Technology and Security teams to embed security into development processes.
  
• Provide leadership on security architecture, threat modelling exercises, and modern application security approaches in collaboration with Product and Technology teams.
  
• Perform manual and automated security assessments, including code reviews, SAST/DAST tooling, and other application security testing techniques.
  
• Advocate for "security by design" and "security in operation" principles across our Product and Technology teams.
  

Required Skills & Qualifications

• 8+ years of cybersecurity experience, with specific focus on application security
  
• Strong background in secure software development, and building security into existing SDLC processes
  
• Deep knowledge of secure coding practices and modern attack techniques
  
• Demonstrated experience establishing new application security programs inside technology companies
  
• Knowledge of programming languages: Go, Ruby, C/C++
  
• Proficient in the use of SAST, DAST tooling and other application security testing tools
  
• Strong understanding of authentication, authorization, encryption, and API security
  
• Experience with cloud security and container security technologies
  
• Strong writing and communication skills, including ability to present security issues to technical and non-technical audiences
  
• Ability to influence and educate development and technology teams on secure coding practices
  
• Collaborative approach and ability to work well with teams across multiple areas of our business
  

What We Offer

We don't think money is everything, but we know it is an important part of your decision to apply for a role. Additional factors considered in extending an offer include responsibilities of the job, education, location, experience, knowledge, skills, abilities, and internal equity, alignment with market data, or applicable laws.

Flexible Work Environment, Hybrid or Remote – Time Off - Paid Volunteering Time - Birthday Leave - Paid parental Leaves - Home Office Allowance

Our Commitment

We believe in supporting our team members both personally and professionally. Named one of the USA's Greatest Places to Work in 2024 and 2025, we value flexibility, trust, and a work environment that empowers our team to do their best work.

No contact from recruitment agencies, thank you. Your security is important to us, and we are committed to a safe and transparent hiring experience. We will be assessing applications as they come in, so we encourage you to send your resume through to us as soon as possible. All official job offers from our company are extended directly by our recruitment team and will be sent through an official BambooHR document for your review and signature. Upon acceptance of any offer, we will request personal information as part of the onboarding process and only after completing a background check through an authorized third-party vendor.

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology

Industries

• Computer and Network Security

#J-18808-Ljbffr

---