Senior Product Security Engineer

About CoStar Group

CoStar Group (NASDAQ: CSGP) is a leading global provider of commercial and residential real estate information, analytics, and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100, CoStar Group is on a mission to digitize the world’s real estate, empowering all people to discover properties, insights and connections that improve their businesses and lives.

We have been living and breathing the world of real estate information and online marketplaces for over 35 years, giving us the perspective to create truly unique and valuable offerings to our customers. We’ve continually refined, transformed, and perfected our approach to our business, creating a language that has become standard in our industry, for our customers, and even our competitors. We continue that effort today and are always working to improve and drive innovation. This is how we deliver for our customers, our employees, and investors. By equipping the brightest minds with the best resources available, we provide an invaluable edge in real estate.

About Domain

Domain is a leading property technology and services marketplace that is home to one of the largest portfolios of property brands in Australia, including the Domain, Allhomes and Commercial Real Estate (CRE) platforms. In 2025, Domain became part of CoStar Group (NASDAQ: CSGP), a global leader in commercial real estate information, analytics, online marketplaces and 3D digital twin technology. Together, Domain and CoStar Group is dedicated to digitising the world’s real estate, empowering all people to discover properties, insights, and connections that improve their businesses and lives.

We/'re looking for a highly collaborative and deeply technical Senior Product Security Engineer to be a pivotal force in shaping our Application Security (AppSec) future. This is your chance to drive our strategic vision by making security an intrinsic, seamless part of our software development lifecycle.

Reporting to the Group Engineering Manager - Product Security, you will be the crucial link, the advisor, and the implementer working directly with our development teams. You will be instrumental in deploying initiatives from our cutting-edge Application Security Framework and fostering a culture where security is everyone/'s responsibility.

This position will collaborate with software development teams, DevOps and security to drive and shape the way our employees and engineers build, deploy and operate applications.

This position is located in either Sydney or Melbourne and is in office Tuesday through Thursday with work from home on Monday and Friday.

Responsibilities

Success here is measured by your ability to proactively embed security and drive tangible change. You will achieve this by:

- Leading Security Integration: Champion efforts to fully integrate security into our DevOps processes, promoting a culture of security ownership and awareness across the organization. Work with the software and product teams to help ensure applications are designed and implemented securely during the SDLC.
- Hands-On Security Mastery: Acting as the primary security advisor, you/'ll conduct implementation reviews of solution designs, lead crucial threat modeling sessions, and perform hands-on security code reviews.
- Tooling & Automation: Automate security testing at various stages within the CI/CD pipelines. Consume a variety of application security tools (DAST, SAST, SCA, Credential Scanning, IAC scanning) to secure web applications during development and production run-time. Manage and operate our critical security tools, ensuring maximum efficiency and coverage.
- Resilience & Compliance: Partnering with GRC to ensure adherence to industry standards and collaborating with Security Operations to provide crucial support during the investigation and response to security incidents.

Basic Qualifications

- Bachelor’s degree required from an accredited, not for profit university or college (preferably in Computer Science/Cybersecurity or related field).
- 5+ years experience in a Product/Application Security or DevSecOps role.
- A track record of commitment to prior employers or a track record of delivering long-term impact to prior employers.
- Strong knowledge of DevOps principles and practices, as well as security best practices.
- Ability to communicate effectively with both cybersecurity and engineering teams.
- Ability to collaborate across Product, Security, DevOps, Product, and development teams.
- Proficiency in scripting and automation (e.g., Java, C/C++, C#, Python, JavaScript, PowerShell)
- Experience with container security (Docker, ECS, Kubernetes) and cloud security (AWS, Azure, or GCP).

Preferred Qualifications and Skills

- Hands-on experience implementing security tools into CI/CD pipelines and IDE interfaces including Static Application Security Testing (SAST) and Static Application Analysis (SCA) solutions.
- Experience with web application penetration testing and identifying attack chains to evaluate the severity of vulnerabilities.
- Strong communication skills with both software development and software leadership audiences, including the ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation.
- A self-starter who can advance the application security program and follow-through ideas to completion.
- Experience coordinating with application teams to drive security by design principles.
- Knowledge of infrastructure operations across databases, network, and system administration.
- Experience testing modern applications in cloud-native tech stacks.

Why join us?

We’re the kind of place you can make a real impact, with a workplace culture where you can be you. It’s a fun, safe space where you’ll always feel you belong. Perks of the role include:

- Hybrid working;
- First-rate parental leave;
- Continuous opportunities to leap, learn and grow in a team that values creativity and innovation;

We don/'t just talk, we do. Every day we solve property problems for Australians and beyond. We encourage our people to see the possibilities, and turn them into realities.

What’s next?

We/'ll give your application the thoughtful attention it deserves and get back to you as soon as possible. If there/'s a match, one of our recruitment consultants will reach out so keep your phone handy We/'re genuinely excited about the chance to work together and make a meaningful impact.

Equity, Diversity and Inclusion at Domain

Domain is enthusiastically and unapologetically committed to fostering an equitable, inclusive work culture which reflects our customers and communities. We are proactively looking for candidates from all lived experiences, including people with disability, and people of all ages, ethnicities, cultures (including Aboriginal and Torres Strait Islander Peoples), faiths, sexual orientations, and gender identities (including trans and non-binary people).

We are committed to providing an equitable recruitment process for people with disability. If you require adjustments during the process we/'re here to support. If you wish to receive this job advertisement in an accessible format, or have a confidential chat about workplace adjustments, please contact our Equity, Diversity and Inclusion team at edi@domain.com.au or leave a message on 1300 858 356 and we will get back to you.

CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing

#J-18808-Ljbffr