Application Security

About us

Billigence Pty Ltd is a specialist in the delivery of market-leading Business Intelligence and CRM solutions. Headquartered in Sydney, Australia and with offices in Prague, London, Frankfurt and Singapore our passion is data and our focus is the delivery of end-to-end solutions via a talented team of skilled professionals. We are partners with leading edge software platforms including Snowflake, dbt, Tableau, Alteryx, Collibra, and Salesforce.

What we are looking for

We are looking for a skilled Application Security (AppSec) Engineer to embed security as a core principle across the entire engineering lifecycle. You will be responsible for fortifying code and infrastructure for traditional applications, as well as the unique and evolving security landscape of LLM and Gen AI workloads. This will be an initial 12 month contract + extensions or potentially move into a permanent position.

Hybrid model, 2 days per week in the Sydney office.

Key responsibilities

- Understand the Landscape: Acquire a complete understanding of the Technology system and application landscape and assess it from a cybersecurity perspective.
- Provide Leadership: Provide cybersecurity leadership in Agile environments across the broader Digital teams.
- Embed Best Practices: Design, create, embed, and own cybersecurity best practice processes into the SDLC of all Digital development teams.
- Architect and Design: Plan, research, and design robust security application architectures and patterns for all projects.
- Vulnerability Management: Proactively identify, prioritize, and manage security vulnerabilities across our codebases, from the front-end to the back-end infrastructure.
- Security Automation: Embed security checks and scanning tools (SAST, DAST, etc.) directly into our CI/CD pipelines to catch and mitigate security flaws early and at scale.
- Security for AI: Focus on the unique security challenges of LLMs and Gen AI, including prompt injection, model data poisoning, and the security of model serving infrastructure.
- Security Assessments: Organize ad-hoc and periodic vulnerability scans, risk analysis, and security assessments, and interpret the results for product teams.
- Research and Education: Research security standards, security systems, and authentication protocols and educate the developers around their use.
- Policy and Risk Management: Work closely with the Group Cyber Security and business teams to implement and maintain corporate security policies, standards, and procedures from an applications perspective. You will also ensure cyber risks are to be recorded to the Enterprise Cyber Security Risk register.
- Incident Response: Respond immediately to security-related incidents, manage any escalations and communications to the Senior Leadership team, and provide a thorough post-event analysis.
- Vendor Collaboration: Work with the teams to identify, select, and implement technical security controls.
- Security Awareness: Work closely with the digital teams to oversee security awareness programs and educational efforts, particularly around developer training and awareness.

Skills & experience required

- Must have a strong background in both application and cloud security.
- Proven experience in an Application Security Engineer or similar security role.
- Technical Expertise: Deep understanding of common web application and cloud vulnerabilities (e.g., OWASP Top 10) and hands-on experience with various security testing tools and methodologies.
- Cloud Security: Experience with cloud security in GCP, including Identity and Access Management (IAM), network security, and data protection.
- Problem-Solving: Strong analytical skills with a proactive approach to identifying and resolving complex security threats.
- Communication: Excellent communication and interpersonal skills, with the ability to influence and collaborate with diverse engineering teams.

If this sounds like something you are interested in, please apply with your most up-to-date CV and we will be in touch

#J-18808-Ljbffr