Application Security Specialist

At ASIC, you can be the change that ensures a fair, strong and efficient financial system for the benefit of all Australians. Contribute to delivering on ASIC's purpose, vision, and strategic priorities to help maintain the integrity of the financial system and protect consumers from harm.

ASIC's Cyber Security Group is seeking a skilled Application Security Specialist to join their Application Security Engineering team to provide ongoing application security support and guidance across the organisation.

• Sydney, Melbourne and Brisbane locations
• 24 Month Fixed Term position
• Salary from $123,444 to $144,386 (depending on experience % superannuation
• Applications will close at 11:59pm AEST, Friday 20 June 2025

The team

ASIC's Cyber Security Group delivers a broad range of services across the organisation which include security architecture and design, incident response, and cyber assurance. We leverage advanced security technologies with a growing emphasis on automation and analytics to help ASIC become a best-in-class regulator for Australia's financial markets.

The role

As an Application Security Specialist, you will help lead the product security and application security initiatives ensuring that security is integrated into every aspect of the software development lifecycle and deployment processes. As part of the role, you will also support the cyber assurance function and the delivery of the Cyber Uplift Program of works.

More specifically, you will:

• Collaborate with development teams to design secure solutions and embed security throughout the software development lifecycle (SDLC).
• Provide timely guidance on securing applications, APIs, middleware and development pipelines.
• Define and guide secure architecture practices across code repositories and project activities.
• Support Shift-Left initiatives by integrating security early in the SDLC.
• Manage and coordinate penetration testing activities.
• Conduct application security testing, including penetration testing, vulnerability scanning and assessments.
• Collaborate with engineering teams to perform secure code reviews for applications and cloud infrastructure.
• Assist IT teams in analysing and remediating vulnerabilities, design flaws, and configuration weaknesses.
• Support the Cyber Assurance team in delivering application security assurance.

About you

The ideal candidate for the Application Security Specialist role at ASIC is a technically skilled and security-focused professional with a strong background in application and product security. They will be adept at embedding security throughout the software development lifecycle and supporting broader cyber assurance initiatives.

In addition, you will have:

• Bachelor's degree in Computer Science or a related field, and/or 5+ years of software development experience with demonstrated expertise in application security.
• Proven experience securing applications built on modern architectures such as microservices, single-page applications and serverless environments.
• Strong knowledge of secure coding practices and mitigation of common vulnerabilities (e.g. OWASP Top Ten: SQLi, XSS, CSRF).
• Familiarity with security testing frameworks and tools such as OWASP ASVS and Snyk.
• Experience securing cloud-based and containerised applications, CI/CD pipelines and APIs.
• Skilled in developing threat models and facilitating threat modelling workshops with developers and architects.
• Proficient in conducting penetration testing, vulnerability scanning, and using tools such as SAST, SCA, DAST and IAST.
• Hands-on experience with at least one programming or scripting language (e.g. Java, .NET, Python, JavaScript).
• Experience with web technologies such as , ReactJS, AngularJS and JSON.
• Hands-on experience conducting penetration testing of web applications to identify security weaknesses is desirable but not essential.

Click `apply' to start your application.

Applications will close at 11:59pm AEST, Friday 20 June 2025.

About ASIC

ASIC's remit is one of the broadest of regulators across the world. ASIC regulates corporations, markets, financial services and consumer credit and monitors and promotes market integrity and consumer protection in the Australian financial system. Through our enforcement work, we hold to account those who contravene the law, working to achieve strong outcomes that address the greatest consumer and investor harms.

ASIC is committed to a providing a diverse and inclusive workplace where the very best talent in Australia chooses to work. Indigenous Australians are encouraged to apply as well as applicants from all backgrounds and with different abilities.

We offer a range of employee benefits including:

• Attractive superannuation
• Additional leave entitlements
• 50/50 hybrid work-from home model
• Flexible work arrangements
• Assistance for study and professional development

Click here to view ASIC's salary and benefits guide.

To read more about ASIC, you can visit our website or review our Corporate Plan.

To work with us, you need to be an Australian citizen and be prepared to complete an ASIC Suitability and Baseline Assessment.