Principal Application Security Engineer

Location: Australia - Remote

Who Are We?

About Airlock Digital
Airlock Digital is a global leader in application control and allowlisting. We seek to empower every organization to run only what they trust and operate free from malware and ransomware.

With rapid growth across Australia, North America, and EMEA. We are committed to our core values, respect, determination, and integrity. We support a diverse and expanding global customer base. At Airlock, we pride ourselves on being a team of humble, collaborative, and driven professionals who support one another and share a passion for cybersecurity.

What We Are Looking For
As the Principal Application Security Engineer, you will play a foundational role in building and leading Airlock Digital's application security capability. You will establish application security best practices and work closely with our engineers and developers in our Product and Technology teams. This is a hands-on technical leadership role that requires expertise in secure software development, security architecture, and security testing. This is a new capability at Airlock Digital, and you will have the unique opportunity to build and shape a new application security function from the ground up.

Key Responsibilities

• Establish and drive Airlock Digital's application security program, aligning with industry best practices, our Technology and Security strategy, and our company's values and goals.
• Work closely with Product teams to define and implement security processes into our Software Development Life Cycle. You will act as a partner with Product, Technology and Security teams to embed security into development processes.
• Work closely with Product and Technology teams to provide leadership on security architecture, threat modelling exercises, and modern application security approaches.
• Perform manual and automated security assessments. This may include code reviews and leveraging SAST/DAST tools and application security testing techniques.
• Advocate for "security by design" and "security in operation" principles across our Product and Technology teams.

Required Skills & Qualifications

• 8+ years of cybersecurity experience, with specific focus on application security
• Strong background in secure software development, and building security into existing SDLC processes
• Deep knowledge of secure coding practices and modern attack techniques
• Demonstrated experience establishing new application security programs inside technology companies
• Knowledge of programming languages: Go, Ruby, C/C++
• Proficient in the use of SAST, DAST tooling and other application security testing tools
• Strong understanding of authentication, authorization, encryption, and API security
• Experience with cloud security and container security technologies
• Strong writing and communication skills, including ability to present security issues to technical and non-technical audiences
• Ability to influence and educate development and technology teams on secure coding practices
• Collaborative approach and ability to work well with teams across multiple areas of our business

What We Offer
We don't think money is everything, but we know it is an important part of your decision to apply for a role. Additional factors considered in extending an offer include responsibilities of the job, education, location, experience, knowledge, skills, abilities, and internal equity, alignment with market data, or applicable laws.

Flexible Work Environment, Hybrid or Remote – Time Off - Paid Volunteering Time - Birthday Leave - Paid parental Leaves - Home Office Allowance

Our Commitment
We believe in supporting our team members both personally and professionally. Named one of the USA's Greatest Places to Work in 2024 and 2025, we value flexibility, trust, and a work environment that empowers our team to do their best work.

We will be assessing applications as they come in, so we encourage you to send your resume through to us as soon as possible. All official job offers from our company are extended directly by our recruitment team and will be sent through an official BambooHR document for your review and signature. Please be aware that we do not ask for any personal information in the process of extending offers of employment, such as financial details or social security numbers. Upon acceptance of any offer, we will request such information as part of the onboarding process prior to or on your first day of employment, and only after completing a background check through an authorized third-party vendor. If you receive any communication asking for personal details outside of these processes, please contact us immediately to verify the authenticity of the request. Your security is important to us, and we are committed to a safe and transparent hiring experience. No contact from recruitment agencies, thank you.