Senior Application Security Engineer

About Us

Let's create a more sociable future together

At Endeavour, we're totally into what we do. With a portfolio that includes Dan Murphy's, BWS, ALH Hotels, Pinnacle Drinks and more, we love to bring people together. Together we share our passion for our products and industry; it's what inspires us to dream big, and continue to create new experiences for our customers and teams across Australia. If you thrive on positive energy, we want to meet you

About the Role

• This is just the start, so dream big
• Hybrid ways of working
• Location - Sydney or Melbourne

The Senior Application Security Engineer will be a critical driver in uplifting our application security posture and strategy, engaging with diverse development teams and product managers across Endeavour Group.

We encourage applications from individuals of all backgrounds who are passionate about contributing to a secure and innovative environment.

Sound good? Read on.

Here is a taster of what you can expect in this role:

• Champion a security-first culture across the organisation, promoting an environment where all voices are heard and valued in security discussions.
• Lead the improvement of EDG's Software Development Lifecycle (SDLC) by providing in-depth consultations, conducting high-level security assessments, and offering strategic advice to remediate vulnerabilities. Educate and empower diverse teams on secure coding practices and risk management through the SDLC.
• Build new and improve existing automation that scales and grows with EGL's evolving needs to identify and resolve security issues throughout the SDLC, ensuring our tools are accessible and effective for all developers.
• Drive remediation of identified vulnerabilities, proactively building patterns or tools to prevent them from occurring in future development, fostering a collaborative approach to problem-solving.
• Develop and maintain an inclusive application security reporting strategy, implementing and automating a comprehensive approach aligning with business goals and industry best practices.
• Collaborate closely with security architecture, cyber risk, and assurance, contributing to an overall security strategy and culture that embraces diverse perspectives.
• Consult and mentor development teams on application security and risks with real-world scenarios, adapting communication styles to effectively reach all team members.
• Design and deliver application security awareness and training that caters to the diverse needs of EGL developers, ensuring equitable access to knowledge and skill development.
• Ownership of various ways of working with key stakeholders, including security, technology, developers, product managers, and various squads and chapters. Act as a pivotal bridge between the security team and other departments, translating complex security concepts into clear, actionable insights for all, promoting understanding and collaboration across diverse groups.
• Engage and influence various levels of the organisation, including technical and management teams, to articulate technical security findings and recommendations for solutions and remediation strategies, valuing diverse input in decision-making.

What do we need from you

Now let's talk about you:

• Strong understanding of Application Security and agile development environments

• Knowledge of:

• DevSecOps and Azure infrastructure

• Web and Mobile application security
• OWASP, Container Security, Kubernetes and security tools (SCA, DAST, SAST, etc.)
• Threat Modelling and Security Architecture
• In-depth Experience with .NET (C#), JavaScript, Python or another scripting language
• Excellent communication skills and ability to clearly and effectively collaborate with technical and non-technical stakeholders
• Experience with contributing to the strategic direction of security practices within an organisation to adapt to and anticipate the evolving landscape of cybersecurity threats and technologies.
• Self-motivated and able to manage multiple priorities and tasks concurrently.
• Key Business Partners (Internal and External)

Desirable

• Prior experience in managing Email Security platforms such as Cloudflare Area1 or Defender for Office 365 will be highly regarded.
• Certifications such as Azure or equivalent are valued, but we also recognize practical experience and a strong aptitude for learning.

The benefits are good too

• We offer flexible working in every sense
• An exclusive discount card for BWS, Dan Murphy's, Woolworths, BIG W and other Endeavour Group brands, including our ALH pubs
• Monthly meeting-free days
• Your health and wellbeing is your most important asset, and as one of our valued team members, it's our first priority. You will have a range of free services to help you live well and support your physical, mental and financial wellbeing
• Endeavour Group is full of opportunities - use our dedicated learning and development options to grow an idea, yourself, and your career. This is just the start, so dream big.

At Endeavour, we value being a workplace where everyone's welcome - if you meet a number of the requirements (and not all), we encourage you to apply.

What's in it for you?

We are together creators

With a portfolio that includes Dan Murphy's, BWS, ALH Hotels, Pinnacle Drinks and more, Endeavour Group is big on sociability. Together we create the moments that bring millions of people together. And together we have more fun, create more opportunities, and score a lot more goals. We're serious about creating a safe, inclusive and fun place to rock up to where equal opportunity is key, and flexibility is part of how we roll.

We're all about creating a more sociable future - for our customers and each other. If this job excites you - and you're close-enough on the requirements, reach out, we'd love to hear from you.

You can learn more about working with us on LinkedIn or at 

Our Talent Team and Hiring Leaders kindly request no unsolicited resumes or approaches from Recruitment Agencies. Endeavour Group is not responsible for any fees related to unsolicited resumes.