Senior Application Security Engineer

About Us
Let's create a more sociable future together
At Endeavour, we're totally into what we do. With a portfolio that includes Dan Murphy's, BWS, ALH Hotels, Pinnacle Drinks and more, we love to bring people together. Together we share our passion for our products and industry; it's what inspires us to dream big, and continue to create new experiences for our customers and teams across Australia. If you thrive on positive energy, we want to meet you

About The Role

• This is just the start, so dream big
• Hybrid ways of working
• Location - Sydney or Melbourne
• Please note - Our office will be closed from 25th Dec 2025 to 11th Jan 2026, returning on 12th Jan . There may be a slight delay in our response during this period; thank you for your patience.

The
Senior Application Security Engineer
will be a critical driver in uplifting our application security posture and strategy, engaging with diverse development teams and product managers across Endeavour Group.

We encourage applications from individuals of all backgrounds who are passionate about contributing to a secure and innovative environment.

Sound good? Read on.

Here is a taster of what you can expect in this role:

• Champion a security-first culture across the organisation, promoting an environment where all voices are heard and valued in security discussions.
• Lead the improvement of EDG's Software Development Lifecycle (SDLC) by providing in-depth consultations, conducting high-level security assessments, and offering strategic advice to remediate vulnerabilities. Educate and empower diverse teams on secure coding practices and risk management through the SDLC.
• Build new and improve existing automation that scales and grows with EGL's evolving needs to identify and resolve security issues throughout the SDLC, ensuring our tools are accessible and effective for all developers.
• Drive remediation of identified vulnerabilities, proactively building patterns or tools to prevent them from occurring in future development, fostering a collaborative approach to problem-solving.
• Develop and maintain an inclusive application security reporting strategy, implementing and automating a comprehensive approach aligning with business goals and industry best practices.
• Collaborate closely with security architecture, cyber risk, and assurance, contributing to an overall security strategy and culture that embraces diverse perspectives.
• Consult and mentor development teams on application security and risks with real-world scenarios, adapting communication styles to effectively reach all team members.
• Design and deliver application security awareness and training that caters to the diverse needs of EGL developers, ensuring equitable access to knowledge and skill development.
• Ownership of various ways of working with key stakeholders, including security, technology, developers, product managers, and various squads and chapters. Act as a pivotal bridge between the security team and other departments, translating complex security concepts into clear, actionable insights for all, promoting understanding and collaboration across diverse groups.
• Engage and influence various levels of the organisation, including technical and management teams, to articulate technical security findings and recommendations for solutions and remediation strategies, valuing diverse input in decision-making.

What do we need from you

Now Let's Talk About You

• Strong understanding of Application Security and agile development environments

• Knowledge of:

• DevSecOps and Azure infrastructure

• Web and Mobile application security

• OWASP, Container Security, Kubernetes and security tools (SCA, DAST, SAST, etc.)

• Threat Modelling and Security Architecture

• In-depth Experience with .NET (C#), JavaScript, Python or another scripting language
• Excellent communication skills and ability to clearly and effectively collaborate with technical and non-technical stakeholders
• Experience with contributing to the strategic direction of security practices within an organisation to adapt to and anticipate the evolving landscape of cybersecurity threats and technologies.
• Self-motivated and able to manage multiple priorities and tasks concurrently.
• Key Business Partners (Internal and External)

Desirable

• Professional ICT certifications such as SANS SANS GWAPT, SANS GPEN, Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE) or Certified Information Systems Security Professional (CISSP) are highly regarded.

The benefits are good too

• We offer flexible working in every sense
• An exclusive discount card for BWS, Dan Murphy's, Woolworths, BIG W and other Endeavour Group brands, including our ALH pubs
• Monthly meeting-free days
• Your health and wellbeing is your most important asset, and as one of our valued team members, it's our first priority. You will have a range of free services to help you live well and support your physical, mental and financial wellbeing
• Endeavour Group is full of opportunities - use our dedicated learning and development options to grow an idea, yourself, and your career. This is just the start, so dream big.

At Endeavour, we value being a workplace where everyone's welcome - if you meet a number of the requirements (and not all), we encourage you to apply.
What's in it for you?

We are together creators
With a portfolio that includes Dan Murphy's, BWS, ALH Hotels, Pinnacle Drinks and more, Endeavour Group is big on sociability. Together we create the moments that bring millions of people together. And together we have more fun, create more opportunities, and score a lot more goals. We're serious about creating a safe, inclusive and fun place to rock up to where equal opportunity is key, and flexibility is part of how we roll.

We're all about creating a more sociable future - for our customers and each other. If this job excites you - and you're close-enough on the requirements, reach out, we'd love to hear from you.

You can learn more about working with us on LinkedIn or at

Our Talent Team and Hiring Leaders kindly request no unsolicited resumes or approaches from Recruitment Agencies. Endeavour Group is not responsible for any fees related to unsolicited resumes.

#WeAreTogetherCreators #ComeAsYouAre #DreamBig #FeelTheEnergy #LeaveYourMark #EndeavourGroup