Application Security Engineer

Company Description

Welcome to This Australian Life. 

From the millions of Australians we protect, to those that make it happen every day at TAL, people really are what we’re all about. We want to grow with you. Achieve with you. And support you to do your best work. That's why we're focused on developing leadership, promoting diversity, rewarding excellence and retaining great talent.

We're always looking for people who want to go further with us. People who do what’s right, aim high, and work smart.  Why not see where we can go?

Job Description

We are investing heavily in the future of our organisation, our technology and, most importantly, our teams. At TAL you will be part of the Cyber Security team, which looks after the end-to-end security.

We are seeking an experienced Application Security Engineer to enhance our security posture by integrating security practices into our software development lifecycle. The ideal candidate will collaborate closely with product development teams to identify, analyse, and mitigate security vulnerabilities in our applications and services.
As an Application Security Engineer at TAL, you will be responsible for ensuring the security of our applications by implementing and maintaining robust security measures, and ensure applications are onboarded to Application Security tools and continuous integration of Application Security plug-ins in CI/CD pipeline.

You will work closely with development teams to identify, mitigate and risk assess security vulnerabilities throughout the software development lifecycle. You will also foster security awareness and security culture, providing security training to development teams.
You will collaborate with Business, Risk and Cyber and other stakeholders to understand business requirements and translate them into technical solutions while improving application security and compliance of the products.

Key Accountabilities:

• Security Guidance: Drive Application Security strategy across Enterprise and provide timely support and education to development teams on application security best practices, including secure coding techniques and the use of security tools.
• Security Integration: Work with product development teams to design and implement secure solutions, ensuring adherence to secure coding practices throughout the software development lifecycle (SDLC), onboard applications to application security tools and integrate Application Security plug-ins with CI/CD pipeline so the security issues are
identified during the coding stage.
• Vulnerability Management: Identify, analyse, and remediate vulnerabilities identified through Application Security tools, regular security assessments, penetration testing, and code reviews.
• Threat Modelling: Lead application threat modelling sessions and application architecture reviews to proactively identify and address security threats and conduct security assessments on applications to identify and remediate vulnerabilities.
• Application Security Tools Management: Evaluate, recommend, and manage Application Security tools and technologies including related policies and procedures that enhance application security, including static and dynamic analysis tools. Execute planned and ad-hoc security scans of software applications and interpret results for development teams.
• Documentation and Reporting: Maintain comprehensive documentation of application security processes and controls, security vulnerabilities, risk assessments, and remediation plans. Prepare security metrics and reports for stakeholders.
• Collaboration: Collaborate with product development teams, Cyber and other stakeholder for incident response, threat detection, and forensics teams to address security incidents and improve overall security posture.
• Training and Awareness: Develop and deliver security training programs for developers and other stakeholders to foster a security-first culture.
• Organisation Knowledge: Ascertain a holistic understanding of TAL’s systems, products, applications, development workloads and lifecycles as well as current TAL policies, standards and processes.
• Vendor Management: Work with vendors to tailor application security tools to fit TAL workloads and improve policies and processes currently in place.
• Development: Ensure required training and development is undertaken in a timely manner and keep up to date with the latest industry trends in cyber security including what technologies and controls may be the best fit for certain solution requirements with an emphasis on security.

Qualifications

• A relevant tertiary qualification, preferably a Bachelor’s degree in Computer Science, Information Technology or equivalent.
• Minimum of 3 years in application security, software development, or a related IT role, with a strong focus on security practices including development, secure coding and vulnerability management, threat modelling and secure architecture.
• Experience in Static Application Security Testing (SAST) tools such as Checkmarx, Snyk, Synopsys, etc., Software Composition Analysis (SCA) tools such as Snyk, Blackduck, Sonatype etc, and Dynamic Application Security Testing (DAST) tools such as Checkmarks and Veracode and understanding of how to integrate them into CI/CD pipelines.
• Working knowledge in Azure Cloud and associated technologies including but not limited Azure DevOps, Microsoft Defender for Cloud, Azure Policies and Compliance frameworks, WAF, Firewalls and Entra ID.
• Hands-on development experience in programming languages such as .NET and Java.
• Experience in automation using scripting languages such as Powershell, JavaScript and Python.
• Knowledge and experience in web application security including the ability to interpret associated security risks and vulnerabilities such as OWASP Top10
• Strong understanding of application security standards (OWASP ASVS, NIST SP 800-218, etc.) and secure coding
guidelines.
• Experience with security testing methodologies, including penetration testing, vulnerability assessments and remediation.
• Experience with Agile development methodologies with working knowledge in products such as Jira.
• Fundamental knowledge of microservice architecture (Containerisation, Docker and Kubernetes)
• Experience or knowledge in writing and deploying Infrastructure as Code (IaC), preferably experience in Terraform.
• Knowledge of regulatory and industry standards and frameworks, APRA CPS234, ASD8, CIS 20, NIST CSF and MITRE
Attack.
• Relevant certifications (CEH, OSWE, OSCP, CASE, AZ-500, etc.) are preferred but not mandatory.
• Strong analytical and problem-solving skills, with the ability to communicate complex security concepts to non-technical stakeholders.
• Excellent written and verbal communication skills, interpersonal and collaborative skills.
• Ability to deal with ambiguity and work independently with limited direction in a fast-paced environment.
• Penetration testing experience preferred but not mandatory
• Passionate about security, with an intention to always excel and self-driven to develop technical and professional skills.
 

Additional Information

At TAL we value diversity in all its forms and are committed to fostering an inclusive and equitable culture for all our people. We encourage Aboriginal and Torres Strait Islander people, individuals from all backgrounds, including those with caring responsibilities, people living with disability, and individuals from the CALD and LGBTQI+ communities to apply. Even if you don’t check every box in the criteria above, we encourage you to apply today or get in touch with us here.   

To provide you with the best experience, we can accommodate you at any stage of the recruitment process. Simply inform our Recruitment team at any time.  

TAL is recognised by the Workplace Gender Equality Agency as an Employer of Choice.  We are proud to be a member of Diversity Council Australia and the Australian Network on Disability. For information on our reconciliation journey, take a look at our Innovate Reconciliation Action Plan.  

We acknowledge the Traditional Custodians of the Land in which our Head Office is based, the land of the Gadigal people of the Eora Nation, and recognise their deep connections to the land, sea, and culture.  
We extend this acknowledgment to the many Traditional Lands that we operate across and pay our respects to Elders past, present, and emerging.

Everyone at TAL has a responsibility to do the right thing and is accountable for the way they conduct themselves. Our expectations are that you follow the principles set out in our Code of Conduct when you come to work every day. Risk management is everyone’s responsibility.

If you are already a TAL employee please apply via the SmartRecruiters button in Workday and navigate to the Employee Portal. This is important to ensure that your application is recorded accurately.