Application Security Engineer

Launching in Australia in 2017, PointsBet are dedicated to providing our customers with the ultimate betting experience. We're on a mission to make racing and sports betting easier to understand, fun to use and faster. After some recent business changes, PointsBet Australia is about to head into a exciting stage of it's journey and as we continue to grow, we're looking for a Senior Application Security Engineer.
The Sr. Application Security Engineer will be responsible for driving cultural security change across development and fostering collaboration across teams. You will establish development security operations (DevSecOps) good practices, to enable a secure and efficient development process. Additionally, you will implement processes to capture lessons learnt, enhance security controls and enhance training.
The Sr. Application Security Engineer role will report to the Information Security Manager. The role will engage with stakeholders both locally and globally.
What you'll own:
Key Accountabilities:

• Define and enable governance for IT&IS and Engineering, leveraging DevSecOps good practice (including., quality, performance, and security).
• Drive adoption of PointsBet processes and toolsets through training, targeted communication and change management practices to support adoption.
• Act as the point of contact for new project / initiative requirements, or technical issues.
• Contribute good practice security recommendations, to shape Product's roadmap.
• Research, develop, and implement new security solutions for the SDLC working along with Principal Engineers in the Development teams.
• Liaise with the Enterprise Architect on security landscape/architecture.
• Ability to communicate technical issues to non-technical stakeholders, and manage internal / external stakeholder expectations to an agreed criteria (including., influence, negotiate, and provide advice).

Skills & Core Competencies:

• Develop relationships and demonstrate a proficiency, with problem solving across both process and technology.
• Exhibit good written and verbal communication skills with PointsBet peers and management.
• Identify control gaps and recommend modifications / remediations, to address areas that affect PointsBet (including., legal, and compliance / regulatory).
• Experience in working on cloud platforms, with a strong preference for the Microsoft Azure platform.
• Proven track record and working knowledge of the following: continuous integration and continuous delivery / deployments (CI / CD) pipelines, secure infrastructure as code, cloud governance (e.g., IaaS, PaaS, SaaS), cloud monitoring, cloud native, and security testing (e.g., SAST, DAST, IAST).

The skills we seek:

• 7+ years' experience working in the development and security domain.
• Demonstrate an ability for complex problem solving and negotiate product and technical challenges.
• Sound understanding of security processes (e.g., access management, vulnerability / patch management).
• Experience with Application Security and scripting / programming languages.
• Experience using Microsoft Azure foundational services, cloud native tools (e.g., Azure - AppInsights) and cloud-related automation concepts / toolsets (e.g., Azure - DevOps, Kubernetes, Docker).
• Proficient with recommending and reviewing controls, which are commensurate with the risk profile of a gap.
• Strong communication skills, to explain technical issues to non-technical stakeholders, and manage stakeholder expectations (including., influence, negotiate, and provide advice on good practice).
• Proficiency with Software Composition Analysis (SCA), and / or Application Security tools such as Mend (previously., WhiteSource), Black Duck, or Coverity.
• Knowledge of Identity management and identity federation (e.g., SAML, OAuth, SCIM).
• Solid working knowledge of OWASP, and ability to evangelise OWASP Top ten effectively with the development teams.
• Basic working knowledge of a standard (i.e.,ISO27001, NIST- CSF, NIST 800-53).

The PB Perks!

• PointsBet Flex Program - Filled with Hybrid Working, Work from Anywhere weeks, Sabbatical Leave to name a few.
• PointsBet Day - Get your PointsBet anniversary off.
• Annual Bonus Scheme - We reward great work, earn even more on top of our competitive salary packages.
• Parental Leave - 18 weeks for Primary Carers and 4 weeks for Secondary Carers.
• Daily breakfasts, sporting event tickets, a range of wellness programs.

So you don't tick every requirement on the job description but are still interested? Please apply anyway! We are built different at PointsBet, because we think different. We promote diversity of thought and would love to hear from a wide range of applicants as we believe that any unique skillset adds value to the team.