Application Security Engineer

• ASIC is seeking a full time Application Security Engineer to join their Cyber function in Transformation Office Digital, Data and Technology Team
• Permanent position based in Sydney or Melbourne

A future with ASIC means that your work will contribute to ASIC's vision for a fair, strong and efficient financial system for all Australians. We value what you will bring. We value those with sharp, analytical minds and are open to challenging the way things are done. 

The team 

Cyber Security provides a wide range of services including security architecture & design, incident response and cyber assurance for ASIC.  We make use of the latest security technology with an increasing focus on automation and analytics to secure and support ASIC on its journey to be a 'best in class regulator supporting the Australian financial markets.

The role 

As an Application Security Engineer, you will help lead the product security and Application Security initiatives ensuring that security is integrated into every aspect of the software development lifecycle and deployment processes. As part of the role, you will also support the cyber assurance function and the delivery of the Cyber Uplift Program of works

About you

We are looking for someone with a bachelor's degree in computer science or related field and/ or 5+ years of Software Development experience together with demonstrated experience as an Application Security Engineer or equivalent

You will need demonstrated knowledge & experience in: 

• securing applications based on modern software architecture patterns such as Microservices, Single-Page Application, and Serverless
• secure coding practices to avoid common security vulnerabilities such as those in the OWASP Top Ten: SQLi, XSS, and CSRF
• security testing frameworks and platforms such as OWASP ASVS and Snyk
• securing applications in cloud and containerised environments
• securing CI/CD automation pipelines
• securing APIs
• developing threat models and facilitating threat modelling workshops with developers and solution architects
• performing penetration testing and application vulnerability scanning
• using SAST, SCA, DAST and IAST Application Security testing tools
• at least one of the following programming and scripting languages - Java, .Net, Python, and JavaScript
• one or more of the following web technologies – Node.js, ReactJS, AngularJS, JSON

Your  skills in assessing, analysing, and resolving complex client and stakeholder related queries, along with your excellent communication and stakeholder engagement skills will be essential to success in this role.

About ASIC 

ASIC's remit is one of the broadest of regulators across the world.

ASIC regulates corporations, markets, financial services and consumer credit and monitors and promotes market integrity and consumer protection in the Australian financial system.

Through our enforcement work, we hold to account those who contravene the law, working to achieve strong outcomes that address the greatest consumer and investor harms.

Through Moneysmart, we aim to improve the skills and knowledge of Australians and provide information and tools to help them in their decision making.

A future with ASIC means that your work will contribute to achieving ASIC's vision for a fair, strong, and efficient financial system for all Australians.

ASIC is committed to a providing a diverse and inclusive workplace where the very best talent in Australia chooses to work. Indigenous Australians are encouraged to apply as well as applicants from all backgrounds and with different abilities

To work with us, you need to be an Australian citizen, and be prepared to complete an ASIC Suitability and Baseline Assessment which is issued ASIC's Security team.  

View the position description for more information or click ‘apply' to start your application.

Applications for this role will close at 11:59pm on Sunday 14 April 2024