The Information Technology (IT) team plays a key role in providing business enablement throughout ResMed. We are focused on application, infrastructure, and user productivity solutions, with innovation, efficiency and security. Our goal is providing customer oriented agile delivery, effective business partnership and state-of-the-art technology solutions.
In your role as an Application Security Engineer, you are responsible to enable developers to build secure applications. Under limited direction of your management, you will operate with an agile mentality – delivering solutions quickly and improving upon design and implementation of existing solutions. You will collaborate with cloud security, security operations and other teams to ensure secure application development across the enterprise.
This role will be a global role and is part of the Enterprise Security group, which is globally deployed.

A key role of the Application Security Engineer is to enable development teams to develop secure applications.

Specific tasks include (but are not limited to):

• Operation and support of code scanning tools, e.g., CheckMarx, Invicti, and Wiz.
• Supporting development teams to triage findings and enable self service.
• Ensuring code scanning tools integrate seamlessly into the current software development lifecycle with minimal friction e.g. Gitbhub actions as a part of existing shared CICD workflows.
• Oversee the design, implementation, and management of the infrastructure and tooling necessary to support all security aspects of continuous integration, continuous delivery, and continuous deployment (CI/CD) pipelines.
• Collaborate with key stakeholders to identify opportunities for automation, process improvement, and tool optimization.
• Research and implement new technologies to improve and grow secure development (e.g. applications, systems, outsources services).

• Maintain operational guidelines, diagrams, and documentation for secure development.Work closely with the developer experience team to integrate security automation into the development process.