Application Security Engineer Team Lead
at ASIC
Australia, , Australia -
| Start Date | Expiry Date | Salary | Posted On | Experience | Skills | Telecommute | Sponsor Visa |
|---|---|---|---|---|---|---|---|
| Immediate | 04 Jul, 2024 | Not Specified | 05 Apr, 2024 | N/A | Penetration Testing,Owasp,Testing Practices,Workshops,Cloud,Sca,Osstmm,Red Teaming | No | No |
Required Visa Status:
| Citizen | GC |
| US Citizen | Student Visa |
| H1B | CPT |
| OPT | H4 Spouse of H1B |
| GC Green Card |
Employment Type:
| Full Time | Part Time |
| Permanent | Independent - 1099 |
| Contract – W2 | C2H Independent |
| C2H W2 | Contract – Corp 2 Corp |
| Contract to Hire – Corp 2 Corp |
Description:
- Great opportunity for a full time Application Security Team Lead to join ASIC’s Cyber Security Team
- Permanent position based in Sydney or Melbourne
A future with ASIC means that your work will contribute to ASIC’s vision for a fair, strong and efficient financial system for all Australians. We value what you will bring. We value those with sharp, analytical minds and are open to challenging the way things are done.
The team
Cyber Security provides a wide range of services including security architecture & design, incident response and cyber assurance for ASIC. We make use of the latest security technology with an increasing focus on automation and analytics to secure and support ASIC on its journey to be a ‘best in class’ regulator supporting the Australian financial markets.
The role
As the senior specialist and lead for the Application Security function, you will set the application security strategy within ASIC and drive the product security and application security initiatives to integrate security deeply into every aspect of the software development lifecycle and deployment processes. As part of the role, you will also oversee the AppSec testing tools strategy and support the delivery of the ongoing Cyber Uplift Program of works.
You will be accountable for leading the Application Security function responsible for:
- driving quantifiable security improvements into our software engineering practices
- championing the DevSecOps and secure SDLC practices across the development, support, and engineering teams
- providing specialist application security guidance & direction to internal stakeholders
About you
We are looking for someone with a tertiary qualification and/ or equivalent experience in a senior application security or software development role with demonstrated experience leading an application security, offensive security, or equivalent function.
You’ll need knowledge of most of the following & direct experience in at least four of the following areas:
- leading teams responsible for guiding and driving improvements in secure software development practices and tooling use in complex multi-platform IT environments
- leading the use of, and using offensive security testing practices such as penetration testing, red teaming, and application vulnerability assessments
- leading the use of, and using standardised pentest frameworks and methodologies such as OSSTMM or OWASP
- developing threat models and running threat modelling workshops
- securing / exploiting applications based on modern software architecture patterns; applications in cloud and containerised environments; APIs; CI/CD automation pipelines.
- using SAST, SCA, DAST, IAST, ASOC/ASPM application security software tools as part of an integrated security testing program
- reporting complex application security risk assessment outcomes and security testing program activities
You’ll have the aptitude, experience, and attitude to learn new security practices, frameworks, and technologies, and track relevant security market trends to drive continual improvements.
Your skills in assessing, analysing, and resolving complex client and stakeholder related queries, collaborative working style and excellent comunication skills will be essential to your success in this role.
About ASIC
ASIC’s remit is one of the broadest of regulators across the world.
ASIC regulates corporations, markets, financial services and consumer credit and monitors and promotes market integrity and consumer protection in the Australian financial system.
Through our enforcement work, we hold to account those who contravene the law, working to achieve strong outcomes that address the greatest consumer and investor harms.
Through Moneysmart, we aim to improve the skills and knowledge of Australians and provide information and tools to help them in their decision making.
A future with ASIC means that your work will contribute to achieving ASIC’s vision for a fair, strong, and efficient financial system for all Australians.
ASIC is committed to a providing a diverse and inclusive workplace where the very best talent in Australia chooses to work. Indigenous Australians are encouraged to apply as well as applicants from all backgrounds and with different abilities
To work with us, you need to be an Australian citizen, and be prepared to complete an ASIC Suitability and Baseline Assessment which is issued ASIC’s Security team.
View the position description for more information or click ‘apply’ to start your application.
Applications for this role will close at 11:59pm on Sunday 14 April 202
Responsibilities:
- driving quantifiable security improvements into our software engineering practices
- championing the DevSecOps and secure SDLC practices across the development, support, and engineering teams
- providing specialist application security guidance & direction to internal stakeholder
REQUIREMENT SUMMARY
Min:N/AMax:5.0 year(s)
Information Technology/IT
IT Software - Network Administration / Security
Software Engineering
Graduate
Proficient
1
Australia, Australia
