THE TEAM

ASIC’s Cyber Security Group delivers a broad range of services across the organisation which include security architecture and design, incident response, and cyber assurance. We leverage advanced security technologies with a growing emphasis on automation and analytics to help ASIC become a best-in-class regulator for Australia’s financial markets.

ASIC’s Cyber Security Group is seeking an experienced Senior Application Security Engineer to join their Application Security Engineering team to provide ongoing application security support and guidance across the organisation.

• Sydney and Melbourne locations
• Permanent Full-Time position
• Salary from $147,074 to $175,323 (depending on experience) + 15.4 % superannuation
• Applications will close at 11:59pm AEST, Tuesday 24 June 2025

AT ASIC, YOU CAN BE THE CHANGE THAT ENSURES A FAIR, STRONG AND EFFICIENT FINANCIAL SYSTEM FOR THE BENEFIT OF ALL AUSTRALIANS. CONTRIBUTE TO DELIVERING ON ASIC’S PURPOSE, VISION, AND STRATEGIC PRIORITIES TO HELP MAINTAIN THE INTEGRITY OF THE FINANCIAL SYSTEM AND PROTECT CONSUMERS FROM HARM.

ASIC’s Cyber Security Group is seeking an experienced Senior Application Security Engineer to join their Application Security Engineering team to provide ongoing application security support and guidance across the organisation.

• Sydney and Melbourne locations
• Permanent Full-Time position
• Salary from $147,074 to $175,323 (depending on experience) + 15.4 % superannuation
• Applications will close at 11:59pm AEST, Tuesday 24 June 2025.

THE ROLE

As a Senior Application Security Engineer at ASIC, you will help to lead product and application security initiatives and embedding robust security practices across the software development & deployment lifecycle. Additionally, you will support the cyber assurance function and play a key role in delivering the Cyber Uplift Program.

More specifically, you will:

• Collaborate with application development teams to design secure solutions and embed security throughout the software development lifecycle.
• Lead threat modelling and architecture review sessions to identify and mitigate security risks during design and development phases.
• Support Shift-Left initiatives by integrating security early in the SDLC, with hands-on experience in SAST and IAST tools.
• Manage and coordinate penetration testing activities to validate application security posture.
• Assess vulnerabilities and cyber risks in third-party software and components, maintaining accurate and current SBOMs.
• Advocate for DevSecOps principles and promote secure SDLC practices across development, support, and engineering teams.
• Partner with Cyber Security leadership to enhance tools, processes, culture, and overall service delivery.