Senior Security Engineer (Third-Party Risk Management)
Sydney, Australia
Applications have closed
Atlassian
Atlassian's team collaboration software like Jira, Confluence and Trello help teams organize, discuss, and complete shared work.With a sufficient timezone overlap with the team, we’re able to hire eligible candidates for this role from any location in Australia and New Zealand. If this sparks your interest, apply today and chat with our friendly Recruitment team further.
The Corporate Security team at Atlassian seeks to enable foundational teams such as IT, Business Systems, Finance, Legal, People, and Customer Support, to have ability to execute on their initiatives without compromising security. In order to do this, CorpSec engineers are security all-rounders who are able to consider risk, make tradeoffs and implement effective security controls across Atlassian while working closely with these teams.
The third-party risk management program was created to help implement vendor solutions securely and manage the risk of potential compromise to our critical vendors. You’ll be working to ensure the suppliers we use meet or exceed our security requirements, guide Atlassians through the setup process and follow up in the case of security incidents. As part of the focus on learning at Atlassian, you'll be able to spend up to 20% of your time on independent research during our monthly innovation weeks.
We’re looking for individuals who can adapt quickly, be flexible and enjoy working in a variety of areas. To be successful, you must thrive on autonomy and open work.
In this role you'll get to:
- Be a technical lead that drives decision making and outcomes for the third-party risk management program;
- Perform vendor risk assessment for third-party solutions that address security threats;
- Review security language in supplier contracts and provide guidance aligned with security requirements;
- Work with internal stakeholders to ensure they are using the vendor in a way that reduces risk to the organisation.
- Work cross functionally with departments including Procurement, Legal and Risk and Compliance.
On your first day, we’ll expect you to have:
- Experience working in cyber security;
- An ability to reason about security decisions;
- Experience determining security maturity of third parties/developing security risk profiles;
- Hands on experience with penetration testing, threat modelling or design reviews;
- Familiarity with standard security certification and compliance mechanisms such as ISO, SOC 2, FedRAMP and HIPAA;
- Previously worked with a large variety of SaaS tools (Salesforce, Workday, Jira etc); and
- Strong collaboration and interpersonal skills.
It's great, but not required, if you have:
- Experience working with TPRM tooling such as SecurityScorecard, Bitsight, Aravo and/or Upguard;
- Proficiency in at least one programming language (e.g. Python, Golang, Java etc.);
- An interest in software supply chain security;
- Experience with Cloud and CI/CD technologies such as AWS, Azure, GCP, Bitbucket, Jenkins etc.
- Experience in a large scale cloud business; or
- The ability to thrive in a remote working environment.
More about our benefits
Whether you work in an office or a distributed team, Atlassian is highly collaborative and yes, fun! To support you at work (and play) we offer some fantastic perks: ample time off to relax and recharge, flexible working options, five paid volunteer days a year for your favourite cause, an annual allowance to support your learning & growth, unique ShipIt days, a company paid trip after five years and lots more.
More about Atlassian
Creating software that empowers everyone from small startups to the who’s who of tech is why we’re here. We build tools like Jira, Confluence, Bitbucket, and Trello to help teams across the world become more nimble, creative, and aligned—collaboration is the heart of every product we dream of at Atlassian. From Amsterdam and Austin, to Sydney and San Francisco, we’re looking for people who want to write the future and who believe that we can accomplish so much more together than apart. At Atlassian, we’re committed to an environment where everyone has the autonomy and freedom to thrive, as well as the support of like-minded colleagues who are motivated by a common goal to: Unleash the potential of every team.
Additional Information
We believe that the unique contributions of all Atlassians is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.
Atlassian is committed to providing reasonable accommodations to all individuals participating in the application and interview process, and while performing job functions. Please note that you will have the opportunity to request accommodations at each stage of the assessment process. To request accommodations before scheduling an interview, please reach out to atlassian-accommodations@atlassian.com and someone will follow up shortly.
All your information will be kept confidential according to EEO guidelines.
If your experience looks a little different from what we’ve identified and you think you can rock the role, we’d love to learn more about you.
Learn more about Atlassian’s culture, interviewing flow, and hiring process by checking out our Candidate Resource Hub.
Tags: AWS Azure Bitbucket CI/CD Cloud Compliance FedRAMP Finance GCP Golang HIPAA Java Jira Pentesting Python Risk assessment Risk management SaaS SOC 2
Perks/benefits: Career development Flex hours Flex vacation Travel
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs