Application Security Engineer

Company Description

Welcome to This Australian Life. 

From the millions of Australians we protect, to those that make it happen every day at TAL, people really are what we’re all about. We want to grow with you. Achieve with you. And support you to do your best work. That's why we're focused on developing leadership, promoting diversity, rewarding excellence and retaining great talent.

We're always looking for people who want to go further with us. People who do what’s right, aim high, and work smart.  Why not see where we can go?

Job Description

Team Overview:

The AppSec Team focuses on building secure mobile, web and cloud applications throughout their development lifecycle, from start to finish. AppSec is a proactive approach to security that help prevents threats at the initial stages rather than a reactive approach.

As an Application Security Engineer at TAL, you will be responsible for ensuring the security of our applications by implementing and maintaining robust security measures at TAL. You will work closely with development teams to identify and mitigate security vulnerabilities throughout the software development lifecycle. You will also foster security awareness and DevSecOps culture, providing security training to development teams.

Key Responsibilities:

• Ascertain a holistic understanding of TAL’s systems, development workloads and lifecycles.
• Create and update software application security policies and procedures.
• Work closely with the TAL Cyber team to implement security best practices and standards to protect sensitive data and ensure compliance with regulations.
• Collaborate with development teams to integrate security controls into the software development process.
• Conduct security assessments on applications to identify and remediate vulnerabilities.
• Drive response to security incidents, conducting root cause analysis and implementing corrective actions.
• Analyse application code and recommend solutions to identified security issues.
• Execute planned and ad-hoc security scans of software applications, and interpret results for development teams.
• Maintain documentation related to application security processes and controls.
• Providing application security guidance, coaching, and training to development teams and other stakeholders.
• Ensuring the adoption and implementation of application security tools in the DevSecOps lifecycle.
• Gather, manipulate and report on data from application security tools programmatically.
• Work with vendors to tailor application security tools to fit TAL workloads. 
• Stay up-to-date on the latest security threats and trends to proactively address potential risks and educate development teams.

Qualifications

• 5-10 years of experience in application security, with a strong background in secure coding practices and vulnerability management.
• Proficiency in using Static Application Security Testing (SAST) such as Checkmarx, Fortify etc, Software Composition Analysis (SCA) such as Blackduck, Snyk, Sonatype etc, and Dynamic Application Security Testing (DAST) tools.
• Working knowledge of platforms like AWS, Azure, or Google Cloud for deploying and managing applications.
• Familiarity with containerisation and Azure Kubernetes Service (AKS) deployment
• Demonstrated secure software development practices, including threat modelling, secure coding guidelines, and secure architecture design.
• Knowledge of common web application vulnerabilities (e.g., OWASP Top 10) and how to remediate them.
• A strong knowledge of programming languages, such as .NET and JavaScript.
• Experience in automating tasks using a scripting language, such as JavaScript, Python and/or Powershell
• Understanding of how to implement SAST/SCA/DAST into DevOps CI/CD pipelines.
• Experience with Agile development methodologies, with working knowledge in project management software (e.g. Jira).
• Ability to effectively collaborate with external vendors, multiple internal stakeholders, and senior management across departments.
• A proven track record of working with development teams to remediate application vulnerabilities.
• A high level of analytical, problem-solving, and decision-making skills.
• Excellent written and verbal communication skills, interpersonal and collaborative skills.
• Penetration testing experience preferred but not mandatory.

Certifications such as CISSP, CEH, or CSSLP are preferred but not mandatory

Additional Information

At TAL we value diversity in all its forms and are committed to fostering an inclusive and equitable culture for all our people. We encourage Aboriginal and Torres Strait Islander people, individuals from all backgrounds, including those with caring responsibilities, people living with disability, and individuals from the CALD and LGBTQI+ communities to apply. Even if you don’t check every box in the criteria above, we encourage you to apply today or get in touch with us here.   

To provide you with the best experience, we can accommodate you at any stage of the recruitment process. Simply inform our Recruitment team at any time.  

TAL is recognised by the Workplace Gender Equality Agency as an Employer of Choice.  We are proud to be a member of Diversity Council Australia and the Australian Network on Disability. For information on our reconciliation journey, take a look at our Innovate Reconciliation Action Plan.  

We acknowledge the Traditional Custodians of the Land in which our Head Office is based, the land of the Gadigal people of the Eora Nation, and recognise their deep connections to the land, sea, and culture.  
We extend this acknowledgment to the many Traditional Lands that we operate across and pay our respects to Elders past, present, and emerging.

Everyone at TAL has a responsibility to do the right thing and is accountable for the way they conduct themselves. Our expectations are that you follow the principles set out in our Code of Conduct when you come to work every day. Risk management is everyone’s responsibility.

If you are already a TAL employee please apply via the SmartRecruiters button in Workday and navigate to the Employee Portal. This is important to ensure that your application is recorded accurately.