Application Security / Threat Modelling Specialist
6-Month Contract | Melbourne - preferred, Sydney, or Brisbane | 2-3 Days in Office
Day Rate: $1200 + GST
Start date: January
Summary
We are seeking an experienced Application Security / Threat Modelling Specialist to support a major uplift in secure design and product security practices across a large, modern digital environment. This role will lead threat modelling activities, embed security-by-design principles into development workflows, and guide engineering teams through secure architecture practices. The ideal candidate brings deep expertise in secure software design, cloud security (AWS), and modern application architectures, along with the ability to influence and uplift engineering teams through strong communication and documentation.
Key Responsibilities
* Partner with engineering teams to conduct, facilitate, and document application threat models across products and platforms.
* Build and maintain a baseline library of common threats, mitigations, reusable templates, and patterns for secure development.
* Embed security-by-design principles and SSDLC controls into engineering workflows, DevOps processes, and development tooling.
* Provide expert application security guidance during design reviews, architecture discussions, and development phases.
* Contribute to scaling the threat-modelling program through strong processes, documentation, and repeatable frameworks.
* Collaborate closely with Cyber Security and Engineering teams to enhance secure development maturity.
* Apply cloud security expertise (AWS) to ensure alignment with secure architecture and platform standards.
Required Experience
* 5+ years' experience in application security, product security, or secure software engineering.
* Strong background in secure software design, threat modelling, and architecture reviews.
* Demonstrated experience running threat modelling sessions and producing actionable outcomes.
* Deep understanding of SSDLC, secure design patterns, and integrating security into agile/DevOps environments.
* Ability to assess complex application architectures, data flows, APIs, and cloud-native systems.
* Strong foundational knowledge of AWS security principles.
* Excellent communication skills with the ability to influence engineers and stakeholders at all levels.
* Strong documentation skills and experience enabling knowledge transfer.
* Highly self-driven, organised, and able to manage multiple priorities with minimal oversight.
Desirable Skills
* Security certifications such as CSSLP, CISSP, or CCSP.
* Experience with secure code reviews and DevSecOps tooling (SAST, DAST, SCA).
* Knowledge of OWASP ASVS, MITRE ATT&CK, STRIDE, or similar frameworks.
* Understanding of microservices, serverless architectures, and modern software design.
IF you are interested in this amazing opportunity, please do click apply today or reach out to Sophie Garrison - Practice Lead - Cyber Security -
#J-18808-Ljbffr