As a Senior Software Engineer – Application Security (AppSec), you will uplift the developer ecosystem by optimising development tooling, workflows, and security controls. We have two vacancies on a 1-year max term to start.
Responsibilities
* Partnering with security, platform, engineering, and product teams to design, implement, and embed secure development pathways ('paved roads'), guardrails, and SSDLC practices that integrate naturally into engineering workflows and CI/CD pipelines.
* Configuring, integrating, and scaling modern AppSec tooling such as SAST, SCA, ASPM/ASM, and secret scanning, ensuring these capabilities are reliable, usable, and embedded into the software delivery lifecycle.
* Leveraging GitHub Actions, CI/CD pipelines, policy-as-code, scripting, and orchestration to automate security checks, enforce controls, and streamline secure deployment processes without disrupting developer velocity.
* Creating and maintaining templates, scripts, documentation, and self-service tooling that empower teams to adopt secure-by-default practices while reducing security friction, false positives, and manual overhead.
* Defining metrics, gathering developer feedback, and analysing tooling outcomes to assess the effectiveness of AppSec initiatives, iterating on approaches to uplift both security maturity and developer experience.
* Communicating with our Engineering cohort to share new tools, workflows, and secure engineering practices, while running enablement activities (docs, workshops, demonstrations) that drive secure adoption and ecosystem improvements.
* Staying on top of emerging vulnerabilities, security trends, and engineering productivity advancements, and building strong cross-functional relationships to influence secure behaviours and balance risk with usability and delivery outcomes.
Qualifications
* Experience building or securing cloud-native applications (Azure preferred) with SSDLC/shift-left security practices.
* Hands-on experience with modern AppSec tooling such as SAST, SCA, ASPM/ASM, and secret scanning in developer environments.
* Practical experience with GitHub Actions, CI/CD pipelines, policy-as-code, or equivalent automation platforms.
* Proficiency in scripting or infrastructure-as-code languages (e.g. PowerShell, JavaScript/Node.js, Bash, Terraform or similar) to build automations, actions, and platform integrations.
* Empathy for engineering workflows with the ability to balance security, productivity, and usability.
* Ability to influence technical stakeholders, articulate security impacts clearly, and work cross-functionally across engineering, security, and platform teams.
* Previous exposure to GitHub administration or GitHub Advanced Security features such as code scanning, secret scanning, and dependency risk management will be highly regarded.
Benefits
* Work with cutting-edge technologies and be part of a team driving digital transformation across RACWA.
* Join a team that values personal development and enables continuous learning opportunities, certifications, and career progression within a supportive and growth-focused environment.
* Benefit from flexible and hybrid working arrangements, including temporary remote work options and a focus on work-life balance.
* Contribute to high-impact projects or products that directly enhance RACWA's services to its members and the community.
* Be part of an organisation that embraces diversity and inclusion, ensuring a welcoming environment for all employees.
* Take advantage of a strong focus on employee wellbeing, including mental health support, wellness programs, and fitness incentives.
* Engage in meaningful community and social responsibility initiatives that align with RACWA's values and mission.
Equal Opportunity Employer
As an Equal Opportunity Employer, we welcome everyone.
We encourage applications from diverse groups including Indigenous and Torres Strait Islander people, physical ability, all ages, LGBTQI+ identities, all languages and diverse cultures and backgrounds.
#J-18808-Ljbffr