About Us
A unified payments and financial platform for businesses worldwide is what we provide. We empower over 100,000 businesses with integrated solutions to manage accounts, payments, spend management, and treasury.
With a team of 1,500 people in tech across more than 20 offices globally, we're a proud Melbourne-founded company valued at US$5.6 billion and backed by world-leading investors.
Your role will be critical in defending our customers and platform by building a robust application security program.
You'll sit within our Security team and work closely with product and engineering teams to ensure they can build and release products quickly without compromising security.
* Evaluate our code base to identify security issues and help engineers implement secure solutions.
* Work proactively with product and engineering teams to assess risk and provide policy guidance on secure code review and best practices.
* Be the advocate for security architecture best practices across the organisation, including secure configuration and deployment of new infrastructure and services.
* Educate the engineering and product teams on what secure code and design looks like and why it's important.
* Continually test our applications, both internally and externally.
* Stay up-to-date with the latest threats and attack techniques and how they apply to our platform.
* Coordinate and manage third-party application security reviews and penetration tests.
* Set standards for identity and access management across the platform.
* Review our use of cloud providers, identify risk areas, and help mitigate them.
What You'll Bring
* A passion for solving complex challenges.
* Experience with cloud platforms, especially GCP.
* Self-motivation and drive to learn new skills or dive deeper into existing ones.
* An in-depth understanding of common attacker tools and techniques, and how they can be exploited by insecure development practices.
* Experience with vulnerability assessment tools.
* Strong communication skills with the ability to explain technical concepts to a non-technical audience.
* Experience with Kotlin, Typescript, NodeJS, and Kubernetes is a plus.
* Additional training, security certifications, or history of responsible disclosure is a big plus.