1 day ago Be among the first 25 applicants
About Us At Endeavour, we’re totally into what we do. With a portfolio that includes Dan Murphy’s, BWS, ALH Hotels, Pinnacle Drinks and more, we love to bring people together. Together we share our passion for our products and industry; it’s what inspires us to dream big, and continue to create new experiences for our customers and teams across Australia. If you thrive on positive energy, we want to meet you!
The Role
This is just the start, so dream big
Hybrid ways of working
Location - Sydney or Melbourne
The
Senior Application Security Engineer
will be a critical driver in uplifting our application security posture and strategy, engaging with diverse development teams and product managers across Endeavour Group. We encourage applications from individuals of all backgrounds who are passionate about contributing to a secure and creative environment.
What you can expect in this role:
Champion a security-first culture across the organisation, promoting an environment where all voices are heard and valued in security discussions.
Lead the improvement of EDG’s Software Development Life Cycle (SDLC) by providing in-depth consultations, conducting high-level security assessments, and offering strategic advice to remediate vulnerabilities. Educate and empower diverse teams on secure coding practices and risk management through the SDLC.
Build new and improve existing automation that scales and grows with EGL's evolving needs to identify and resolve security issues throughout the SDLC, ensuring our tools be accessible and effective for all developers.
Drive remediation of identified vulnerabilities, proactively building patterns or tools to prevent them from occurring in future development, fostering a cooperative approach to problem-solving.
Develop and maintain an inclusive application security reporting strategy, implementing and automating a comprehensive approach aligning with business goals and industry best practices.
Collaborate closely with security architecture, cyber risk, and assurance, contributing to an overall security strategy and culture that embraces diverse perspectives.
Consult and mentor development teams on application security and risks with real-world scenarios, adapting communication styles to effectively reach all team members.
Design and deliver application security awareness and training that caters to the diverse needs of EGL developers, ensuring equitable access to knowledge and skill development.
Own various ways of working with key stakeholders, including security, technology, developers, product managers, and various squads and chapters. Act as a pivotal bridge between the security team and other departments, translating complex security concepts into clear, actionable insights for all and promoting understanding and collaboration across diverse groups.
Engage and influence various levels of the organisation, including technical and management teams, to articulate technical security findings and recommendations for solutions and remediation strategies, valuing diverse input in decision-making.
Qualifications
Strong understanding of Application Security and agile development environments
Knowledge of:
DevSecOps and Azure infrastructure
Web and Mobile application security
OWASP, Container Security, Kubernetes and security tools (SCA, DAST, SAST, etc.)
Threat Modelling and Security Architecture
In-depth experience with .NET (C#), JavaScript, Python or another scripting language
Excellent communication skills and ability to clearly and effectively collaborate with technical and non-technical stakeholders
Experience with contributing to the strategic direction of security practices within an organisation to adapt to and anticipate the evolving landscape of cybersecurity threats and technologies.
Self‑motivated and able to manage multiple priorities and tasks concurrently.
Key Business Partners (Internal and External)
Desirable
Professional ICT certifications such as SANS GWAPT, SANS GPEN, Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE) or Certified Information Systems Security Qualified (CISSP) are highly regarded.
Benefits
Flexible working in every sense
An exclusive discount card for BWS, Dan Murphy’s, Woolworths, BIG W and other Endeavour Group brands, including our AL
#J-18808-Ljbffr