We're hiring an Application Security Specialist to help teams deliver innovative solutions quickly and securely. Sitting within the Cyber Defence team, you'll be responsible for planning and running penetration testing and security assurance across web applications, APIs and contemporary technology stacks. You'll collaborate with engineering delivery teams, service and product owners, architects and platform partners to embed secure SDLC controls and implement and operate AppSec tooling in CI/CD. You'll enable delivery teams to ship securely by providing clear, risk- based security guidance, turning findings into practical remediation actions, and confirming fixes through re-testing.
This is a great opportunity to lift AppSec maturity end-to-end by partnering with squads to threat model, automate security in CI/CD, and validate remediation through retesting.
What you'll deliver with us
* Plan and deliver penetration testing and security validation in alignment with release schedules, criticality, exposure and risk.
* Drive adoption of secure SDLC practices through standards, patterns, and reusable guardrails.
* Scope security work required to achieve outcomes (tooling, testing, remediation, patterns, uplift initiatives), aligned to delivery constraints and risk.
* Identify systemic AppSec issues and propose improvements (tooling, pipeline templates, secure patterns, security test playbooks, developer training).
About You
You're a confident, hands‐on application security specialist who can clearly explain security findings and practical mitigations to both technical and non‐technical stakeholders, in writing and in conversation. You bring strong experience scoping and delivering web application and API security testing, including whitebox and blackbox penetration testing and controls assurance, and you're comfortable ramping up quickly on unfamiliar technology stacks while still delivering high‐quality coverage. You also have experience with cloud application and infrastructure patterns across GCP, Azure and AWS, and strong web application security practices. You understand application architecture and secure solution design, with practical experience applying threat modelling.
You'll also bring
* Strong communication skills, with a level of comfort delivering practical security advice to technical and non‐technical stakeholders
* Experience with application architecture and secure solution design, including practical application of threat modelling
* Experience with cloud application, architectural and infrastructure patterns, in particular GCP, Azure and AWS and web application security practices
* Working knowledge of computer networking concepts to contextualise services running within an enterprise
* Hands on experience with application security tooling, including SCA, SAST, IAST and DAST
How we'll deliver for you
At Australia Post, we believe in investing in our people and fostering a supportive and inclusive work environment. Here's how we'll deliver for you:
* Career Development: We offer opportunities for professional growth and development, helping you to build a rewarding career.
* Work‐Life Balance: We understand the importance of work‐life balance and offer flexible working arrangements to support your personal and professional needs.
* Employee Wellbeing: We prioritize the wellbeing of our employees, providing resources and support to ensure a healthy and safe work environment.
We're delivering together
At Australia Post, we acknowledge the Traditional Custodians of the land on which we operate, live and gather as employees.
We believe our business should reflect the diverse communities we operate in and are proud to be an inclusive workplace for people from all walks of life. We encourage applications from people of all ages, genders and backgrounds including Aboriginal and Torres Strait Islander peoples, People with Disability, LGBTQIA+ and Refugees.
We are one of the largest organisations in Australia to successfully achieve Disability Confident Recruiter status. We are committed to providing an inclusive and barrier‐free recruitment process and workplace for those living with a disability and are committed to reviewing and removing bias in our processes to create a gender‐equitable recruitment experience and workplace.
If you have any questions about accessibility, please contact our Diversity & Inclusion team on
#J-18808-Ljbffr