Senior Product Security Engineer

Senior Product Security Engineer Job Description About CoStar Group CoStar Group (NASDAQ : CSGP) is a leading global provider of commercial and residential real estate information analytics and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100 CoStar Group is on a mission to digitize the worlds real estate empowering all people to discover properties insights and connections that improve their businesses and lives. About Domain Domain is a leading property technology and services marketplace that is home to one of the largest portfolios of property brands in Australia including the Domain Allhomes and Commercial Real Estate (CRE) 2025 Domain became part of CoStar Group (NASDAQ : CSGP) a global leader in commercial real estate information analytics online marketplaces and 3D digital twin technology. Together Domain and CoStar Group is dedicated to digitising the worlds real estate empowering all people to discover properties insights and connections that improve their businesses and lives. About the Role We’re looking for a highly collaborative and deeply technical Senior Product Security Engineer to be a pivotal force in shaping our Application Security (AppSec) future. This is your chance to drive our strategic vision by making security an intrinsic seamless part of our software development lifecycle. Responsibilities Leading Security Integration: Champion efforts to fully integrate security into our DevOps processes promoting a culture of security ownership and awareness across the organization. Work with the software and product teams to help ensure applications are designed and implemented securely during the SDLC. Hands‑On Security Mastery: Acting as the primary security advisor you’ll conduct implementation reviews of solution designs, lead crucial threat modeling sessions and perform hands‑on security code reviews. Tooling & Automation: Automate security testing at various stages within the CI / CD pipelines. Consume a variety of application security tools (DAST, SAST, SCA, Credential Scanning, IAC scanning) to secure web applications during development and production run‑time. Manage and operate our critical security tools ensuring maximum efficiency and coverage. Resilience & Compliance: Partnering with GRC to ensure adherence to industry standards and collaborating with Security Operations to provide crucial support during the investigation and response to security incidents. Basic Qualifications Bachelor’s degree required from an accredited not for profit university or college (preferably in Computer Science / Cybersecurity or related field). 5 years experience in a Product / Application Security or DevSecOps role. A track record of commitment to prior employers or a track record of delivering long‑term impact to prior employers. Strong knowledge of DevOps principles and practices as well as security best practices. Ability to communicate effectively with both cybersecurity and engineering teams. Ability to collaborate across Product Security, DevOps, Product and development teams. Proficiency in scripting and automation (e.g. Java, C/C++, C#, Python, JavaScript, PowerShell). Experience with container security (Docker, ECS, Kubernetes) and cloud security (AWS, Azure or GCP). Preferred Qualifications and Skills Hands‑on experience implementing security tools into CI / CD pipelines and IDE interfaces including Static Application Security Testing (SAST) and Static Application Analysis (SCA) solutions. Experience with web application penetration testing and identifying attack chains to evaluate the severity of vulnerabilities. Strong communication skills with both software development and software leadership audiences including the ability to communicate with different levels of leadership conveying risk and driving urgency for risk remediation. A self‑starter who can advance the application security program and follow‑through ideas to completion. Experience coordinating with application teams to drive security by design principles. Knowledge of infrastructure operations across databases, network and system administration. Experience testing modern applications in cloud‑native tech stacks. Why Join Us We’re the kind of place you can make a real impact with a workplace culture where you can be you. It’s a fun safe space where you’ll always feel you belong. Perks of the role include: Hybrid working; First‑rate parental leave; Continuous opportunities to leap learn and grow in a team that values creativity and innovation; We don’t just talk we do. Every day we solve property problems for Australians and beyond. We encourage our people to see the possibilities and turn them into realities. Next Steps Well give your application the thoughtful attention it deserves and get back to you as soon as possible. If there’s a match one of our recruitment consultants will reach out so keep your phone handy We’re genuinely excited about the chance to work together and make a meaningful impact. Equity, Diversity and Inclusion Domain is enthusiastically and unapologetically committed to fostering an equitable inclusive work culture which reflects our customers and communities. We are proactively looking for candidates from all lived experiences including people with disability and people of all ages, ethnicities, cultures (including Aboriginal and Torres Strait Islander Peoples), faiths, sexual orientations and gender identities (including trans and non‑binary people). We are committed to providing an equitable recruitment process for people with disability. If you require adjustments during the process, we’re here to support. If you wish to receive this job advertisement in an accessible format or have a confidential chat about workplace adjustments, please contact our Equity Diversity and Inclusion team. Employment Type Full‑Time Experience Senior IC Vacancy 1 #J-18808-Ljbffr