Senior IT Security Engineer

Join to apply for the Senior IT Security Engineer role at affix Lead Talent Partner Enterprise Technology: Project Services, Architecture, Infrastructure, Cyber at Affix Group Pty Ltd. The Story A great opportunity has become available with an organisation that supports transport agencies across Australia and New Zealand by providing trusted, practical tools, insights and services that help deliver safe, efficient and reliable mobility for the community. They operate several national programs and work collaboratively with government, industry and partners to create meaningful, high-value outcomes. With a culture grounded in professionalism, innovation and integrity, they embrace diversity, support continuous learning, and foster an inclusive environment where people can thrive. The Role The Data & Technology team is all about unlocking the power of data and contemporary tech to deliver safer, smarter outcomes for road and transport users. They're the people treating data like the precious corporate asset it is—nurturing its quality, security, accessibility, and making sure their organisation can make sound, data-driven decisions. As the Senior Security Engineer, you’ll be the newest member of a growing IT Operations team with a big mission: strengthening their security posture, uplifting technical maturity, and ensuring systems are robust, scalable, and well-protected. Think of this role as part defender, part builder, part problem-solver, and part mentor for colleagues learning their way around good security practices. You’ll split your time 50/50 between BAU (security monitoring, reviewing alerts, coordinating remediation) and project work (ServiceNow deployment, identity uplift, cloud hardening work, to name a few examples). The role forms part of the operations team, so you'll have to think from a security-first perspective, bridging the two worlds, also frequently review infrastructure designs from a security best-practice lens. You’ll work closely with internal teams and external vendors to keep the digital gates locked and the innovation flowing. This is a role where you'll be wearing many hats and managing the broad spectrum of the security environment: from BAU and project work, to managing a multi-cloud environment, ISO compliance and working with MSP's, you'll be involved in it all. The role will suit someone who has a maturity and seniority across the IT Security landscape, to not only share knowledge with other engineers, but being able to prioritise remediation vs project work, consider cost and resource constraints with third parties and taking business risk (not just technical risk) into consideration. Key Responsibilities You’ll take ownership of designing, implementing and managing security controls across Azure and AWS, ensuring these environments align with best-practice frameworks such as CIS, Essential Eight and ISO 27001. You’ll partner with infrastructure and application teams to provide secure architecture guidance, helping them deploy solutions confidently and securely while maintaining a strong and compliant cloud posture. You’ll oversee the deployment and ongoing maintenance of key security technologies, including XDR, Zero Trust solutions, CSPM platforms and vulnerability scanners, while managing endpoint, identity and network security controls across the organisation. A core part of the role involves integrating these tools into existing systems, ensuring accurate logging, alerting and reporting, resolving configuration issues, hardening systems and cloud services, and contributing to penetration testing activities and remediation efforts. Working closely with security operations, risk and compliance teams, you’ll support incident response, investigations and assessments, while also providing backup across busy periods and uplifting security capability within engineering teams. You’ll continually look for opportunities to improve automation and the effectiveness of their security toolset, and stay informed about emerging threats, technologies and industry best practices to help guide the security posture. What You Bring To The Role 8+ years experience in IT, with at least 5 years focused IT Security experience Strong hands-on cloud security experience in AWS and/or Azure, including cloud-native security controls, IAM and infrastructure hardening Ability to review, design and secure infrastructure, integrations and architectures Experience with key security tooling, including DLP, endpoint management, SIEM/log management and vulnerability management/remediation Experience with firewalls such as Azure Firewall, Palo Alto or Cloudflare (or comparable technologies) Strong Linux experience and comfort working across diverse environments Solid understanding of security design principles, best practices and modern cloud security patterns Working knowledge of ISO 27001 controls, including evidence collection for technical audits Familiarity with frameworks such as NIST, CIS and ACSC Essential Eight Desirable: industry certifications (CISSP, AWS Security Specialty, Azure Security Engineer), scripting or automation skills (PowerShell, Python, Terraform), and exposure to container security, CI/CD, DevSecOps and regulatory compliance requirements Next Steps If you enjoy translating technical controls into real-world business value, contributing to continuous improvement initiatives, partnering with curious humans and experimenting with modern security tooling—all while not taking yourself too seriously—this might be your next adventure. You’ll be part of an organisation that values curiosity, collaboration, and positive impact. You’ll work on meaningful projects that support public outcomes, play a pivotal role in uplifting security posture, and help shape the future of data and technology across the transport sector. Plus, you’ll join a team that's not just about bits and bytes, but about purpose, people, and pushing forward together. The role is Sydney based, permanent full-time and has a hybrid work arrangement. Seniority level Mid-Senior level Employment type Full-time Job function Information Technology Industries: IT Services and IT Consulting, Transportation, Logistics, Supply Chain and Storage, and Government Relations Services #J-18808-Ljbffr