Senior Application Security Engineer

1 day ago Be among the first 25 applicants About Us At Endeavour, we’re totally into what we do. With a portfolio that includes Dan Murphy’s, BWS, ALH Hotels, Pinnacle Drinks and more, we love to bring people together. Together we share our passion for our products and industry; it’s what inspires us to dream big, and continue to create new experiences for our customers and teams across Australia. If you thrive on positive energy, we want to meet you The Role This is just the start, so dream big Hybrid ways of working Location - Sydney or Melbourne The Senior Application Security Engineer will be a critical driver in uplifting our application security posture and strategy, engaging with diverse development teams and product managers across Endeavour Group. We encourage applications from individuals of all backgrounds who are passionate about contributing to a secure and innovative environment. What you can expect in this role: Champion a security-first culture across the organisation, promoting an environment where all voices are heard and valued in security discussions. Lead the improvement of EDG’s Software Development Life Cycle (SDLC) by providing in-depth consultations, conducting high-level security assessments, and offering strategic advice to remediate vulnerabilities. Educate and empower diverse teams on secure coding practices and risk management through the SDLC. Build new and improve existing automation that scales and grows with EGL's evolving needs to identify and resolve security issues throughout the SDLC, ensuring our tools be accessible and effective for all developers. Drive remediation of identified vulnerabilities, proactively building patterns or tools to prevent them from occurring in future development, fostering a collaborative approach to problem-solving. Develop and maintain an inclusive application security reporting strategy, implementing and automating a comprehensive approach aligning with business goals and industry best practices. Collaborate closely with security architecture, cyber risk, and assurance, contributing to an overall security strategy and culture that embraces diverse perspectives. Consult and mentor development teams on application security and risks with real-world scenarios, adapting communication styles to effectively reach all team members. Design and deliver application security awareness and training that caters to the diverse needs of EGL developers, ensuring equitable access to knowledge and skill development. Own various ways of working with key stakeholders, including security, technology, developers, product managers, and various squads and chapters. Act as a pivotal bridge between the security team and other departments, translating complex security concepts into clear, actionable insights for all and promoting understanding and collaboration across diverse groups. Engage and influence various levels of the organisation, including technical and management teams, to articulate technical security findings and recommendations for solutions and remediation strategies, valuing diverse input in decision-making. Qualifications Strong understanding of Application Security and agile development environments Knowledge of: DevSecOps and Azure infrastructure Web and Mobile application security OWASP, Container Security, Kubernetes and security tools (SCA, DAST, SAST, etc.) Threat Modelling and Security Architecture In-depth experience with .NET (C#), JavaScript, Python or another scripting language Excellent communication skills and ability to clearly and effectively collaborate with technical and non-technical stakeholders Experience with contributing to the strategic direction of security practices within an organisation to adapt to and anticipate the evolving landscape of cybersecurity threats and technologies. Self‑motivated and able to manage multiple priorities and tasks concurrently. Key Business Partners (Internal and External) Desirable Professional ICT certifications such as SANS GWAPT, SANS GPEN, Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE) or Certified Information Systems Security Professional (CISSP) are highly regarded. Benefits Flexible working in every sense An exclusive discount card for BWS, Dan Murphy’s, Woolworths, BIG W and other Endeavour Group brands, including our AL #J-18808-Ljbffr