Senior Security Engineer (Third-Party Risk Management) at Atlassian

Security, Full Time, Sydney, Australia sydney engineering full-time
Posted 12 days ago

Atlassian can hire people in any country where we have a legal entity, assuming candidates have eligible working rights and a sufficient timezone overlap with their team. As our offices re-open, Atlassians can choose to work remotely or return to an office, unless it’s necessary for the role to be performed in the office. Interviews and onboarding are conducted virtually, a part of being a distributed-first company.

With a sufficient timezone overlap with the team, we’re able to hire eligible candidates for this role from any location in Australia and New Zealand. If this sparks your interest, apply today and chat with our friendly Recruitment team further.

The Corporate Security team at Atlassian seeks to enable foundational teams such as IT, Business Systems, Finance, Legal, People, and Customer Support, to have ability to execute on their initiatives without compromising security. In order to do this, CorpSec engineers are security all-rounders who are able to consider risk, make tradeoffs and implement effective security controls across Atlassian while working closely with these teams.

The third-party risk management program was created to help implement vendor solutions securely and manage the risk of potential compromise to our critical vendors. You’ll be working to ensure the suppliers we use meet or exceed our security requirements, guide Atlassians through the setup process and follow up in the case of security incidents. As part of the focus on learning at Atlassian, you'll be able to spend up to 20% of your time on independent research during our monthly innovation weeks.

We’re looking for individuals who can adapt quickly, be flexible and enjoy working in a variety of areas. To be successful, you must thrive on autonomy and open work.

In this role you'll get to:

  • Be a technical lead that drives decision making and outcomes for the third-party risk management program;
  • Perform vendor risk assessment for third-party solutions that address security threats;
  • Review security language in supplier contracts and provide guidance aligned with security requirements;
  • Work with internal stakeholders to ensure they are using the vendor in a way that reduces risk to the organisation.
  • Work cross functionally with departments including Procurement, Legal and Risk and Compliance.
  • On your first day, we’ll expect you to have:

  • Experience working in cyber security;
  • An ability to reason about security decisions;
  • Experience determining security maturity of third parties/developing security risk profiles;
  • Hands on experience with penetration testing, threat modelling or design reviews;
  • Familiarity with standard security certification and compliance mechanisms such as ISO, SOC 2, FedRAMP and HIPAA;
  • Previously worked with a large variety of SaaS tools (Salesforce, Workday, Jira etc); and
  • Strong collaboration and interpersonal skills.
  • It's great, but not required, if you have:

  • Experience working with TPRM tooling such as SecurityScorecard, Bitsight, Aravo and/or Upguard;
  • Proficiency in at least one programming language (e.g. Python, Golang, Java etc.);
  • An interest in software supply chain security;
  • Experience with Cloud and CI/CD technologies such as AWS, Azure, GCP, Bitbucket, Jenkins etc.
  • Experience in a large scale cloud business; or
  • The ability to thrive in a remote working environment.
  • More about our team
    Atlassian Security is a team based across the globe with 150+ engineers all around the world including Australia, USA and the Netherlands.
    We are responsible for building and managing security services to ensure that Atlassians products are among the most trustworthy in the industry. This includes managing the security development lifecycle, coordinating detection, assessment and response to security incidents, and providing architectural and process guidance for all of the teams across Atlassian. We are a highly motivated, collaborative, creative team that isn't afraid of moving quickly and that is widely respected within Atlassian and across the broader security industry.

    More about our benefits

    Whether you work in an office or a distributed team, Atlassian is highly collaborative and yes, fun! To support you at work (and play) we offer some fantastic perks: ample time off to relax and recharge, flexible working options, five paid volunteer days a year for your favourite cause, an annual allowance to support your learning & growth, unique ShipIt days, a company paid trip after five years and lots more.

    More about Atlassian

    Creating software that empowers everyone from small startups to the who’s who of tech is why we’re here. We build tools like Jira, Confluence, Bitbucket, and Trello to help teams across the world become more nimble, creative, and aligned—collaboration is the heart of every product we dream of at Atlassian. From Amsterdam and Austin, to Sydney and San Francisco, we’re looking for people who want to write the future and who believe that we can accomplish so much more together than apart. At Atlassian, we’re committed to an environment where everyone has the autonomy and freedom to thrive, as well as the support of like-minded colleagues who are motivated by a common goal to: Unleash the potential of every team.

    Additional Information

    We believe that the unique contributions of all Atlassians is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.

    Atlassian is committed to providing reasonable accommodations to all individuals participating in the application and interview process, and while performing job functions. Please note that you will have the opportunity to request accommodations at each stage of the assessment process. To request accommodations before scheduling an interview, please reach out to [email protected] and someone will follow up shortly.

    All your information will be kept confidential according to EEO guidelines.

    If your experience looks a little different from what we’ve identified and you think you can rock the role, we’d love to learn more about you.

    Learn more about Atlassian’s culture, interviewing flow, and hiring process by checking out our Candidate Resource Hub.