Application Security Engineer at A cloud guru

Product & Engineering, Melbourne, Victoria, Australia melbourne engineering product
Description
Posted 1 months ago

The Application Security Engineer role

CHAMPION | MONITOR | MITIGATE

We're looking for an Application Security Engineer who can work collaboratively with Software Engineering teams to mitigate potential security threats and ultimately build a culture of AppSec in Engineering at ACG. You'll get the chance to work across Security Governance, Operations and AppSec in a cloud native product-led environment. This person will help to level-up how we build products, with security front of mind and bring consistency to how we go about it. If this sounds like you - please read on and apply below!

Hello, we're A Cloud Guru

Our friends call us ACG.

A Cloud Guru was built by engineers for everyone, everywhere. Here, you’ll have the freedom to follow your curiosity. We’re not afraid to just try, because when you’re working with cutting edge technologies, experimentation and trying out new ideas have to be encouraged and celebrated. Our engineers are building the world’s largest (and most awesome) cloud learning platform. Why? Our mission is to teach the world to cloud. Our fun, practical courses have helped over 1.5 million people learn to cloud, and we’re just getting started.

We’re not a training company that just decided to sell training courses. We grew up out of the cloud ecosystem. We were a bunch of cloud engineers who pulled people together to create a training platform. That’s why we’re genuinely passionate about what we create. And we are known for practicing what we preach.

What makes the Product & Engineering team awesome...

Learning to cloud means unlocking a world of possibilities for our students. Using the latest tech, we design the tools to teach people cloud faster and better. The team is talented (and a little quirky), and we’re all in it together.

  • Cutting-edge tech We’ve built a product using cloud-first Serverless Architecture with tools like Lambda, API Gateway, GraphQL and ReactJS.
  • Founded by engineers Having a CEO who’s also an engineer is nice — he knows the effort it takes to make things awesome.
  • We don’t bite We’re friendly, down-to-earth, and collaborative. There are no high-performing jerks and no heroes. Just great teams.
  • Hungry and humble We’re dedicated to learning all the things to create the best product possible.

Working here, everyone is so humble. I haven't seen an ego yet, and it’s very refreshing. It allows me to let the real quirky, sometimes funny, sometimes silly side of me come out and shine. –Kesha, A.I. Music Guru (and Technical Instructor)

As an Application Security Engineer at ACG, you’ll get to:

  • Help engineering teams in their efforts to maintain and perform threat models and provide training and guidance as required
  • Review the practices of our engineering teams to help them maintain best practices with respect to security, factoring in evolving threats listed on resources such as OWASP Top 10 etc.
  • Assist in the development and maintenance of security tooling and processes, such as DAST and SAST tools, vulnerability reporting
  • Manually test for vulnerabilities to confirm early indicators from responsible disclosure reports and other indicators
  • Process reports from external penetration testing vendors and coordinate feedback with teams to ensure actions are followed to mitigate identified risks
  • Partner with DevOps and Engineering teams to create and maintain secure AWS environments
  • Handle global incident response issues and coordinate responses across time zones
  • Maintain vulnerability dashboards and track risks and threats, coordinating vulnerability reports to stakeholders
  • Contribute to the AppSec governance and compliance program alongside key stakeholders
  • Implement AWS specific security measures, including monitoring, logs, IAM, policies and configuration rules

What you bring to the table

We focus on hiring values-aligned people, because we believe the right person can learn all the things to be successful in their role. Self-belief plays a big part in what you apply for. We encourage all job applicants to apply even if they are nervous to do so. Uni degrees aren't required for any roles, and career gaps or switches are totally welcome.

  • 3+ years working in the AppSec Engineering field
  • Experience with risk assessment and mitigation in software application development
  • Strong knowledge of AppSec industry best practices
  • Experience conducting security code reviews and mentoring Software Engineers to adopt best practices
  • Experience managing security in AWS, including policies, roles and environments
  • Experience working with security auditors and penetration testers
  • Excellent communication, collaboration and information sharing skills

We want the people who care about doing a good job. The ones who have the humility and hunger to learn. - Sam Kroonenburg, Co-Founder and CEO

More than a job

Where you work isn’t just a career decision — it’s a life decision. We get it. That’s why we want all of our Gurus to feel a sense of belonging that comes from feeling supported in all areas of their lives. Everyone has family, friends and interests outside of their careers, so we offer perks and benefits to make work, work better for you.

  • 5 weeks paid time off. Whether it’s hiking to a waterfall or bonding with your couch, we all need time to unplug
  • Gender-neutral paid parental leave. We offer 8 weeks of gender-neutral paid parental leave
  • USD $250 quarterly education budget. All Gurus get USD $250 to spend on professional development every quarter
  • 2 hours each week reserved for learning. Every Friday for 2 hours, we put down our normal work and spend time learning something new
  • Salary Packaging. Our salary packaging benefit allows you to pay for certain everyday expenses, like your car lease or new laptop, with pre-tax dollars
  • 5 mins from Flinders Street Station. Commuting is a breeze when the office is a 5 minute walk from Flinders Street Station
  • Stocked kitchen. Lunches are catered twice a week, and our kitchen stays stocked with carb free, lactose free, and vegan friendly options
  • Get certified on us. A Cloud Guru will cover the cost of sitting all industry cloud certifications

What’s the interview process like at ACG?

Applying for a job can feel intimidating and like a full-time job of its own. You shouldn’t have to burn through a week of sick time or all your best out-of-office excuses just to put feelers out for a new career opportunity. It’s our goal to provide you a fair, efficient interviewing experience that respects you and your time — and to do it all with a touch of delight.

Once you submit an application, we’ll review it. If you’re a good fit, you’ll have an initial chat with a recruiter over the phone. A phone interview with a manager typically follows. Depending on your role, you might then be asked to do a little homework (but nothing too time consuming). Then we’ll schedule a Zoom call to meet other members of the team, answer any questions you have, and give you a feel for what it’s really like to work at ACG. If you're on the fence, just give it a try.

Keep being awesome, cloud gurus!