Application Security Engineer - C# / Cloud at Willow

Security, Full-Time, Sydney sydney engineering full-time
Description
Posted 4 days ago

Founded in 2017, Willow is a global technology start-up. The WillowTwin™ is a disruptive IoT/Data SaaS that unlocks the true potential of smart buildings and infrastructure. We are writing a new chapter in human history, with unprecedented resource optimisation and management empowered by data. 
 
Recently Ranked in Linked In's 2020 Australian "Top 10 Start-ups", you will be joining a team of performance-driven individuals, backed by the most advanced technology the built world has ever seen. We are chartering a new course, Digital First, the Willow Way. Our 'Willow World' is fast-paced, nurturing and collaborative.

Your Team

The multitude of benefits that arise from our offerings come with an ever-increasing risk of cyber-attack from a variety of threat actors. These threats can result in data loss, privacy issues, disruption to critical infrastructure as well as environmental, financial and health risks. Cybersecurity is core to the very fabric of Willow’s approach as we deliver our products and services to customers. Maintaining a strong security posture is integral to maintaining the trust of our customers. The cybersecurity team at Willow has a commitment from the leadership team and executives and is seen as an enabler in ensuring the business is able to grow and scale as a global organisation.

Application Security Engineers work closely with the Head of Cyber Security & Privacy, third party service providers and stakeholders from all parts of the business to improve the security of Willow and of its customers. The role will work closely with the Product and Engineering teams, providing ad hoc technical security advice where needed and focused on ensuring that our products are secure at all levels of the technology stack. This includes identifying opportunities for improvement, building out new security capabilities and responding to incidents where required. Application Security Engineers are expected to be people who take ownership of their work, shows initiative through effective problem-solving skills and has the ability to clearly communicate ideas or recommendations to a variety of people with varying technical knowledge.

Role & Responsibilities

  • Work closely with wider Product and Engineering teams to support them with minimum security requirements in new and existing products or software.
  • Perform technical and non-technical security reviews on applications, as well as required remediation
  • Ensure appropriate security controls and processes such as threat modelling and security testing are embedded into the Engineering development processes in a seamless manner.
  • Drive the continued education of engineers and product team around security requirements.
  • Work closely with IT consultants and managed service providers to scope, manage and remediate regular penetration testing assessments.
  • Continually review and improve the security function by identifying possible improvements, developing skills, identifying new techniques and developing automation to mitigate security risks and incidents efficiently.
  • Apply threat intelligence and other information sources to identify events/risks relevant to the company and integrate this into existing security processes for targeted remediation.
  • Contribute to various security projects and assist the Head of Cyber Security & Privacy in the delivery of the cybersecurity roadmap in accordance with timeframes and budget.
  • Job Qualifications

  • Minimum 2-3 years relevant experience in security, preferably in application security or software engineering role
  • Technical skills including networking, software engineering, systems administration, penetration testing and vulnerability assessments
  • Experience in a cloud infrastructure environment - AWS or Azure, preferably with Azure PaaS experience
  • Experience in vulnerability management and threat intelligence capabilities
  • Experience in working with software developers to advise on security controls and requirements
  • Experience with common information security management frameworks, standards, principles and processes (OWASP, CIS, SANS, ISO, NIST etc)
  • Relevant security certifications (CISSP, GIAC, Security+, CEH, OSCP etc)
  • Experience in highly automated DevOps environments and familiarity with toolsets including Git, ARM, EBS, CloudFormation, Docker, Kubernetes, Puppet, Chef etc
  • If you are eager to work in a fast-paced, high growth tech start-up based on collaboration and open communication, then Willow could be the place for you. We at Willow never give up, we work smart, we care about our fellow human beings, and we always put our best foot forward.

    Willow is proudly diverse. We work to create an equitable and inclusive experience for candidates and employees, where people from different backgrounds have an opportunity to succeed. Join us in our mission to digitise the built world!

    To find out more, visit the website: https://www.willowinc.com