Senior Application Security Engineer at Hipages

Engineering, Sydney sydney engineering
Posted 12 days ago

hi, we’re hipages Group.

We create effortless solutions that help tradies streamline and grow their businesses and delight their customers. Over 3 million Australians have used the hipages platform, where a home improvement job is posted every 20 seconds. 

Your Opportunity

As an Application Security Engineer, you will be responsible for making sure that security is embedded in each phase of our Software Development LifeCycle (Secure SDLC), embedding automated security best practices in our cloud infrastructure and promoting a DevSecOps culture through the hipages Group.

How you will add value:

  • Working closely with the cross functional teams, execute the OWASP Software Assurance Maturity Model aligned engineering security roadmap
  • Define and implement an Application Security Framework aligned to best practices
  • Advise developers and champion initiatives on the best code security practices and standards by coordinating secure code awareness training
  • “Shift left” - Preventing security bugs from being deployed to Production. Assessing potential threats during the software design phase and determining mitigations aimed at reducing the threats in the early stages of the development lifecycle
  • Setting up testing and monitoring to detect information security incidents in the application product environment
  • Writing technical security documentation
  • Identifying and addressing security architecture problems with existing and future applications and libraries

About You:

  • Requirements:
    • 3 plus years of experience in application security-related fields (code reviews, application penetration testing, security engineering, etc.)
    • Strong working knowledge of one or more application security best practice frameworks (e.g. OWASP Software Assurance Maturity Model, OWASP Top 10, CIS Benchmarks and MITRE ATT&CK framework)
  • Technical Experience: 
    • Strong experience with using AWS, or other public cloud platform equivalents, and associated security platforms (e.g. Inspector, Security Hub, CloudTrail)
    • Hands-on experience of implementing and running Static & Dynamic Application Security Testing platforms
    • Hands on experience within terminal environments, especially with AWS and Kubernetes command-line tools
    • Familiarity with containers and container-orchestration frameworks (such as Docker, Kubernetes, Terraform etc.) including recommended security and hardening procedures
    • Familiarity with Amazon RDS and MySQL database systems
    • Proficient in a scripting language (e.g. JavaScript, Python, TypeScript, PHP etc.)
    • Familiarity with external bug bounty programs

Take a look inside our home:

  • A close-knit diverse family of bright, respectful, collaborative members who love to solve problems and jump on new opportunities;
  • High-touch personalised investment in your continuous career development;
  • Agile cross-functional teams who value teamwork - from Hackathon to team off-sites, to Product roadshows, you get to experience it all;
  • Competitive salary and benefits, plus equity via our Employee Share Program, we’re all owners of hipages and other great perks such as 14 weeks paid parental leave;
  • Daily bottomless continental breakfast, fresh fruit and snacks;
  • Inspiring office and location - based in the heart of Sydney CBD, only a few steps from Town Hall Station;
  • Remote work and flexible work (50/50) hybrid model;
  • Social connection focus: Friday socials, company parties and teaming activities - the best in town!

Sounds like you're home? Apply Now!

Innovation & Collaboration: are two important core values at hipages which both cannot be achieved successfully without a diverse and inclusive team. We don't expect you to be an expert in all areas and we are more interested in learning about you as a person, a team member and a leader. 

Research shows that while men apply for jobs when they meet an average of 60% of the criteria, women and other minority groups tend to only apply when they check every box. So if you don't tick every single box above, but you think you would be a great fit for the role we encourage you to apply, we would LOVE to hear from you!