Application Security Engineer
Location: Sydney, New South Wales, Australia
It’s meaningful, it’s rewarding and it’s a lot of fun! If you love the idea of collaborating on a global product and passionate about user outcomes, then join our journey.
Trade Ledger is the world's first business global lending platform that transforms digital data in real time, allowing banks to assess and regularly update credit and default risk of businesses they lend to. We are a high-growth B2B enterprise technology provider who simplify and automate complex banking services.
Our mission is to make commerce simple, by enabling banks and other lenders to address the underserved £1.2 Trillion corporate credit market opportunity. We do this by reimagining credit in a digital world - connecting company supply chain digital data to the financial service provider.
This opportunity will see you responsible for making sure that security is embedded in each phase of our Software Development LifeCycle (Secure SDLC) and promoting a DevSecOps culture through TradeLedger.
As a member of the DevSecOps team, you will be working closely with the QA Team, the Cloud Security and Infrastructure Teams, the Risk & Compliance function, the Developers, and the outsourced security functions to analyse and implement mitigations to security findings.
- “Shift left” - Preventing security bugs from being deployed to Production. Assessing potential threats during the software design phase and determining mitigations aimed at reducing the threats in the early stages of the development lifecycle.
- Designing and implementing an agile and structured threat modelling approach to defend our applications from attacks.
- Setting up testing and monitoring to and detect data breaches.
- Advise developers and champion initiatives on the best code security practices and standards.
- Hands-on experience of implementing and running Static Application Security Testing (SAST), Dynamic AppSec testing (DAST), and Software Composition Analysis (SCA).
- Detailed understanding of attacks, threats, vulnerabilities, risks, and countermeasures frameworks (e.g. STRIDE, DREAD, PASTA, D3FEND, ATT&CK, OWASP, CIS benchmarks).
- Design, implement, and improve authentication and authorization mechanisms.
- Performing periodic security assessments and assisting with ad-hoc security investigations.
- Writing technical documentation.
- Assist in the writing and updates to our security policy documentation
- Proven experience in application security related fields
- Familiarity with containers and container-orchestration frameworks (like Kubernetes or EKS) including recommended security and hardening procedures.
- Familiarity with RDBMS and No-SQL database systems
- Understanding of web security to include certificates, HTTPS, security headers, web front-end hardening, OWASP Top 10, WAFs, etc.
- Proficient in a scripting language (Bash, Python, Ruby, etc.) and the ability to use such languages to extract audit and forensic data from logs and other data sources.
- Hands on experience with terminal, specially with AWS and Kubernetes command-line tools.
- Excellent knowledge of networking technologies, particularly with OSI network layers and TCP/IP;
- Strong communication and presentation skills.
If this role is right for you and you believe you can genuinely contribute to the ongoing success of our company, please hit ‘apply’.Our Culture
Diverse, open team culture is our differentiator! Be passionate, team focused, hard working and love what you do. We actively invest in continuous professional development because we know that our people are the creators of our success.
Our interview panels are inclusive to ensure we do not discriminate against age, gender, sexual identity or preference or religion.
Bring your authentic self and let's achieve awesome things together!
Discover Trade Ledger - Who we are, Our approach & Our People HERE
Trade Ledger does not accept CVs from recruitment agencies.