Application Security Lead

Job Description:

• Employment Type: Full Time, permanent role
• Remuneration: $138,171 - $146,613 + 17% super + Leave Loading
• Location: UNSW Kensington Campus (Hybrid Working Opportunities)

About UNSW:
UNSW isn’t like other places you’ve worked. Yes, we’re a large organisation with a diverse and talented community, a community doing extraordinary things. Together, we are driven to be thoughtful, practical, and purposeful in all we do. Taking this combined approach is what makes our work matter. If you want a career where you can thrive, be challenged and do meaningful work, you’re in the right place.

Why Your Role Matters:
The Application Security Lead will play a crucial role in strengthening the organisation’s security position by leading secure development lifecycle practice (SDLC). This role will collaborate closely with the Cyber Security team and use expertise to develop and drive practices that embed secure-by-design across the full technology stack for applications. This role leads application security compliance across the Student, Academic and Research domain.

The Application Security Lead role will lead the organisation with strong development processes and work with various teams and stakeholders to provide consultation and guidance across the business. This includes promoting awareness of the University’s internal and external environment for emerging cyber security threats and supporting the independent audits of cyber security controls.

This role reports into the Technology Manager and has no direct reports.

Responsibilities:

• Lead the development and implementation of application security best practice processes that ensure security throughout the application lifecycle.
• Provide expert guidance and leadership on secure development practices and technologies to IT teams and stakeholders across UNSW to embed security practices.
• Collaborate with the Cyber Security team to establish and advance sustainable secure coding processes, platforms, tools, monitoring, and automation including hands-on set-up and management of application security tooling.
• Lead a capability uplift and embed a culture of security across application teams through the development of standards, guidelines and identifying team needs and opportunities.
• Develop and deliver application development training with respect to security and guide the team autonomously on department strategy and approach.
  
  

For more information regarding the responsibilities for this role, please refer to the Position Description at JOBS@UNSW.

Skills and Experience Summary:

• Preferably 10+ years work experience in software engineering or related roles, at least 2 of which within a similar role focused on application security.
• In-depth understanding of the most common application security risks and demonstrated experience in secure development practices required to mitigate those risks (e.g., OWASP Top 10).
• Hands-on experience in designing, implementing, and managing secure software delivery pipelines by integrating application security tooling (such as SAST, DAST and dependency vulnerability management) into CI/CD pipelines.
• Understanding of architecture and security concerns specific to web technologies and frameworks (e.g., secure password storage, encryption, security headers, content security policy, CSRF, OIDC, oAuth2, hash algorithms, one-time codes, password reset, rate limiting, security logging, etc), API security and identity and authorisation standards.
• AWS (preferable) or Azure security knowledge and experience
• Strong problem-solving and analytical skills, with the ability to translate data into valuable information for management.
• Strong cyber security GRC fundamentals and knowledge of cyber security principles and practices.
• Excellent understanding of industry-wide security standards and compliance frameworks such as ISO 27001, NIST 800-53, CSA, Essential 8, PCI DSS, COBIT 5, Mitre ATT&CK etc.
• Relevant industry certification(s) such as SANS certifications, CEH, OSCP, CompTIA Security+, and cloud platform certifications such as AWS Security Speciality, Microsoft Azure (highly desirable).
• Excellent communication and interpersonal skills, with the ability to effectively convey complex security concepts to technical and non-technical stakeholders

Benefits and Culture: People are at the core of everything we do. We recognise it is the contributions of our staff who make UNSW one of the best universities in Australia and the world. Our benefits include:

• Career development opportunities
• 17% Superannuation contributions and additional leave loading payments
• Additional 3 days of leave over Christmas period
• Discounts and entitlements (retail, education, fitness)

How to Apply: Make each day matter with a meaningful career at UNSW. Submit your CV & cover letter online outlining your interest and suitability for the role, via the application portal before May 2^nd at 11:30pm.
A copy of the Position Description can be on JOBS@UNSW.

Get in Touch: For queries regarding the recruitment process contact Lucy Gerondis, Talent Acquisition Consultant, UNSW

E: l.gerondis@unsw.edu.au (Applications sent via email will not be accepted, please apply online via the portal)

UNSW is committed to evolving a culture that embraces equity and supports a diverse and inclusive community where everyone can participate fairly, in a safe and respectful environment. We welcome candidates from all backgrounds and encourage applications from people of diverse gender, sexual orientation, cultural and linguistic backgrounds, Aboriginal and Torres Strait Islander background, people with disability and those with caring and family responsibilities. UNSW provides workplace adjustments for people with disability, and access to flexible work options for eligible staff.

The University reserves the right not to proceed with any appointment.