Application Security Engineer

TAL Tailor your cover to suit your needs. Life, Income, TPD, Critical Illness. Get a Quote for flexible insurance products built by you, for you. View all jobs at TAL From the millions of Australians we protect, to those that make it happen every day at TAL, people really are what we're all about.We want to grow with you. Achieve with you. And support you to do your best work. That's why we're focused on developing leadership, promoting diversity, rewarding excellence and retaining great talent.We're always looking for people who want to go further with us. People who do what's right, aim high, and work smart.Why not see where we can go?Job DescriptionWe are investing heavily in the future of our organisation, our technology and, most importantly, our teams. At TAL you will be part of the Cyber Security team, which looks after the end-to-end security.We are seeking an experienced Application Security Engineer to enhance our security posture by integrating security practices into our software development lifecycle. The ideal candidate will collaborate closely with product development teams to identify, analyse, and mitigate security vulnerabilities in our applications and services.As an Application Security Engineer at TAL, you will be responsible for ensuring the security of our applications by implementing and maintaining robust security measures, and ensure applications are onboarded to Application Security tools and continuous integration of Application Security plug-ins in CI/CD pipeline.You will work closely with development teams to identify, mitigate and risk assess security vulnerabilities throughout the software development lifecycle. You will also foster security awareness and security culture, providing security training to development teams.You will collaborate with Business, Risk and Cyber and other stakeholders to understand business requirements and translate them into technical solutions while improving application security and compliance of the products.Key Accountabilities:• Security Guidance: Drive Application Security strategy across Enterprise and provide timely support and education to development teams on application security best practices, including secure coding techniques and the use of security tools.• Security Integration: Work with product development teams to design and implement secure solutions, ensuring adherence to secure coding practices throughout the software development lifecycle (SDLC), onboard applications to application security tools and integrate Application Security plug-ins with CI/CD pipeline so the security issues areidentified during the coding stage.• Vulnerability Management : Identify, analyse, and remediate vulnerabilities identified through Application Security tools, regular security assessments, penetration testing, and code reviews.• Threat Modelling: Lead application threat modelling sessions and application architecture reviews to proactively identify and address security threats and conduct security assessments on applications to identify and remediate vulnerabilities.• Application Security Tools Management: Evaluate, recommend, and manage Application Security tools and technologies including related policies and procedures that enhance application security, including static and dynamic analysis tools. Execute planned and ad-hoc security scans of software applications and interpret results for development teams.• Documentation and Reporting: Maintain comprehensive documentation of application security processes and controls, security vulnerabilities, risk assessments, and remediation plans. Prepare security metrics and reports for stakeholders.• Collaboration: Collaborate with product development teams, Cyber and other stakeholder for incident response , threat detection, and forensics teams to address security incidents and improve overall security posture.• Training and Awareness: Develop and deliver security training programs for developers and other stakeholders to foster a security-first culture.• Organisation Knowledge: Ascertain a holistic understanding of TAL's systems, products, applications, development workloads and lifecycles as well as current TAL policies, standards and processes.• Vendor Management: Work with vendors to tailor application security tools to fit TAL workloads and improve policies and processes currently in place.• Development: Ensure required training and development is undertaken in a timely manner and keep up to date with the latest industry trends in cyber security including what technologies and controls may be the best fit for certain solution requirements with an emphasis on security.QualificationsAdditional InformationAt TAL we value diversity in all its forms and are committed to fostering an inclusive and equitable culture for all our people. We encourage Aboriginal and Torres Strait Islander people, individuals from all backgrounds, including those with caring responsibilities, people living with disability, and individuals from the CALD and LGBTQI+ communities to apply. Even if you don't check every box in the criteria above, we encourage you to apply today or get in touch with ushere. To provide you with the best experience, we can accommodate you at any stage of the recruitment process. Simply inform our Recruitment team at any time.TAL is recognised by the Workplace Gender Equality Agency as an Employer of Choice. We are proud to be a member of Diversity Council Australia and the Australian Network on Disability. For information on our reconciliation journey, take a look at ourInnovate Reconciliation Action Plan. We acknowledge the Traditional Custodians of the Land in which our Head Office is based, the land of the Gadigal people of the Eora Nation, and recognise their deep connections to the land, sea, and culture. We extend this acknowledgment to the many Traditional Lands that we operate across and pay our respects to Elders past, present, and emerging.#LI-HybridEveryone at TAL has a responsibility to do the right thing and is accountable for the way they conduct themselves. Our expectations are that you follow the principles set out in our Code of Conduct when you come to work every day. Risk management is everyone's responsibility.If you are already a TAL employee please apply via the SmartRecruiters button in Workday and navigate to the Employee Portal. This is important to ensure that your application is recorded accurately.Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
#J-18808-Ljbffr