To build great companies, you need great people. That's what inspired us to create a suite of highly configurable HR technology that makes recruiting, onboarding and retaining people simple. At PageUp Group, we're on a mission to change lives with outstanding hiring experiences. From entrepreneurial beginnings in Melbourne, we quickly expanded and are proud to now have established locations in Sydney, United States, London, the Philippines, Dublin and Paris. Our platforms are used by 5.3 million users globally.
Our Security team is dedicated to secure and constantly improve the security posture of our platform and products. With a focus on creating a risk aware culture, our team is constantly pushing the envelope to ensure that our platform remains a leading solution in the industry.
THE ROLE
You'll be joining a global company with diverse technology and a talented team to help secure and constantly improve the security posture of our software solution, which is used by hundreds of the world's largest organisations every day. We have a permanent full-time opportunity to join our team in Melbourne.
Your main focus will be to lead and uplift our Product Security practices. Additionally, you'll drive automation and DevSecOps approaches throughout the security products used in the platform. You would be working with a security team that has Security Operations, Compliance, Code Development and Platform Security strengths.
KEY RESPONSIBILITIES
Contributing to the continuous improvement and uplift of PageUp's Security Products that detect, monitor and respond to emerging security events in PageUp.
Serve as a trusted advisor and collaborator to engineering and product teams, providing guidance on security best practices and helping them to understand the importance of security in the software development process
Implement and manage the automation of security testing such as SCA/SAST/CSPM using industry-leading tooling.
Perform vulnerability assessment and risk analysis. Develop, implement, and communicate vulnerability mitigation strategies to development teams.
Lead the application and cloud security design, architecture, threat modelling and gap assessment activities.
Implement and Manage security controls such as Web Application Firewalls, Cloud workload protection, API Security tools, Data loss prevention etc.
Identify and investigate security incidents and risks. Perform post-incident review of security incidents in consultation with various stakeholder groups and external providers.
Work with external vendors to conduct penetration testing and bug bounty programs. Manage risk reporting and mitigation outcomes with engineering teams.
Lead and champion security awareness and training programs for software developers.
Contribute to the development of security policies and processes. Support ISO27001 compliance activities.
Review & respond to internal cyber security requests and RFP questionnaires. Work with appropriate internal groups to provide accurate & timely responses to ensure security best practices are followed.
ABOUT YOU
At least ten years of experience in application, cloud and infrastructure security.
Deep understanding of OWASP controls, methodologies, and guidelines and how to use them in the practical world.
Experience in implementing, managing and embedding application security testing tools in CI/CD pipelines.
Familiarity with technology/tools such as Kubernetes, Docker, AWS, Github, etc.
Working knowledge of one or more scripting languages (python, json, yaml, bash, powershell, etc.)
Good understanding of more than one of the following: MITRE ATT&CK, ISO 27001, NIST frameworks.
Ability to work autonomously and collaborate with stakeholders at all levels.
Demonstrated leadership skills and ability to mentor security team members.
And of course, the perks
There's something for everyone in the benefits we offer:
an extra day of leave to do something awesome (no really - it's called an Awesome Day),
generous paid parental leave for primary and secondary carers,
flexible hybrid working,
wellbeing allowance,
home monitor purchasing scheme,
employee assistance program,
volunteer leave.
Our global offices also mean those who dream of travel have the opportunity to take their career to new places.
Equal Opportunity at PageUp
We are an equal-opportunity employer and value diversity, equality, inclusion, and belonging at our company. We do not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or genetic information.
At PageUp Group, we encourage people of all backgrounds and abilities to apply. Building diverse teams is the foundation of our success, so if you think you have what it takes, but don't necessarily meet every single criteria on the job description, please still reach out. We'd love to have a chat and see how you could add value to the team.
#J-18808-Ljbffr
