Senior Product Security Engineer - News CorpNews Corp is a global diversified media and information services company focused on creating and distributing authoritative and engaging content to consumers and businesses throughout the world.
The company comprises businesses across a range of media, including news and information services, book publishing, digital real estate services, cable network programming in Australia, and pay-TV distribution in Australia.
What You'll Do We are seeking an experienced and skilled Sr Product Security Engineer to join our team and spearhead the Product Security Life Cycle.
In this critical role, you will collaborate closely with Global product teams, develop threat models, coordinate penetration tests, and facilitate the resolution of security issues.
Your expertise will be crucial in developing and maintaining our application security pipeline automation while ensuring compliance with industry standards and best practices.
Responsibilities Establish and maintain strong relationships with product engineering teams, providing guidance on application security processes and objectives.Create comprehensive threat models and attack trees for our products, identifying potential vulnerabilities and areas for improvement.Manage the penetration testing process, working closely with third-party testers to generate detailed reports, recommend remediation strategies, and effectively communicate results to development teams and product owners.Ensure product risk levels align with business requirements and oversee the creation of risk memorandums with product owner sign-off.Collaborate with audit teams to guarantee compliance with relevant regulations and standards.Support GRC initiatives by conveying risk levels, enabling informed decisions on retesting schedules and priorities.Serve as a SME for product security, providing insights and recommendations to enhance overall security posture.Required Experience & Qualifications Degree in Technology, Computer Science/Engineering, Cybersecurity, a related field or equivalent experience.Strong background in Application or Product Security techniques and best practices.Strong Problem Solving and Troubleshooting skills within automation scripts.Possess excellent interpersonal and communication skills required to partner with other leaders across the global business to identify opportunities and risks.Proficiency in threat modelling and risk assessment methodologies.Solid understanding of Software Development principles.Experience with programming languages such as Bash, Python, Node, and TypeScript.
At least one programming language is a MUST.Knowledge of penetration testing processes and report generation.Expertise in leading security assessments within AWS environments.Familiarity with development tools (e.g., Git, Jenkins, Maven).Hands-on experience with security testing tools, including Snyk, Checkmarx, Nikto, and Nmap (optional).Proficiency in SAST, DAST, and SCA vulnerability triage and assessment.Proficiency in managing Web Application Firewall or BOT Manager within Akamai or any other commercial platform is highly desirable.Location: Melbourne, Australia
Working Arrangement: Hybrid | In office 3 days per week.
Equal Opportunity Employer All qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, protected veteran status, or disability status.
EEO/AA/M/F/Disabled/Vets
#J-18808-Ljbffr