Application Security Engineer

Join our growing team of experienced developers and reliable designers here at C9!

About Us

Established in 2007, C9 has grown from Australia throughout multiple locations and has serviced local and international clients. Our mission is to provide cutting-edge digital solutions that will allow businesses to thrive. C9 provides software and web development services in person and remotely through our robust cloud infrastructure.

About You

We are seeking an Application Security Engineer who can help us secure our clients web applications in a consulting/casual arrangement. Our top choice would be someone experienced with a variety of security tools and technologies and is able to collaborate with our development team to elevate our defenses and undertake cloud infrastructure configuration to alleviate risks.

If you have a passion for security and are looking for an opportunity to make an impact, we want to hear from you!

About the Role

– Be the go-to person for providing security advise and strategies.
– Explain in detail common attack vectors such as buffer overflows, SQL injection, CSRF, XSS, to both software developers and management.
– Promote and explain OWASP Application Security Verification Standard (ASVS) as an internal standard.
– Conduct initial security assessments of software products/systems, to develop and implement security measures.
– Collaborate with internal and external stakeholders to understand security needs and develop risk analysis.
– Create security guidance documents and architecture diagrams with incident-related documentation.
– Regularly audit application layer vulnerabilities to identify and solve security issues.
– Ensure compliance with security standards in system development, support, assessment, and configuration management.
– Demonstrate expertise in secure software development practices, including threat modeling and secure coding.
– Integrate security automation into assessments and CI/CD pipelines.
– Perform ad-hoc penetration tests to detect & mitigate threats and develop remediation plans.
– Research security vulnerabilities and best practices and participate in product security research.
– Hands on configuration of cloud infrastructure and application security settings

Your Primary Responsibilities

– We are specifically looking for those that can assess a clients cloud hosted infrastructure and security (could be linux or windows), make and implement recommendations based on their assessment.
– Utilize and implement best practice cloud provider offerings and third party tools where applicable and within the clients budgetary requirements in the areas of:
> Web Application Firewall and Network Security Hardening (Prevention)
> Network, Malware and Vulnerability scanning/logging (Detection & Monitoring)
– Recommendations on Application Hardening and changes based on vulnerability scans
> Database & Virtual Machine backup and recovery (Recovery)
– Assistance with compliance documents for ISO certifications
– Assistance with any detection/breach initial assessment reporting
– This role will purely be for application hosting and its associated infrastructure and not for organizational IT networks

What you need to have

– 4+ years of relevant experience in application security engineering
– Skilled in web app penetration testing, vulnerability checks, secure coding, and code analysis
– Solid grasp of the software development life cycle
– Hands-on experience in incident response and threat detection
– Strong knowledge of security tech like Web Security, Cloud services, Identity/Access Management, Web Application Firewalls, and Intrusion Detection
– Expert in creating automated security tests and integrating vulnerability scanners into software pipelines
– Familiar with architectural patterns like REST
– Ability to work with others effectively, with 3rd parties and internal teams promoting knowledge sharing within and across teams.
– Highly self-motivated and directed, with keen attention to detail.
– Expert level planning, organization and coordination skills
– Solid ability to properly manage time and priorities
– Leadership, team spirit, creativity, rigor and quality

You’ll be a top pick if you are

– Proficient in tools like Stash, Git, and Jenkins
– AWS Certified
– Azure Certified
– GCP Certified
– Certified in web or application security programs/have other relevant certification or studies

Perks for You

– Work at the convenience of your home or anywhere remotely!
– Be part of a dynamic and talented team of professionals
– Competitive salary package to reward your skills and contributions
– Enjoy working in a steady schedule within AEST business hours

** This opportunity is suitable for either casual or consultancy role**