Careers at ASIC

Senior Application Security Engineer

Cyber Security

Location: Multiple locations
Classification: Executive Level 2
Work type: Permanent
Employment Status: Full-Time
Closing date: 24-Jun-2025

PD - Cyber - EL 2 - Senior Application Security Engineer.pdf (PDF, 233KB)
Position Description

At ASIC, you can be the change that ensures a fair, strong and efficient financial system for the benefit of all Australians. Contribute to delivering on ASIC's purpose, vision, and strategic priorities to help maintain the integrity of the financial system and protect consumers from harm.

 

ASIC's Cyber Security Group is seeking an experienced Senior Application Security Engineer to join their Application Security Engineering team to provide ongoing application security support and guidance across the organisation.

 

  • Sydney and Melbourne locations
  • Permanent Full-Time position
  • Salary from $147,074 to $175,323 (depending on experience) + 15.4 % superannuation
  • Applications will close at 11:59pm AEST, Tuesday 24 June 2025.

 

The team 

ASIC's Cyber Security Group delivers a broad range of services across the organisation which include security architecture and design, incident response, and cyber assurance. We leverage advanced security technologies with a growing emphasis on automation and analytics to help ASIC become a best-in-class regulator for Australia's financial markets.

 

The role

As a Senior Application Security Engineer at ASIC, you will help to lead product and application security initiatives and embedding robust security practices across the software development & deployment lifecycle. Additionally, you will support the cyber assurance function and play a key role in delivering the Cyber Uplift Program.

More specifically, you will: 

  • Collaborate with application development teams to design secure solutions and embed security throughout the software development lifecycle.
  • Lead threat modelling and architecture review sessions to identify and mitigate security risks during design and development phases.
  • Support Shift-Left initiatives by integrating security early in the SDLC, with hands-on experience in SAST and IAST tools.
  • Manage and coordinate penetration testing activities to validate application security posture.
  • Assess vulnerabilities and cyber risks in third-party software and components, maintaining accurate and current SBOMs.
  • Advocate for DevSecOps principles and promote secure SDLC practices across development, support, and engineering teams.
  • Partner with Cyber Security leadership to enhance tools, processes, culture, and overall service delivery.

 

About you

The ideal candidate for the Senior Application Security Engineer role at ASIC will be a seasoned security engineering professional with a strong technical foundation and a collaborative mindset. They will bring a proactive approach to embedding security throughout the software development lifecycle and demonstrate leadership in driving secure engineering practices across the organisation.

In addition, you will have:

  • A bachelor's degree in computer science or related field and/ or 5+ years of Software Development experience together with demonstrated experience as an application security engineer or equivalent.
  • Demonstrated knowledge & experience in: 
  • Secure coding practices to avoid common security vulnerabilities such as those in the OWASP Top Ten: SQLi, XSS, and CSRF.
  • Security testing frameworks and platforms such as OWASP ASVS and Snyk.
  • Securing CI/CD automation pipelines.
  • Developing threat models and facilitating threat modelling workshops with developers and solution architects.
  • Experience in at least one of the following programming and scripting languages - Java, .Net, Python, and JavaScript.
  • Demonstrable skills in assessing, analysing, and resolving complex client and stakeholder related queries, utilising all relevant sources of information, media and stakeholder channels, data, reporting, systems and/or databases. 
  • Formal security certifications such as Certified Secure Software Lifecycle Professional (CSSLP), Certified Information Systems Security Professional (CISSP), or related secure coding or offensive security certifications are desired but not essential.

 

Click ‘apply' to start your application.

Applications will close at 11:59pm AEST, Tuesday 24 June 2025.

 

About ASIC

ASIC's remit is one of the broadest of regulators across the world. ASIC regulates corporations, markets, financial services and consumer credit and monitors and promotes market integrity and consumer protection in the Australian financial system. Through our enforcement work, we hold to account those who contravene the law, working to achieve strong outcomes that address the greatest consumer and investor harms.

ASIC is committed to a providing a diverse and inclusive workplace where the very best talent in Australia chooses to work. Indigenous Australians are encouraged to apply as well as applicants from all backgrounds and with different abilities.

We offer a range of employee benefits including:

  • Attractive superannuation
  • Additional leave entitlements
  • 50/50 hybrid work-from home model
  • Flexible work arrangements
  • Assistance for study and professional development

Click here to view ASIC's salary and benefits guide.

To read more about ASIC, you can visit our website or review our Corporate Plan.

To work with us, you need to be an Australian citizen and be prepared to complete an ASIC Suitability and Baseline Assessment.

The Aboriginal FlagThe Torres Strait Islander FlagLGBTQI Flag

At ASIC, we're proud of the difference we make to Australia's economic reputation and wellbeing.

Our values – accountability, professionalism and teamwork – underpin everything we do.

APT logo:Accountability Professionalism Teamwork

Powered by Springboard
View cookie preferences Please click here to view your cookie settings preferences for this site.