Senior Application Security Engineer, Secure Product Development

The Information Technology (IT) team plays a key role in providing business enablement throughout ResMed. We are focused on application, infrastructure, and user productivity solutions, with innovation, efficiency, and security. Our goal is providing customer-oriented agile delivery, effective business partnership, and state-of-the-art technology solutions.

In your role as an Application Security Engineer, you are responsible to enable developers to build secure applications. Under limited direction of your management, you will operate with an agile mentality – delivering solutions quickly and improving upon design and implementation of existing solutions. You will collaborate with cloud security, security operations, and other teams to ensure secure application development across the enterprise.

This role will be a global role and is part of the Enterprise Security group, which is globally deployed.

Let’s talk about Responsibilities

A key role of the Application Security Engineer is to enable development teams to develop secure applications.

Specific tasks include (but are not limited to):

1. Operation and support of code scanning tools, e.g., CheckMarx, Invicti, and Wiz.
2. Supporting development teams to triage findings and enable self-service.
3. Ensuring code scanning tools integrate seamlessly into the current software development lifecycle with minimal friction, e.g. GitHub actions as a part of existing shared CICD workflows.
4. Oversee the design, implementation, and management of the infrastructure and tooling necessary to support all security aspects of continuous integration, continuous delivery, and continuous deployment (CI/CD) pipelines.
5. Collaborate with key stakeholders to identify opportunities for automation, process improvement, and tool optimization.
6. Research and implement new technologies to improve and grow secure development (e.g. applications, systems, outsourced services).
7. Maintain operational guidelines, diagrams, and documentation for secure development.
8. Work closely with the developer experience team to integrate security automation into the development process.

Let’s talk about Qualifications and Experience

Required:

1. Expertise in Securing Software Development Lifecycles.
2. Expertise in one or more high-level programming languages, e.g., Java, C#, Python, etc.
3. Expertise in application-level attacks and defenses, e.g., OWASP Top 10, SANS Top 25, etc.
4. Experience with AppSec tooling such as SAST, DAST, IAST, RASP, etc.
5. Experience working with DevOps, Agile, Scrum, Kanban methodologies.

Preferred:

1. Bachelor’s degree in computer science or a related field.
2. Minimum of 2 years of experience in application security, software development, or related field.
3. Security-related certification(s) such as CSSLP.
4. Experience with Infrastructure as Code and the use of Application Release Automation tools.
5. Experience as an AWS Dev/Sec/Ops Engineer developing continuous integration and continuous delivery pipelines (CI/CD).
6. Experience working in a regulated secured environment and understanding the security requirements (NIST, ISO, etc.).
7. Experience working with production incident management tools and processes to resolve enterprise-level issues.
8. Experience with AWS cloud services such as WAF, EC2, S3, Lambda, VPC, CloudWatch, CloudTrail, EKS, ECS, KMS, IAM, RDS.

Joining us is more than saying “yes” to making the world a healthier place. It’s discovering a career that’s challenging, supportive, and inspiring. Where a culture driven by excellence helps you not only meet your goals but also create new ones. We focus on creating a diverse and inclusive culture, encouraging individual expression in the workplace and thrive on the innovative ideas this generates. If this sounds like the workplace for you, apply now! We commit to respond to every applicant.