Senior Product Security Engineer [T500-20534]

As a Senior Product Security Engineer, you will collaborate with delivery teams in the implementation of solutions using a variety of programming languages and cloud technologies to target improvements to existing software applications and systems, build capability and further the culture of software custodianship at REA, influencing and educating across the business.

You will also work on implementing and maintaining security tooling in cloud deployments, CI/CD pipelines, networking and monitoring, to support business objectives. You will use your experience in software development security practices and collaboration skills to adapt and build a plan as necessary to meet security objectives.

• Assist in development of security processes and automated tooling that prevent classes of security issues
• Implementing, operating, and supporting security tooling, services, platforms and patterns to support IT delivery teams.
• Support and consult with product and development teams for application security, including threat modelling and code reviews.
• Designing, building, testing and deploying changes to software to remediate security issues and integrate security tools, using a variety of technologies and platforms.
• Advocate for security practices within the developer and other stakeholder communities.
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Navigating complex organisational change challenges using systems and product thinking.
• Making trade-offs between risk, reward and prioritising improvements
• Work directly with product delivery teams to embed security practices into their ways of working

We are committed to providing a working environment that embraces and values diversity, equity and inclusion. We believe teams with diverse ideas and experiences are more creative, more effective and fuel disruptive thinking - be it cultural and ethnic backgrounds, gender identity, disability, age, sexual orientation, or any other identity or lived experience. We know diverse teams are critical to maintaining our success and driving new business opportunities. If you've got the skills, dedication and enthusiasm to learn but don't necessarily meet every single point on the job description, please still get in touch.

• Able to communicate and collaborate effectively with business stakeholders.
• Technology & software engineering principles and best practices.
• Experience with DDoS, WAF or anti-bot protection technologies
• Understanding of cloud infrastructure and technologies.
• Tertiary qualification in Computer Science or similar highly desirable.
• Web technologies, common web frameworks, their vulnerabilities and mitigations.
• Familiarity with infrastructure as code and build tools like Terraform and Buildkite.
• Experience implementing common application security tooling for CI/CD integrations (such as SAST/DAST etc.) in build pipelines
• Skills in two or more of our programming languages – such as Java, Python, TypeScript, Kotlin and/or JavaScript.
• At least 8+ years of experience working in application security and software development.
• Skills in modern software development techniques such as object orientation, test driven development, micro-services, pair programming and continuous delivery.
• Excellent communication and interpersonal skills.
• Demonstrated growth mindset, work productively in a fast paced & agile environment.
• Security thinking within the DevSecOps software development lifecycle.
• Experience with Application security frameworks such OWASP Top 10, ASVS, NIST

• Flexible leave options including parental leave, family care leave and celebration leave.
• A hybrid and flexible approach to working.
• Insurances for you and your immediate family members.
• Meals provided on site in our office.
• Programs to support mental, emotional, financial and physical health & wellbeing.
• Transport options to help you get to and from work, including home pick-up and drop-off.
• Continuous learning and development opportunities to further your technical expertise.