Senior Application Security Engineer

Ready to shape the future of data

Matillion is the intelligent data integration platform.

We're changing how the world works with data and we need driven, curious people who think big and move fast.

We built the Data Productivity Cloud to supercharge data productivity, and now we're shaping the future of data engineering with Maia our AI-powered virtual data engineers that help teams design, build, and manage data pipelines at unmatched speed.

Join #TeamGreen, where the mission comes first, collaboration drives us forward, and everyone pulls in the same direction to make a dent in the universe bigger than ourselves.

Role Purpose

Matillion is built around small development teams utilising a modern, cloud-based technology stack to deliver products. The AppSec Engineer will work in an engineering capacity to product and engineering teams to ensure security is baked into the product from the design phase creating a SecDevOps workflow.

What you will be doing

Design

Establish and lead security champions programme across the development squads

Build functional and nonfunctional requirements for the application in conjunction with the product team

Input abuse case stories into the product backlog

Evangelise security across the product team, ensuring security stories are prioritised against feature goals

Assess SDLC security gap risks and propose remedies

Consult

Instruct and guide developers on how to conduct Threat Modelling during application Design

Act as the single point of contact for security concerns arising from the development team providing advice on how to solve technical software issues

Lead the pentesting cadence around the core application set by conducting hacking exercises

Provide application code reviews against known development frameworks such as OWASP ASVS

Provide input into the design of functional and non-functional security controls such as customer authentication workflows

Run Security Champion sessions to keep developers aware of security developments

Engineer

Establish security into the CICD pipeline such as SAST/IAST/DAST

Automate and build nifty security tools to test Matillion applications

Integrate testing, build failures and outputs to the development team to ensure passage to production is secure

Create security tests for code and assist developers in building security unit testing

Support

Responsive support to the development teams

Analysis of logs to identify issues and provide solutions

Innovation

Research projects, including prototyping, to explore future opportunities

Investigate new technologies

Optimise the infrastructure deployment process through use of automation, in-house and open source solutions

Self-Development and Growth

Develop new skills by working with other members of the team

Work with the Team Lead to identify training goals

Lead and partake in technical discussions within the team

Actively identify and complete opportunities for self-training and external training

Drive the team's process of continual improvement

What we are looking for

Technical / Role Specific

Essential

A passion and drive to succeed in Application Security

Understanding of Software Development Life Cycle

Desirable

Security professional at heart borne froma software engineering background

Experience of working with the OWASP ASVS framework

Experience in Agile delivery environments

Greenfield experience setting up security technologies from scratch

Outgoing and able to build relationships with key stakeholders

Personal Capabilities Required, e.g. skills, attitude, strengths

Can do attitude, willing to take on a wide range of security issues

Keeps up to date with security developments

Keen to engage with the security community on a range of topics

Fast learner