The University of New South Wales (UNSW Sydney)UNSW Kensington Campus, Sydney, NSWSimilar Jobs
Closing: 14-Jan-2025
Job Summary
Dates
Opening Date: 16-Dec-2024
Closing Date: 14-Jan-2025
Location
UNSW Kensington Campus, Sydney, NSW
Salary
Starting salary $143,007 plus 17% superannuation and leave loading
Responsibilities
Lead the development and implementation of application security best practice processes that ensure security throughout the application lifecycle.
Provide expert guidance and leadership on secure development practices and technologies to IT teams and stakeholders across UNSW to embed security practices.
Collaborate with the Cyber Security team to establish and advance sustainable secure coding processes, platforms, tools, monitoring, and automation including hands-on set-up and management of application security tooling.
Lead a capability uplift and embed a culture of security across application teams through the development of standards, guidelines and identifying team needs and opportunities.
Develop and deliver application development training with respect to security and guide the team autonomously on department strategy and approach.
Mentor and support application development team to develop technical skills and ensure security compliance.
Support the independent audit of cyber security controls on behalf of the University, including statutory audits completed by the Audit Office of NSW.
Continually stay up to date and aware of legal, regulatory compliance and contractual obligations that are relevant to the University’s management of cyber security risk.
Promote awareness of the University’s internal and external environment for emerging cyber security threats.
Develop and improve metrics that drive security best practice and outcomes.
Align with and actively demonstrate the UNSW Values in Action: Our Behaviours and the UNSW Code of Conduct.
Cooperate with all health and safety policies and procedures of the university and take all reasonable care to ensure that your actions or omissions do not impact on the health and safety of yourself or others.
Requirements
Preferably 10+ years work experience in software engineering or related roles, at least 2 of which within a similar role focused on application security.
In-depth understanding of the most common application security risks and demonstrated experience in secure development practices required to mitigate those risks (e.g., OWASP Top 10).
Hands-on experience in designing, implementing, and managing secure software delivery pipelines by integrating application security tooling (such as SAST, DAST and dependency vulnerability management) into CI/CD pipelines.
Understanding of architecture and security concerns specific to web technologies and frameworks (e.g., secure password storage, encryption, security headers, content security policy, CSRF, OIDC, oAuth2, hash algorithms, one-time codes, password reset, rate limiting, security logging, etc), API security and identity and authorisation standards.
AWS and Azure security knowledge and experience desirable.
Strong problem-solving and analytical skills, with the ability to translate data into valuable information for management.
Strong cyber security GRC fundamentals and knowledge of cyber security principles and practices.
Excellent understanding of industry-wide security standards and compliance frameworks such as ISO 27001, NIST 800-53, CSA, Essential 8, PCI DSS, COBIT 5, Mitre ATT&CK etc.
Relevant industry certification(s) such as SANS certifications, CEH, OSCP, CompTIA Security+, and cloud platform certification.
Benefits
Flexible hybrid working
Additional 3 days of leave over the Christmas Period
Access to lifelong learning and career development
Progressive HR practices
Discounts and entitlements
Notes
The University reserves the right not to proceed with any appointment.