Nov 08, 2022

Senior Application Security Engineer

  • REA Group
  • Richmond, Melbourne VIC
Full time

Job Description

We're REA

An Australian start-up success story we're quietly proud of.

From a garage in Melbourne to the global stage is an achievement we're humbled by. Our idea to put pictures of houses on the internet has blossomed since 1995, and we now have businesses across Australia, India and North America.

Our purpose is to change the way the world experiences property. No matter where you're at on your property journey, we're here to help on every step - whether that's buying, selling, renting or renovating.

Some of our brands include,,,, and Mortgage Choice.

We're proud to be named in Australia's "Top 5" Best Workplaces two years in a row. This recognition is a great proof point of our unique and special culture. A culture that is driven by our people, our values, and our commitment to making a difference in the community.

What we’re doing

With us, you’ll experience collaboration. You’ll be part of our Group Security tribe within the Technology and Data Group which is responsible for driving REA’s internal tooling, infrastructure, and making all delivery teams at REA more effective. We work on a wide range of technical products and solutions as required by other groups across the company, such as cloud deployment tools, CI/CD pipelines, networking, security, monitoring and deployment. We also consult to our many product delivery teams to help them bring their solutions to life.

As a Senior Application Security Engineer, you will be responsible for application security across the business and ensuring that teams follow software development lifecycle (SDLC), security best practices designing, improving, and maintaining our security services and products.  You’ll become an integral part of an agile team, providing your expertise of systems engineering & design, operational work practices, fault finding and incident management.  You will be expected to implement sustainable solutions in a collaborative and creative work environment to support our many lines of business.  You will use your skills and experience to mentor other systems and security engineers.  You’ll also be a part of the broader operations function and have other operational experts to learn from. While no two days are ever the same, you’ll be doing:

  • Help us implement and maintaining common application security tooling e.g. CI/CD integrations, SAST/DAST, WAF, API & Bot Protection
  • identify common Web and application problems shared by teams across REA, and design simple solutions
  • Work with the rest of the team to continuously improve the security tools and services we provide
  • Provide help and advice to users of those security tools and services.
  • Ensure the availability and performance of our services according to their agreed SLAs.
  • Mentor across the business on all aspects of Application security

Who we’re looking for

  • Curiosity – an ability to tinker with technology and keep learning.
  • A few years of experience working with Application Security products or services – we use Whitehat Sentinel, Sonarqube, GitHub, but similar experience is ok.
  • Working knowledge of web application security
  • Ability to identify security vulnerabilities in code
  • Experience implementing and maintaining common application security tooling e.g. CI/CD integrations, SAST/DAST, WAF, API & Bot Protection
  • Collaboration on product conceptualization for security by design
  • Outside-the-box thinking to anticipate possible threats
  • Comprehensive understanding of OWASP Top 10, CWE/SANS top 25 and similar application security methodologies
  • A few years of experience working with cloud services – we use Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, but similar experience is ok.
  • A few years of Linux system administration and troubleshooting skills.
  • Experience in reporting on cybersecurity risk and control effectiveness.
  • Good stakeholder management skills (internal and external).
  • Work with business to ensure that every step of the software development lifecycle (SDLC) follows security best practices.
  • Responsible for adhering to secure coding principles and aid in testing the application against security risks/parameters before release
  • Experience with configuration management, infrastructure automation and tooling.
  • An ability to work with others to reach a common solution.
  • Most of all a love for sharing knowledge and helping others.

It’s great if you know some of these things too, but otherwise you’ll be able to learn them with us:

  • Development or scripting skills (Python, JavaScript, TypeScript, Bash, etc.)
  • Experience with bug bounty programs.
  • Experience with Docker containers and clusters
  • Exposure to penetration testing
  • Experience working in a development team.
  • Experience working in an agile manner in a team.

But we don’t just look for someone based on their skills and expertise.  It’s our connection, acceptance and genuine care for each other that makes REA a great place to work. That means you also need to be:

  • Savvy minded and have curiosity to think a little left of field / outside the box
  • A strong and creative communicator
  • Friendly, approachable and have good relationship management skills
  • An avid contributor to our inclusive culture - we celebrate different perspectives and all play an active role in creating a sense of belonging

The REA experience

The physical, mental, emotional and financial health of our people is something we’ll never stop caring about. This is a place to learn and grow. We’re committed to your development – both professionally and personally. Your experience with us is something we take seriously.

We offer:

  • A flexible working environment, meaning we strike the balance of what you need and what works for the business (and yes, our leaders fully understand the benefits of working flexibly)
  • A hybrid approach to the future of work -
  • Generous and flexible parental leave offering for primary and secondary carers
  • Summer Fridays – time back to focus on your wellness every Friday afternoon from December through to March
  • Support for your mental and physical health and wellbeing via our ‘You Matter’ Program
  • Because We Care program which includes volunteer leave and community grants, to ensure you have the opportunity to give back to your community
  • Hack Days for you to bring so you can bring your big ideas to life in a supportive learning environment
  • An additional day of leave just for your birthday

Oh, and by the way:

At REA we value diversity and inclusion in all forms. Gender, religion, ethnicity, LBTGIQ+, neurodiversity and so much more. Research shows that while men apply to jobs when they meet an average of 60% of the criteria, women and other marginalized folks tend to only apply when they check every box. So if you've got the must-haves, dedication and enthusiasm to learn but don't necessarily meet every single point on the job description, please still get in touch. We'd love to have a chat and see if you could be a great fit.