May 12, 2023

Application Security Lead

  • REA Group
  • Richmond, Melbourne VIC
Full time Finance Information Technology

Job Description

We're REA

REA Group  is not your average digital business. From humble beginnings in a garage in Melbourne’s east in 1995, we have grown into a leading global digital business, specialising in property.
With bold and ambitious goals, we are changing the way the world experiences property. No matter where you're at on your property journey, we're here to help with every step - whether that's finding or financing your next home.

Our people are the key to our success. At the heart of everything we do, is a thriving culture centred around high performance and care. We are purpose driven and collaborative, which drives innovation and our ability to make a real impact. As such, we’re proud to be named in Australia’s “Top 5” Best Workplaces two years in a row, as well as being recognised as a Best Workplace for Women.

Where the team fits in

The Application Security Lead will lead the newly established Application Security team, which – alongside the Security Operations, Security Engineering, and Security Advisors teams – forms Group Security. The Group Security team work together to embed security throughout REA, empowering staff to make good risk decisions and equipping them with the tools to do so – a Cyber health service, not a police force.

Group Security works across REA to protect corporate infrastructure and cloud environments, drive the adoption of secure patterns and behaviours, and rapidly respond to security events to keep REA safe. We’re looking to level up our security capabilities and we’d love your help.

Our strategy is simple – leverage adoption to scale security. We are accomplishing this by ensuring REA systems and data are trustworthy, highly available, and resilient to cyber threats. And equally as important as the technology we build, we strive to inform staff and customers alike to make good security decisions.

What the role is all about

You will establish a stream of work to uplift security practices throughout the software development lifecycle, target improvements to existing software applications and systems, build capability and further the culture of software custodianship at REA, influencing and educating across the business. This work stream is part of a multi-year program. The objectives cover uplifting security controls in software systems, upskilling product delivery team members, and improving time-to-patch vulnerabilities across our products. You will use your experience in software development security practices and collaboration skills to adapt and build a plan as necessary to meet the objectives. Your success will be measured by your contributions (and your team’s contributions) to achieving these objectives.

You will be both an organiser and a practitioner. You will build relationships with leaders in the product delivery organisation and work with them to embed yourself (and later, your team members) for short (weeks-long) engagements in software delivery teams to resolve issues through pair programming and upskilling team members including establishing security champions.

You will use your capability building, influencing and community building skills to further the development of the security and custodianship culture at REA.

Over FY24, your team is expected to grow to include a further 2 team members, who will report to you. You will be responsible for growing this team and creating a high performance, high safety culture. You will support each person’s career progression, giving them high value performance and mentoring feedback. You will use your skills and experience to mentor more junior team members. You will have a great blend of technical and people skills and will apply those skills to help organize and plan the work for the team.

You will collaborate with delivery teams in the implementation of solutions using a variety of programming languages and cloud technologies.

The Lead supports the Application Security Squad in the following ways:

  • Providing technical team leadership for a team of highly capable engineers
  • Designing, building, testing and deploying changes to software to remediate security issues and integrate security tools, using a variety of technologies and platforms.
  • Helping define and manage roadmaps
  • Work with product delivery teams to embed security practices into their ways of working
  • Co-ordinating and planning the activities required to deliver team outcomes
  • Providing mentoring and guidance to all members of the team
  • Reporting on progress towards objectives and working to remove roadblocks to progress
  • Advocate for security practices within the developer community
  • Publicly celebrating the small and big successes of the squad

Who we’re looking for

  • Web technologies, common web frameworks, their vulnerabilities and mitigations,
  • Security within the software development lifecycle,
  • Tools for enabling security in applications, e.g. Tenable, Wiz, SonarQube,
  • Agile and continuous delivery methodologies and ways of working,
  • Product development,
  • Making trade-offs between risk, reward and prioritising improvements.
  • 8+ years of experience working in software development,
  • Team leadership,
  • Organising a stream of work, planning and executing against defined objectives,
  • Navigating complex organisational change challenges using systems and product thinking.

Dev Skills:

  • Specialist skills in two or more of our programming languages – Scala, Java, Ruby, TypeScript and JavaScript,
  • Familiarity with infrastructure as code and build tools like Terraform and Buildkite,
  • Specialist skills in modern software development techniques such as object orientation, test driven development, micro-services and continuous delivery,
  • Pair programming.

Other Skills

  • Excellent communication and interpersonal skills,
  • Understanding of cloud infrastructure especially AWS,
  • Relationship building,
  • Tertiary qualification in Computer Science or similar highly desirable,
  • Teaching / coaching and capability building,
  • Influencing,
  • Building community engagement across a software engineering cohort,
  • Able to communicate and collaborate effectively with business stakeholders,
  • Able to lead engineering teams in a collaborative team environment.

The REA experience

The physical, mental, emotional and financial health of our people is something we’ll never stop caring about. This is a place to learn and grow. We’re committed to your development – both professionally and personally. Your experience with us is something we take seriously.

We offer: 

  • A hybrid and flexible approach to working -  
  • Flexible parental leave offering for primary and secondary carers 
  • Programs to support mental, emotional, financial and physical health & wellbeing
  • Our Because We Care program offers employees volunteering leave, community grants, matched payroll giving and our Community Café donates 100% of revenue to charity.
  • Hack Days so you can bring your big ideas to life  
  • Performance recognition programs because hard work should never go unnoticed

Our commitment to Diversity, Equity, and Inclusion  

We are committed to providing a working environment that embraces and values diversity, equity and inclusion. We believe teams with diverse ideas and experiences are more creative, more effective and fuel disruptive thinking - be it cultural and ethnic backgrounds, gender identity, disability, age, sexual orientation, or any other identity or lived experience. We know diverse teams are critical to maintaining our success and driving new business opportunities. If you've got the skills, dedication and enthusiasm to learn but don't necessarily meet every single point on the job description, please still get in touch.

If you like the sound of us, then we think you should apply today. We're proud to be Circle Back Initiative Employer and we commit to respond to every applicant. While we're looking at your application, and preparing to come back to you with an update, why not get to know us a bit more through our various social channels?