Application Security Consultant

Your new team:

The Application Security team, a part of the wider Cyber Security team, partners with our engineering teams to enable DevSecOps by integrating security into the software development lifecycle through the following services:

• Tooling and Automation: Embedding security tools and automation into the SDLC (such as Snyk and GitHub Advanced Security) to allow developers to self-identify security issues early in the development cycle.
• Training: Delivering training on secure development practices to engineering teams via our e-learning platform, AppSec Champions academy, brown-bag sessions, and tailored in-person workshops.
• Consulting and code review: Providing specialist code review and practical security advice to development teams, with a focus on ensuring that secure development practices are in place from day one, developing patterns and practices, and helping solve development-time security challenges

 Your impact and contribution:

As the Application Security Consultant, you will work across development and automation, while supporting the wider Cyber Attack teams.

You will deliver Application Security services including training developers, supporting our AppSec Champions program, and developing and governing application security tooling. 

You will also:

• Provide advice on code security in the software development lifecycle.
• Develop and/or conduct training and support guides on best practice secure coding for application development.
• Support static, dynamic and other security analysis tools, and help to identify and triage findings from these tools.
• Perform manual code review where required.
• Experiment with, develop, maintain, and/or operate tools for application security automation such as fuzzers, code scanners or other tools with a focus on AI.

We are interested in people who: 

This role is for someone with a background in software development with a strong understanding of cyber security (or vice-versa). 

You will bring:

• Development experience working across one of either Java, Python or C# - essential.
• Experience across CI/CD/DevSecOps - essential.
• Offer expert knowledge across best practice software security including OWASP Top 10 or ASVS frameworks - highly regarded.
• Understanding or experience in AI/LLM development – highly regarded.
• Experience in using or operating application security tools such as Snyk, CodeQL and Burp Suite – highly regarded.
• Support reporting and governance activities, including delivery of metrics, development of standards and procedures, and liaise with risk management colleagues.

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.