8+ years in Application Security / Secure Code Review (hands-on).
Demonstrated experience with manual code review across at least two of: Java/Kotlin, .NET/C#, JavaScript/TypeScript (Node/React), Python, Go.
Strong knowledge of OWASP Top 10, OWASP ASVS, Threat Modeling, and secure design principles.
Hands-on with SAST/DAST/SCA tools (e.g., SonarQube, Checkmarx, Fortify, Semgrep, Burp Suite, ZAP, Snyk, Dependency-Check, Trivy).
Experience embedding security checks into CI/CD pipelines (Azure DevOps, GitHub Actions, GitLab CI, Jenkins).
Ability to produce developer-ready remediation guidance \& code snippets.
Experience in cloud security (Azure/AWS)—identity, secrets, storage, API security.
Secure coding expertise (input validation, output encoding, authN/authZ, crypto, logging).
Threat modeling \& architectural review.
Practical experience handling false positives and risk-based prioritization.
Strong written communication—clear reports, diagrams, and remediation steps.
Location
Brisbane
Job Function
IT INFRASTRUCTURE SERVICES
Role
Engineer
Job Id
385362
Desired Skills
Cloud Security Management \| Java