Senior Application Security Engineer

Ready to shape the future of data? Matillion is the intelligent data integration platform. We're changing how the world works with data – and we need driven, curious people who think big and move fast.  We built the Data Productivity Cloud to supercharge data productivity, and now we’re shaping the future of data engineering with Maia – our AI-powered virtual data engineers that help teams design, build, and manage data pipelines at unmatched speed. Join #TeamGreen, where the mission comes first, collaboration drives us forward, and everyone pulls in the same direction to make a dent in the universe bigger than ourselves. Role Purpose Matillion is built around small development teams utilising a modern, cloud-based technology stack to deliver products. The AppSec Engineer will work in an engineering capacity to product and engineering teams to ensure security is baked into the product from the design phase creating a SecDevOps workflow. What you will be doing Design Establish and lead security champions programme across the development squads Build functional and nonfunctional requirements for the application in conjunction with the product team Input abuse case stories into the product backlog Evangelise security across the product team, ensuring security stories are prioritised against feature goals Assess SDLC security gap risks and propose remedies Consult Instruct and guide developers on how to conduct Threat Modelling during application Design Act as the single point of contact for security concerns arising from the development team providing advice on how to solve technical software issues Lead the pentesting cadence around the core application set by conducting hacking exercises Provide application code reviews against known development frameworks such as OWASP ASVS Provide input into the design of functional and non-functional security controls such as customer authentication workflows Run Security Champion sessions to keep developers aware of security developments Engineer Establish security into the CICD pipeline such as SAST/IAST/DAST Automate and build nifty security tools to test Matillion applications  Integrate testing, build failures and outputs to the development team to ensure passage to production is secure Create security tests for code and assist developers in building security unit testing Support Responsive support to the development teams Analysis of logs to identify issues and provide solutions Innovation Research projects, including prototyping, to explore future opportunities Investigate new technologies Optimise the infrastructure deployment process through use of automation, in-house and open source solutions Self-Development and Growth Develop new skills by working with other members of the team Work with the Team Lead to identify training goals Lead and partake in technical discussions within the team Actively identify and complete opportunities for self-training and external training Drive the team’s process of continual improvement What we are looking for Technical / Role Specific  Essential A passion and drive to succeed in Application Security Understanding of Software Development Life Cycle Desirable Security professional at heart borne from a software engineering background Experience of working with the OWASP ASVS framework Experience in Agile delivery environments Greenfield experience setting up security technologies from scratch Outgoing and able to build relationships with key stakeholders Personal Capabilities Required, e.g. skills, attitude, strengths Can do attitude, willing to take on a wide range of security issues Keeps up to date with security developments Keen to engage with the security community on a range of topics Fast learner