Senior Application Security Engineer

Join to apply for the
Senior Application Security Engineer
role at
Airwallex
Overview
Airwallex is the only unified payments and financial platform for global businesses. Powered by our proprietary infrastructure and software, we empower over 150,000 businesses worldwide with integrated solutions to manage accounts, payments, spend management, treasury, and embedded finance at a global scale. Proudly founded in Melbourne, Airwallex has a team of over 1,800 people across 26 offices, valued at US$6.2 billion and backed by leading investors.
Your role
As a Senior Application Security Engineer, you will sit within our Security team and work closely with all product and engineering teams across the business. This role will be a critical part of defending Airwallex and our 150,000 customers by building our application security program and making our platform as secure as possible. Your day‐to‐day work will ensure that the Product and Engineering teams have the confidence to build and release products quickly without compromising security. You will actively identify vulnerabilities, partner with engineers to prevent vulnerabilities, and engage with the broader business on security best practices.
What You'll Be Doing
Review the Airwallex platform and products' code to identify security issues and help engineers find more secure solutions.
Proactively work with product and engineering teams to assess risk and provide policy guidance on secure code review and best practices.
Be the advocate for security architecture best practices across the Product and Engineering organisation, including secure configuration and deployment of new infrastructure and services.
Educate the engineering and product teams on what secure code and design looks like and why it is important.
Continually test our applications, both internally and externally.
Keep up to date with the latest threats and attack techniques and how they apply to our platform.
Coordinate and manage third party application security reviews and penetration tests.
Set standards for identity and access management across the platform.
Review our use of cloud providers, identify risk areas, and help mitigate them.
What You'll Bring
A passion for solving the complex challenges of high-growth startups.
Experience with cloud platforms (we use GCP).
Self motivation and drive to learn new skills, or dive deeper into existing skills.
In-depth understanding of common attacker tools and techniques, and how they can be exploited by insecure development practices.
Experience with vulnerability assessment tools.
Strong communication skills with the ability to explain technical security and software concepts to a non-technical audience.
Experience with Kotlin, Typescript, NodeJS, and Kubernetes is a plus.
Any additional training, security certifications, or history of responsible disclosure is a big plus, such as GIAC certifications, OSCP, or a bug bounty program.
Published articles, journals, or blogs related to cybersecurity.
Equal opportunity
Airwallex is proud to be an equal opportunity employer. We value diversity and hire based on merit, qualifications, competence and talent. We do not discriminate on color, religion, race, national origin, sexual orientation, ancestry, citizenship, sex, marital or family status, disability, gender, or any other legally protected status. If you require accommodation, please let us know.
Airwallex does not accept unsolicited resumes from search firms/recruiters. If you are approached by someone claiming to represent Airwallex, please verify with our team.
Job information
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Information Technology
#J-18808-Ljbffr