Security Analyst

Do you have a passion for application security and working on one of the most important security challenges of current software development? We are looking for a Security Analyst with experience of using static analyzers. As a Security Analyst, you will work collaboratively with other engineers in the Security Tools engineering team to extend and support an in-house static application security testing tool. We value software analysts with initiative and agency who have a passion to learn, build and deploy production-quality application security software.

About the role

In this role of a Security Analyst you will be conducting and documenting a highly complex information security risk assessments, developing and implementing security processes. As a member of the Software Assurance central services team you will be responsible for the configuration and deployment of SAST tools, as well as reviewing and reporting vulnerability reports issued by SAST and SCA tooling. Upon finding vulnerabilities you will be required to deep dive into each of them individually, performing further analysis, in order to avoid false positives and ensure high accuracy of findings.

You will be responsible for planning, developing processes, documenting them while interacting with a variety of teams across our Software Assurance organisation, train staff, and be the go-to person for such security processes. You foster the collaborative atmosphere to enable buy-in into security processes and cross-team collaboration. You are ambitious, yet humble – you realise there are always opportunities for improvement, you take on feedback from team members and introspect to raise the bar for yourself and your organization. You are comfortable with ambiguity. Your responsibilities also include contributing to the design, implementation, integration and testing of analysis support in the tool for a variety of languages including C/C++, Objective-C, Java, Python, and Go.

This position will require 100% onsite work in our office in North Ryde.

What You'll Bring

• Bachelor's Degree in Computer Science, Software Engineering or related disciplines

• Good understanding of application security, CVE classification system (Common Vulnerabilities and Exposures) and OWASP top 10

• Experience in program analysis, compilers, or web application security

• Have worked and understand report outputs through SAST and SCA tooling.

• Ability to review vulnerabilities in open-source software written in Java and/or GoLang, C/C++, Python.

• Foundational skills in Python programming

• Familiar with SCM/software version control tools (e.g., Git)

• A strong interest in application security, willingness to learn and seek out information to solve challenging problems is essential

• Eligibility to work in Australia without sponsorship is essential

• Ability to work as part of a team as well as independently

Nice to Have

• Prior experience in a software development role

• Knowledge and experience of security testing tools

• DevSecOps and/or CI/CD experience

• Automation experience using Python

• Experience working with geographically distributed teams

What We'll Give You

• An organization filled with smart, enthusiastic, and supportive colleagues

• A team of very skilled and diverse personnel across the globe

• The resources of a large, global operation while still having the start-up feel of a small team

Work You'll Do

• Review and categorize software security analysis vulnerability findings

• Report and document vulnerability findings

• Identify duplications and false positive vulnerability reports

• Review commonly used software libraries to model their behaviour for SAST tools

• Partner with software development through ongoing security identification

• Partner with Site reliability engineering to help identify and work with them to improve automation mechanisms

• Seek out opportunities to improve systems and reporting mechanisms