Application Security Engineer


This is a hands-on role for an Application Security Engineer specialising in application and database security.

  • Join an ambitious Telco at an exciting phase of growth
  • We pride ourselves on have a great company culture
  • Do it. Own it. Love it.

We are a business who is crazy about customers. We use disruptive thinking every day to ensure that we are capturing every opportunity to deliver the ultimate experience to our customers and people. We empower our people to Do it. Own it. Love it and that’s why they choose to work for us. Here, it’s never just a job – We care about what we do and the impact we have, and that’s what connects us.

What’s the opportunity?

This is a hands-on role for an Application Security Engineer specialising in application and database security.
You will be conducting hands-on security reviews and testing of Vocus Applications and Databases (internal and external environments). You will also assist with relevant information security knowledge sharing and training for application developers and database administrators.

What you’ll be doing in the role:
  • Perform web applications vulnerability assessments and web application pentesting on modern web-based languages such as JavaScript with AJAX including the use of proxies, fuzzing, scripting, and attacking application logic.
  • Perform information gathering (OSINT) and reconnaissance for web servers
  • Perform WAF and DAM tuning, security and data/log analysis to detect web security incidents
  • Perform auditing and identify flaws in the design or implementation in the configuration of a web site
  • Investigate and utilise new technologies and processes to enhance security capabilities and implement improvements.
  • Perform web app source code auditing, code analysis, and scripts writing
  • Provide trusted security mentoring to development and systems delivery teams
  • Develop and maintain procedures to efficiently deliver Application Security testing services
  • Proactively conduct hands-on security assessments of applications and identify security vulnerabilities/weaknesses, evaluate countermeasures, and recommend best security practices to mitigate the vulnerability.
  • Review the results and recommend effective remediation of vulnerability scan and penetration test reports.
  • Provide a secure framework for development teams to follow as part of any development work being completed.
  • Create new ways to solve existing production security issues
  • Collaborate with colleagues on authentication, authorization and encryption solutions
  • Evaluate new technologies and processes that enhance security capabilities
  • Collaborate on the definition, implement and maintenance of corporate security policies
  • Analyse and advise on new security technologies and program conformance
  • Perform vulnerability testing, risk analyses and security assessments
  • Be a champion of effective security best practices and promote their acceptance, adoption and socialisation
  • Participate in the information security incident management process
  • Develop and maintain regular information security reports for managers and team.
  • Review and test (if required) security solutions using industry standard analysis criteria
What you will need to be successful in a team like this:

  • Passionate about information security with a strong commitment to continuously improve user experience outcomes
  • Good understanding of the technologies, programming languages and structures that are involved in the construction and implementation of a web site such as HTTP, HTTPS and AJAX
  • Experienced in using SQL injection attacks and how to identify SQL injection vulnerabilities in applications
  • Experience in web application sessions management as well as the attacks that can be leveraged against flaws in session state
  • Experienced with open source tools for web security assessment and detection
  • Good understanding of SIEM and integration with different web security solutions
  • Skills in the presentation of technical information to development and management teams
  • Understanding of development issues, SDLC and Agile methodologies as they are impacted by security
  • Experience with secure web and mobile application development in a range of languages including .Net, Java, Javascript and AngularJS
  • Remediating issues found through web penetration testing
  • Conducting security code reviews for both mobile and web application
  • Use of security testing and source code assessment methodologies and tools
  • Experienced with security technologies such as IDS/IPS, WAF, SIEM, FIM, DAM, and vulnerability scanning
  • Experienced in web vulnerability scanning, security monitoring tools such as Burp Suite, OWASP ZAP, sqlmap, w3af, Rapid 7, Nipper etc.
  • Strong understanding of web applications and network fundamentals
  • Good understanding of security standards such as ISO27001, PCI-DSS, AusGov PSPF and ISM
  • Good understanding of secure software development standards (e.g. OWASP, SANS 20, ASD Top 8)
  • Knowledge of risk management guidelines and frameworks such as ISO31000 (desirable)
  • Complex problem-solving abilities
  • Strong oral and communication skills
  • Skills in the presentation of technical information to system and network teams
  • 7-9 years’ experience in IT, with 5+ years of IT security experience, coupled with a degree in Computer Science, Cyber Security or a related field.
In return Vocus commit to a fast paced and fun workplace that is committed to career development opportunities within the company nationally and across different areas.

We have the best employee benefits such as Internet discounts, the ability to purchase leave, anniversary leave, awesome parental leave benefits. Best of all we believe in flexibility and fitting your job into your life - Vocus is quite simply just a great place to work!

It’s a seriously exciting time to join Vocus and there’s even more to come. If you think you want to join us and be part of something great, do it and apply now!