CrawlJobs Logo

Staff Application Security Engineer

Australia, Sydney · Job Posted February 18, 2026
Apply Position
Job Link Share

Job Description

We're building security systems for medical technology that handles sensitive data and supports critical healthcare decisions. Security and data protection are core to what we build. In this role you'll partner with product and engineering teams to design secure architectures and establish patterns that teams can apply consistently across services and client applications.

Job Responsibility

  • Lead secure architecture work early: threat model features, define security requirements, and propose concrete architecture options
  • Design and standardise secure patterns for authentication, session management, and token handling across services and client applications
  • Design and review authorisation models and access control patterns (policy enforcement, fine-grained controls)
  • Establish secure API architecture patterns: validation and normalisation, rate limiting, abuse resistance, and observability signals
  • Build libraries, templates, and reference implementations so teams can adopt secure patterns with minimal friction
  • Shape security testing and feedback loops (static and dynamic testing, dependency scanning) so they reinforce architecture choices and stay actionable
  • Contribute to the wider security program by turning recurring application risks into standards, shared components, and engineering guidance

Requirements

  • Senior/staff-level capability expressed as autonomy, depth, and ability to scale impact
  • Operates with high autonomy: can take an ambiguous app risk area and drive it from discovery to architecture to rollout
  • Strong domain understanding of modern application architectures, distributed systems failure modes, and common security pitfalls
  • Designs pragmatic security architectures that fit product constraints and delivery realities
  • Builds leverage through reusable patterns, shared components, and clear standards, not just one-off reviews
  • Communicates trade-offs clearly and aligns product and engineering stakeholders on decisions

What we offer

  • Flexible hybrid working environment, with 3 days in the office
  • A generous personal development budget of $500 per annum
  • Learn from some of the best engineers and creatives, joining a diverse team
  • Become an owner, with shares (equity) in the company, if Heidi wins, we all win
  • The rare chance to create a global impact as you immerse yourself in one of Australia’s leading healthtech startups
  • If you have an impact quickly, the opportunity to fast track your startup career

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Staff Application Security Engineer

8 matching positions

Staff Application Security Engineer

The Application Security Engineer at Sunrun plays a pivotal role in protecting t...
Location
Location
United States
Salary
Salary:
150290.60 - 180348.72 USD / Year
sunrun.com Logo
Sunrun
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of combined experience in application security and identity & access management (IAM), with a proven track record of supporting application development teams
  • Deep knowledge of application security principles, secure coding practices, common vulnerabilities (e.g., OWASP Top 10), and zero-trust architecture
  • Hands-on experience with security testing tools (SAST, DAST), Web Application Firewalls (WAF), and IAM platforms (e.g., Okta, AWS IAM)
  • Proficiency in programming languages such as Java, Python, or JavaScript
  • Strong familiarity with cloud environments (AWS, GCP) and their native security and identity controls
  • Demonstrated expertise in threat modeling and designing defense-in-depth strategies for complex applications
  • Solid understanding of modern identity standards and technologies, including MFA, SSO, and WebAuthn
  • Excellent communication and collaboration skills, with the ability to articulate technical findings and security risks to diverse audiences
  • Strong critical thinking and creative problem-solving skills, with the ability to analyze systems from an attacker's perspective and devise effective countermeasures
Job Responsibility
Job Responsibility
  • Threat Modeling & Security Design: Assess potential attack vectors and design defense-in-depth strategies that address gaps across infrastructure, 1st and 3rd party applications, and identity management
  • Secure Software Development Life Cycle (SSDLC): Partner with application development teams to integrate security into every stage of the development lifecycle. Champion secure coding standards, conduct security code reviews, and provide expert guidance to minimize vulnerabilities before production
  • Identity & Access Management (IAM): Design, implement, and manage identity security solutions across 1st and 3rd party applications. Showcase hands-on experience in implementing strategies like Zero Trust architecture and modern authentication standards like WebAuthn
  • Implement & Manage Security Controls: Design, implement, and fine-tune application security controls like SAST/DAST vulnerability scanning andand standardizing secure coding practices. Establish and improve operational processes to ensure their continued effectiveness
  • Guidance, Training & Compliance: Develop and maintain security policies and standards for both application and identity security. Provide ongoing training to developers to elevate secure coding practices
  • Stakeholder Collaboration: Use strong critical thinking and communication skills to present complex technical concepts to business stakeholders, gain alignment, and independently drive security initiatives forward
What we offer
What we offer
  • Medical/Dental/Vision Insurance
  • Life Insurance
  • Disability Insurance
  • 401k Plan + Company Match
  • Stock Purchase Plan
  • Paid Vacations/Holidays
  • Paid Baby Bonding Leave
  • Employee Discounts
  • PowerU - 100% Funded Education Programs
  • Employee Donation Matching
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

Braze is seeking a Staff Application Security engineer to join our team. Braze i...
Location
Location
United States , San Francisco
Salary
Salary:
189000.00 - 215000.00 USD / Year
braze.com Logo
Braze
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience securing an application at a company at an IC level or higher
  • Demonstrable experience in consistently locating novel security vulnerabilities in web software
  • 5+ years experience conducting penetration tests both as a single tester and on a team
  • 5+ years of experience in application incident response
  • Experience with active testing against AI/LLM integrated web applications and APIs
  • Experience with scripting languages and automation
  • Direct experience in the triage/validation of vulnerabilities in systems they may not be familiar with, and the ability to properly articulate risk and provide accurate mitigation recommendations
  • Ability to read and understand Javascript, Ruby, and Kotlin (Development level proficiency not required)
  • 5+ years of experience as an Application Security leader or sole responsible party
Job Responsibility
Job Responsibility
  • Work with our existing Application Security team to better protect our production applications and their related application infrastructure
  • Provide expert level guidance to development teams around secure architecture for their systems
  • Be the sole point of technical escalation for complex, large scale software security projects
  • Effectively, accurately, and holistically identify security issues in application architecture, in code, and in application running states
  • Communicate security requirements to developers, technical teams, and non-technical parties
  • Handle complex security incidents and escalations as a technical incident commander
  • Make determinations quickly, accurately, and with a cool head during incidents
What we offer
What we offer
  • Competitive compensation that may include equity
  • Retirement and Employee Stock Purchase Plans
  • Flexible paid time off
  • Comprehensive benefit plans covering medical, dental, vision, life, and disability
  • Family services that include fertility benefits and equal paid parental leave
  • Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend
  • A curated in-office employee experience, designed to foster community, team connections, and innovation
  • Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching
  • Employee Resource Groups that provide supportive communities within Braze
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

Braze is seeking a Staff Application Security engineer to join our team. Braze i...
Location
Location
United States , Austin
Salary
Salary:
189000.00 - 215000.00 USD / Year
braze.com Logo
Braze
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience securing an application at a company at an IC level or higher
  • Demonstrable experience in consistently locating novel security vulnerabilities in web software
  • 5+ years experience conducting penetration tests both as a single tester and on a team
  • 5+ years of experience in application incident response
  • Experience with active testing against AI/LLM integrated web applications and APIs
  • Experience with scripting languages and automation
  • Direct experience in the triage/validation of vulnerabilities in systems they may not be familiar with, and the ability to properly articulate risk and provide accurate mitigation recommendations
  • Ability to read and understand Javascript, Ruby, and Kotlin (Development level proficiency not required)
  • 5+ years of experience as an Application Security leader or sole responsible party
Job Responsibility
Job Responsibility
  • Work with our existing Application Security team to better protect our production applications and their related application infrastructure
  • Provide expert level guidance to development teams around secure architecture for their systems
  • Be the sole point of technical escalation for complex, large scale software security projects
  • Effectively, accurately, and holistically identify security issues in application architecture, in code, and in application running states
  • Communicate security requirements to developers, technical teams, and non-technical parties
  • Ensure security in the development cycle while simultaneously creating a condition where technical teams are not burdened by controls
  • Handle complex security incidents and escalations as a technical incident commander
  • Make determinations quickly, accurately, and with a cool head during incidents
  • Process several simultaneous technical and administrative inputs while consistently working towards clear goals for remediation and containment
What we offer
What we offer
  • Competitive compensation that may include equity
  • Retirement and Employee Stock Purchase Plans
  • Flexible paid time off
  • Comprehensive benefit plans covering medical, dental, vision, life, and disability
  • Family services that include fertility benefits and equal paid parental leave
  • Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend
  • A curated in-office employee experience, designed to foster community, team connections, and innovation
  • Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching
  • Employee Resource Groups that provide supportive communities within Braze
  • Fulltime
Read More
Arrow Right

Staff Application Security Engineer

Braze is seeking a Staff Application Security engineer to join our team. Braze i...
Location
Location
United States , Chicago
Salary
Salary:
189000.00 - 215000.00 USD / Year
braze.com Logo
Braze
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of experience securing an application at a company at an IC level or higher
  • Demonstrable experience in consistently locating novel security vulnerabilities in web software
  • 5+ years experience conducting penetration tests both as a single tester and on a team
  • 5+ years of experience in application incident response
  • Experience with active testing against AI/LLM integrated web applications and APIs
  • Experience with scripting languages and automation
  • Direct experience in the triage/validation of vulnerabilities in systems they may not be familiar with, and the ability to properly articulate risk and provide accurate mitigation recommendations
  • Ability to read and understand Javascript, Ruby, and Kotlin (Development level proficiency not required)
  • 5+ years of experience as an Application Security leader or sole responsible party
Job Responsibility
Job Responsibility
  • Work with our existing Application Security team to better protect our production applications and their related application infrastructure
  • Provide expert level guidance to development teams around secure architecture for their systems
  • Be the sole point of technical escalation for complex, large scale software security projects
  • Effectively, accurately, and holistically identify security issues in application architecture, in code, and in application running states
  • Communicate security requirements to developers, technical teams, and non-technical parties
  • Handle complex security incidents and escalations as a technical incident commander
  • Make determinations quickly, accurately, and with a cool head during incidents
What we offer
What we offer
  • Competitive compensation that may include equity
  • Retirement and Employee Stock Purchase Plans
  • Flexible paid time off
  • Comprehensive benefit plans covering medical, dental, vision, life, and disability
  • Family services that include fertility benefits and equal paid parental leave
  • Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend
  • A curated in-office employee experience, designed to foster community, team connections, and innovation
  • Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching
  • Employee Resource Groups that provide supportive communities within Braze
  • Fulltime
Read More
Arrow Right

Staff Security Engineer, Product Security

At Mozilla, we believe the internet is a global public resource—open and accessi...
Location
Location
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant hands-on experience in product and application security
  • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
  • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
  • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
  • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams
Job Responsibility
Job Responsibility
  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education
What we offer
What we offer
  • Generous performance-based bonus plans to all eligible employees - we share in our success as one team
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
  • Quarterly all-company wellness days where everyone takes a pause together
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
  • Fulltime
Read More
Arrow Right

Staff Security Engineer, Product Security

At Mozilla, we believe the internet is a global public resource—open and accessi...
Location
Location
Salary
Salary:
Not provided
mozilla.org Logo
Mozilla
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of relevant hands-on experience in product and application security
  • 5+ years of experience and proficiency in secure coding practices, application security testing (SAST, DAST), threat modeling, and vulnerability assessment
  • Experience in one or more languages like Python, Go, Java, or JavaScript, required for automation and code review
  • Familiarity with security tools like Burp Suite, Nessus, and tools for CI/CD automation
  • Strong communication, collaboration, and problem-solving skills, with the ability to influence and guide cross-functional teams
Job Responsibility
Job Responsibility
  • Safeguard millions of users by embedding security into Firefox, Mozilla VPN, and other mission-critical products
  • Ensure software products are secure by embedding security into the full Software Development Life Cycle (SDLC)
  • Anticipate, prioritize and mitigate risks through proactive threat modeling, security assessments, security testing, and automation
  • Perform security code reviews
  • Lead penetration testing on web, mobile, and embedded applications, then guide remediation efforts
  • Develop and maintain automated security tests within CI/CD pipelines to catch vulnerabilities early
  • Partner with engineers to integrate security throughout the software development lifecycle—not as an afterthought, but as a core design principle. Provide security guidance, develop secure solutions, and facilitate secure releases
  • Help define and enforce security policies and provide security guidance to development teams
  • Help shape Mozilla's security culture through collaboration, guidance, and education
What we offer
What we offer
  • Generous performance-based bonus plans to all eligible employees - we share in our success as one team
  • Rich medical, dental, and vision coverage
  • Generous retirement contributions with 100% immediate vesting (regardless of whether you contribute)
  • Quarterly all-company wellness days where everyone takes a pause together
  • Country specific holidays plus a day off for your birthday
  • One-time home office stipend
  • Annual professional development budget
  • Quarterly well-being stipend
  • Considerable paid parental leave
  • Employee referral bonus program
Read More
Arrow Right
New

Staff Security Engineer

We are currently looking for a Staff Security Engineer to join a fast-growing, i...
Location
Location
United Kingdom , London
Salary
Salary:
120000.00 - 150000.00 GBP / Year
dataidols.com Logo
Data Idols
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Commercial experience as a Security Engineer, Application Security Engineer, Product Security Engineer or DevSecOps Engineer
  • Strong understanding of application security principles and secure software development practices
  • Experience working closely with software engineering teams
  • Hands-on experience securing cloud environments (AWS, GCP or Azure)
  • Experience with vulnerability management, threat modelling and security reviews
  • Knowledge of CI/CD security and modern development practices
  • Excellent stakeholder management and communication skills
Job Responsibility
Job Responsibility
  • Driving application and product security initiatives across multiple engineering teams
  • Conducting security reviews, threat modelling and risk assessments
  • Implementing and improving vulnerability management processes
  • Embedding security tooling into CI/CD pipelines and development workflows
  • Partnering with developers to promote secure coding practices
  • Reviewing cloud infrastructure and architecture from a security perspective
  • Supporting incident response and remediation activities when required
  • Defining and promoting security standards, policies and best practices
  • Influencing technical decision-making across engineering and leadership teams
What we offer
What we offer
  • Hybrid working model
  • Opportunity to work on cutting-edge AI and technology products
  • High level of autonomy and influence
  • Collaborative engineering culture
  • Career progression opportunities as the business continues to scale
  • Ongoing learning and professional development
  • Pension scheme
  • Generous holiday allowance
  • Fulltime
Read More
Arrow Right
New

Staff Engineer, Security Engineering Partners

We are actively recruiting for this role to fill an existing vacancy. This posit...
Location
Location
Canada
Salary
Salary:
160320.00 - 200400.00 CAD / Year
stytch.com Logo
Stytch
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of experience in security engineering with a proven track record of designing and implementing scalable security solutions
  • Deep technical expertise in any of these specialized security domains - application security, cloud security, product security
  • Experience with Threat Modeling methodologies and leading security design reviews
  • Experience leveraging LLMs in security solutions
  • Ability to translate emerging security threats and trends into actionable engineering requirements and technical roadmaps
  • A strong background in software development with specialized expertise in security engineering
  • Proficiency in Python is required
  • Experience driving software delivery utilizing robust CI/CD processes
  • Experience leveraging best-in-class development productivity practices including AI tooling
  • Proven track record leading cross-functional security initiatives where you influenced security outcomes outside of the security organization
Job Responsibility
Job Responsibility
  • Design and ship scalable security solutions
  • Build relationships with engineering to foster cooperative partnerships across key Twilio products and platforms
  • Partner with product and engineering teams to integrate scalable security capabilities
  • Use metrics and data on the state of security at the product level, to drive accountability and action
  • Drive security risk reduction through technical leadership and influence of engineering roadmaps
  • Lead security reviews for critical features, new initiatives and infrastructure changes
  • Cultivate security expertise across engineering teams through mentorship, technical guidance and training
What we offer
What we offer
  • competitive pay
  • generous time off
  • ample parental and wellness leave
  • healthcare
  • a retirement savings program
  • Fulltime
Read More
Arrow Right