Engineer - Cyber Defence - Secure Coding x2

Melbourne, Victoria, Australia
21 Mar 2019
28 Mar 2019
Job role
First a bit about ANZ
At ANZ, everything we do boils down to ‘why’ – our purpose – to shape a world where people and communities thrive. We're just as focused on seeing our people thrive as well as our customers. We'll give you every opportunity to develop your career.
We are responding faster to changing customer requirements, focusing on the things that matter the most, energising our people, eliminating waste and reducing bureaucracy.
ANZ has started to move to a new way of working, leveraging agile practices. To understand more about this new way of working and if this role is right for you, we strongly encourage you to take a look at The ANZ Way vimeo channel where you’ll find The ANZ Way animation and the New Ways of Working animation.

Your team’s mission?

The mission of Secure Coding squad is to keep ANZ safe by ensuring that applications are coded securely via providing secure development training, secure code review and open source library analysis services.

As an Engineer in Secure Coding squad, drive ANZ's information security efforts by providing Subject Matter Expertise in integration of application security toolset within the enterprise CI/CD pipeline, automation of application security activities to enable DevSecOps across the enterprise. In addition, this role will also help to maintain the application security toolset and the platform so that it is up-to-date with versions and patch levels and also is scalable enterprise wide.

You’ll help to deliver this by bringing the following skillset/experiences:
  • Three years of experience in working on multiple CI/CD environment as well as integration and automation of application security toolset
  • A desire to continuously learn new techniques / technologies and bring innovative ideas into the squad
  • Excellent consulting skills with the ability to communicate clearly to developers and senior management at the expected level.
  • Strong communication and presentation skills

Good to have:
  • Experience in integrating application security toolsets within the application CI/CD pipeline at an enterprise level including,
    • Static Application Security Testing/Security code scanning toolset (Example: Fortify, Checkmarx)
    • Software composition/open source library analysis toolset (Example: Black Duck)
    • Dynamic Application Security Testing toolset
  • Experience in implementing an automated process for application security services in-line with the agile development process and to facilitate DevSecOps
  • Maintain application security toolsets deployed enterprise wide including upgrade of toolset and platforms, maintaining the database used by these toolsets
  • Knowledge of APIs and integration patterns offered by the application security toolsets and it’s usage to facilitate integration and automation

  • Experience in the various enterprise level Continuous Integration (CI) / Continuous Development (CD) environment
  • Knowledge of general Cyber/Information Security concepts, particularly security in software delivery life cycle

At ANZ we aim to create an inclusive environment where employee differences such as gender, age, culture, disability, sexual orientation, family and caring responsibilities and religion are valued.
We work flexibly at ANZ. Talk to us and let us know how this role can be flexible for you.