Skip to:
Jobs list
-

Senior Product Security Engineer

02/04/2026
  • Permanent role hybrid role based in Melbourne
  • High ownership and impact role.
  • Salary: $160,000 - $175,000 + super + bonus

Senior Product Security Engineer | Shape the AppSec Function Melbourne CBD | Hybrid 

About the company

A fast-scaling global business headquartered in Melbourne are growing their Security team organically alongside the business. You will get to work in a this is a build, not just maintain phase uplifting and adding to its maturity

About the role

This is an opportunity for a Senior AppSec engineer who wants more than a hands-on technical remit. The AppSec function is nascent, and this person will be the one to shape it.

You’ll work closely with the Head of Security to define what great application security looks like at scale embedding early into product roadmaps, driving vulnerability management as a living discipline, and building a security champion culture across engineering. The team is actively shifting from compliance gatekeeper to genuine enablement partner, and you’ll own a big part of that narrative.

You’ll have real ownership. Real influence. And a clear path to grow as the team scales from 6 to 8+.

What you’ll do

  • Define and drive the AppSec roadmap present ideas and strategy to engineering leads and senior stakeholders.
  • Embed security across the SDLC as a partner to development teams, not a blocker.
  • Identify and remediate IaC misconfigurations, API security weaknesses, and cloud-native design flaws.
  • Drive vulnerability management as a BAU discipline build the paved road that engineering teams actually use.
  • Execute application security testing including threat modelling, vulnerability scanning, and contributing to penetration testing engagements.
  • Champion security across product, engineering, and privacy roadmaps.
  • Experiment with AI tooling to extend the leverage of a lean security function.

What you’ll bring

  • Minimum 4 years in application security with strong Cloud and security engineering fundamentals.
  • Hands-on experience with SAST, SCA, DAST, and vulnerability scanning tooling.
  • Solid understanding of cloud-native security containers, CI/CD pipelines, APIs etc
  • Working knowledge of Identity standards
  • Experience reading and writing code.
  • The ability to communicate security risk clearly to non-technical stakeholders.
  • High agency you bring proposals, not just problems.
Apply now