Application Security Lead

Since our founding in 2017, Willow has grown from a start-up in Australia to serving customers around the globe. Our product offering digitizes the build world for a better world. We make our customers buildings work smarter for them and the environment.

You will be joining a team of performance-driven Willowers, backed by the most advanced technology the built world has ever seen.

The Application Security Lead will work closely with the Head of Cyber Security & Privacy, third party service providers and stakeholders from all parts of the business to improve the security of Willow and of its customers. The role will work closely with the Product and Engineering teams, providing ad hoc technical security advice where needed and focused on ensuring that our products are secure at all levels of the technology stack. This includes identifying opportunities for improvement, building out new security capabilities and responding to incidents where required. The Application Security Lead will be someone who takes ownership of their work, shows initiative through effective problem-solving skills and has the ability to clearly communicate ideas or recommendations to a variety of people with varying technical knowledge.

Role & Responsibilities

• Work closely with wider Product and Engineering teams to advise on security architecture as well as minimum security requirements in new and existing products or software.
• Perform code security reviews and application threat modelling.
• Ensure appropriate security controls and processes such as rapid risk assessments and security testing are embedded into the Engineering development processes in a seamless manner.
• Drive the continued education of engineers and product team around security requirements.
• Work closely with IT consultants and managed service providers to scope, manage and remediate regular penetration testing assessments.
• Continually review and improve the security function by identifying possible improvements, developing skills, identifying new techniques and developing automation to mitigate security risks and incidents efficiently.
• Apply threat intelligence and other information sources to identify events/risks relevant to the company and integrate this into existing security processes for targeted remediation.
• Contribute to various security projects and assist the Head of Cyber Security & Privacy in the delivery of the cyber security roadmap in accordance to timeframes and budget.

Skills & Experience

• Minimum 4-5 years relevant experience in security, preferably in an Application Security or software engineering role
• Strong technical skills including code proficiency, penetration testing and cloud architecture knowledge
• Experience in a cloud infrastructure environment - AWS or Azure, preferably with PaaS and Windows Operating Systems
• Experience in working with software developers to advise on security controls and requirements
• Relevant security certifications (OSWE, OSCP, GIAC GCSA etc)
• Excellent communication and interpersonal skills, with the ability to effectively convey complex security concepts to technical and non-technical stakeholders.
• Strong problem-solving and analytical skills, with the ability to think strategically and make sound decisions.
• Experience with common information security management frameworks, standards, principles and processes (OWASP, CIS, SANS, ISO, NIST etc)
• Experience in vulnerability management and threat intelligence capabilities
• Exposure to highly automated DevOps environments and familiarity with toolsets including Git, Docker, Pulumi, etc

By joining our team of Willowers, we offer true flexible working arrangements, remote and/or hybrid as well as parental leave available for those budding families. 

But it is not all about us - it's about you and the world around us. Willowers can dedicate up to 3 days a year to causes they love or level up through our Willow Academy. Psst...we've got your back with cool discounts on shopping and services too. 

We at Willow never give up, we work smart, we care about our fellow human beings, and we always put our best foot forward. 

At Willow, we're not just looking for the right git for the job - we're excited to embrace a rainbow of talents and perspectives, fostering a vibrant workplace where all individuals are celebrated and discrimination is left at the door.

To find out more, visit the website: willowinc.com