Safetyculture 22mo ago

Staff Application Security Engineer

SydneyFull-time Permanentlead

EngineeringSecuritySecurity EngineerApplication Security EngineerCybersecurity

3 views0 saves0 applied

Apply Now

Quick Summary

Overview

Why join us? We’re a global tech company, just not the kind you’re picturing. Sure, we’ve got catered lunches, team events, cool merch, and yes... dogs in the office. But that’s not why people join.

Requirements Summary

You’re a hands-on security engineer with strong software engineering fundamentals. You understand how modern SaaS platforms are built; microservices, distributed systems, CI/CD and you know how to make them secure in practical, scalable ways.

Technical Tools

awsci-cddistributed-systemsmicroservicessaassecurity-best-practices

Why join us?

We’re a global tech company, just not the kind you’re picturing.

Sure, we’ve got catered lunches, team events, cool merch, and yes... dogs in the office. But that’s not why people join.

Our team of nearly a thousand people wakes up every day to make our product and our customers’ lives better. At SafetyCulture, you’ll hear “yes, let’s give it a shot” more often than “that’s not how we do things here.”

People join because we’re building tools that make work better for the 3 billion people who keep the world moving - factory floor operators, baggage handlers, truck drivers, servers, store assistants. The ones who make things happen. We’ve got the scale and innovation you’d expect from big tech. The difference? No endless layers of sign-off. No corporate theatre. Just smart, experienced people solving real problems fast .

The scale is big. But the ownership’s personal. Every full-time team member gets equity - real skin in the game. When we grow, you do too. We’re not perfect, no company is. But this next chapter of our growth is about scaling with intelligence, not just size - fueled by operational maturity, a clear vision, and a strong focus on AI.

This is big tech impact, without the big tech ick. If that excites you more than it scares you, you’ll fit right in.

About the Role

At SafetyCulture, we build products that help millions of people work safer and smarter every day. As a Staff Application Security Engineer, you’ll ensure our platform is secure by design and secure by default.

You’ll embed security into how we build; partnering with product and engineering teams to shape secure architectures, APIs, and development practices across our cloud-native SaaS platform running on AWS.

You’ll help us scale security while maintaining high engineering velocity.

At Staff level, you will lead cross-team security initiatives such as secure-by-default patterns, major authentication migrations, and large-scale dependency risk reduction. You’ll influence architectural decisions across multiple product teams and mentor engineers across the organisation, uplifting secure coding and design practices at scale.

About You

You’re comfortable reviewing production code (we primarily use Go), leading threat modelling discussions, and guiding teams on secure patterns. You communicate clearly, think in terms of risk and impact, and enjoy working closely with engineers to make the secure path the easiest path.

Design secure architectures and APIs in partnership with product teams.

Lead threat modelling and secure design reviews for new features and services

Embed secure SDLC practices (SAST, DAST, dependency scanning, CI/CD security controls)

Strengthen authentication, authorisation, and access control patterns

Improve supply-chain security and vulnerable dependency remediation

Review penetration tests and drive effective remediation

Provide pragmatic, risk‑based guidance to teams and stakeholders, balancing security, usability and delivery speed. (ISO 27001, SOC 2)

Experience in application or product security for internet-facing SaaS platforms, ideally cloud-native.

Strong software engineering background — able to read, reason about, and review production code (Go experience is beneficial but not required).

Hands-on experience integrating security into CI/CD pipelines and modern development practices (SAST/DAST, dependency scanning, container scanning, security gates).

Applied knowledge of web and API vulnerabilities (OWASP Top 10 and beyond) and practical mitigation strategies.

Ability to communicate security concepts clearly and collaborate effectively with product and engineering teams.

Equity with high growth potential, and a competitive salary,

Flexible working arrangements, we encourage you to create the best work blend while working from your home and the local SafetyCulture office;

Access to professional and personal training and development opportunities; Hackathons, Workshops, Lunch & Learns;

We encourage involvement in the community, open source work, attending talks and events, and experimenting with new technologies.

In-house Culinary Crew serving up daily breakfast, lunch and snacks

Wellbeing initiatives such as subsidised fitness programs, EAP services and generous parental leave policy

Quarterly celebrations and team events, including the annual Shiplt! global offsite

Table tennis, board games, gym sessions, book club, and pet-friendly offices.