_{24th December, 2025}

Candidates experienced with Application Security including threat modelling, secure code review, and have an understanding of frameworks such as the OWASP SAMM and NIST SSDF are strongly encouraged to apply.

If you have come from a DevOps or Development background, please make sure the relevant items above are included in your CV.


Key Roles & Responsibilities

• Support in defining and executing the Application Security strategy and planning focused on upskilling practices internally at CyberCX to create delivery specialists and identify new ways of delivering Application Security Services to clients.
• Deliver the top Application Security services as well as STA services where required to a high standard, specifically those with large or complex testing requirements.
• Build out and promote strong, long-lasting relationships with a diverse range of customers, and identify and explore opportunities within existing and new customers.
• Act as a subject matter expert and technical leader both within STA and externally across practice for Application Security services.
• Prepare high quality reports detailing security issues, making recommendations, and identifying solutions, and lead presentations and discussions with customers around Application Security work performed, key results, strategies, processes recommendations and next steps/roadmap to success
• Engage with Customer Sales and Customer Solutions team in a presales-capacity to assist with technical methodology aspects, costing scoping, standardised proposal methodologies, RFQs and tenders
• Ensure that KPIs around client expectation management, delivery deadlines, quality of work and deliverables etc are met, including maintaining visibility of project budget vs actual delivery time and flowing up deviations.
• Lead, coach and build a high performing team as well as other members of external practices to enable learning, development, and capability uplift.
• Meeting you own utilisation targets and ensure on budget delivery,
• Assist the Managing Consultant – AppSec to develop standardised methodologies, identify and build tools, and improve processes
• Assist with R&D, innovation, and practice improvement activities, under supervision

Preferred Qualifications, Experience & Skills

• 3+ years of experience in application security services, penetration testing, and/or software development, including but not limited to the following:
  • o Conducting threat modelling exercises and design reviews
  • o Building, supporting and implementing automated security testing tools
  • o Implementing DevSecOps processes and managing CI/CD pipelines
  • o Conducting secure code reviews for various languages and frameworks
  • o Performing Secure SDLC and Secure DevOps reviews against industry standards such as OWASP SAMM, BSIMM or DevSecOps maturity model
  • o Experience with containerisation and Infrastructure as Code (IaC)
• Tertiary qualification in information systems, cyber security, software development or a similar field, or equivalent industry experience
• Experience in cloud security and automated application deployment processes
• Strong stakeholder engagement and communication skills with an ability to build credibility with senior leaders and internal working teams

About CyberCX

CyberCX is the leading independent cyber security services organisation in Australia and New Zealand. CyberCX is Australia’s greatest force of cyber security professionals.

CyberCX has united the country’s most trusted cyber security companies to deliver the most comprehensive end to end cyber security services offering to Australian enterprises and governments.
  
We are cyber security experts first and foremost. We’re a unified team of highly qualified, certified
and skilled professionals working together on the same mission: to protect and defend Australian
organisations from cyber threats.
  
We specialise in: Strategy & Consulting | Governance, Risk & Compliance | Security Testing & Assurance | Identity & Access Management | Network & Infrastructure Solutions | Managed Security Services | Cloud Security & Solutions | Digital Forensics & Incident Response | Cyber Capability, Education & Training         
  

NB. Due to Christmas Holidays all applicants will be reviewed week commencing 12th Jan ***

Apply For Job