Design secure architectures and APIs in partnership with product teams.
Lead threat modelling and secure design reviews for new features and services
Embed secure SDLC practices (SAST, DAST, dependency scanning, CI/CD security controls)
Strengthen authentication, authorisation, and access control patterns
Improve supply-chain security and vulnerable dependency remediation
Review penetration tests and drive effective remediation
Provide pragmatic, risk‑based guidance to teams and stakeholders, balancing security, usability and delivery speed. (ISO 27001, SOC 2)

Experience in application or product security for internet-facing SaaS platforms, ideally cloud-native.
Strong software engineering background — able to read, reason about, and review production code (Go experience is beneficial but not required).
Hands-on experience integrating security into CI/CD pipelines and modern development practices (SAST/DAST, dependency scanning, container scanning, security gates).
Applied knowledge of web and API vulnerabilities (OWASP Top 10 and beyond) and practical mitigation strategies.
Ability to communicate security concepts clearly and collaborate effectively with product and engineering teams.

Equity with high growth potential, and a competitive salary,
Flexible working arrangements, we encourage you to create the best work blend while working from your home and the local SafetyCulture office;
Access to professional and personal training and development opportunities; Hackathons, Workshops, Lunch & Learns;
We encourage involvement in the community, open source work, attending talks and events, and experimenting with new technologies.
In-house Culinary Crew serving up daily breakfast, lunch and snacks
Wellbeing initiatives such as subsidised fitness programs, EAP services and generous parental leave policy
Quarterly celebrations and team events, including the annual Shiplt! global offsite
Table tennis, board games, gym sessions, book club, and pet-friendly offices.

Senior Application Security Engineer

Key skills