Job Description

The original Rokt band got together in 2011. From there we have grown to an amazing global ensemble of over 170 people in Sydney, New York, Melbourne, the Netherlands, London, New Zealand, and Japan. We have crafted patented software, and fought the law to allow all Australian software businesses to protect their patents (and we won!). In doing this we have disrupted the marketing technology industry and Australian patents for software as a whole. In 2019 we are investing $23m in new R&D which includes hiring 70 new engineers. Do you want to be our next generation Rokt'star?

Our Engineering teams aim to delivery business value as quickly and regularly as possible, following an Agile methodology, continuous deployments to ‘live’ operating environments, and utilising a broad range of technologies. As a Web Application Security Engineer, will be responsible for ensuring their ‘need for speed’ does not come at the cost of security; implementing controls within the (S)SDLC to ensure all code changes adhere to our security guidelines and industry best practices. Your daily tasks will include:

  • Actioning of security controls at all phases of the (S)SDLC, including:
    • Performing regular penetration testing for security quality assurance of Rokt applications and websites
    • Auditing of system and cloud infrastructure configurations for security weaknesses
    • Reviewing source code for security vulnerabilities
    • Establishing threat modelling documentation for Engineering teams and assist in system design to ensure the necessary technical controls are in place to maintain the CIA triangle
    • Working with our Product team to ensure security and privacy concerns are adequately addressed in feature specifications and in accordance with our legal and compliance requirements
    • Verifying the successful resolution of past vulnerabilities and implement automated tests to detect regressions
  • Maintaining a register of known vulnerabilities; following up with Engineering teams to ensure vulnerabilities are addressed within an acceptable time frame and to an appropriate standard
  • Scaling and automating security checks by augmenting our CI/CD pipelines with security tooling
  • Documenting of security guidelines and practices for the technology stacks used
  • Providing application and code security training/awareness through workshops and presentations

Requirements

To be successful in this role, you should have:

  • Experience performing web application vulnerability assessments, using a documented testing methodology (e.g. OWASP, OSSTMM, PTES, etc)
  • Practical skills in assessing web applications for weaknesses (e.g. XSS, SQLi, CSRF, LFI/RFI, etc) both with and without the use of common security automation tools
  • Willingness to collaborate with and interview Engineers to develop an understanding of their systems and data flows
  • Demonstrable skills in identifying threats and attack vectors for systems based on interviews and architecture documentation
  • Knowledge of secure coding best practices and the ability to identity security vulnerabilities in source code
  • A creative mind; able to identify novel ways of bypassing security controls and unintended interactions between multiple systems
  • A hunger for new knowledge and drive to learn; actively participating in the security community and regularly practicing to improve your skills

Your CV should include:

  • Links to source code repositories that can evidence your skills and experience, e.g. scripts, tools, CTF solutions, etc
  • Links to security communities you actively participate on, e.g. forums, CTFs, bug bounties, et

Benefits

In return for your amazing skills we will provide new challenges, an encouraging team of forward-thinking engineers and a competitive salary. We also have all the perks you would expect, including an employee stock plan, training budget, tech allowance, annual Kick-Off events in amazing places (including Hawaii, the Blue Mountains, and Thailand in 2020!) and free lunches. There are also sponsored social clubs and activities including gym, basketball, board games, and even a band - plus you are free to start your own club.

We recognise balance and difference is important in all business and we encourage you to apply regardless of your background, gender, religion or sexual orientation. If you have other considerations or adjustments please highlight them in your application and our recruiter will be in touch.

Save Job