Senior Security Engineer

An exciting opportunity exists for a Senior Security Engineer to join a high-performing Cyber Business Enablement team within a complex, enterprise-scale technology environment. This role plays a critical part in strengthening the organisation’s security posture by embedding security-by-design principles across software delivery and operational processes. This is a contract role based in Melbourne CBD in a hybrid working environment.

Partnering closely with technology leaders, developers, and delivery teams, you will lead the implementation of secure software development lifecycle (SDLC) practices, CI/CD security guardrails, and DevSecOps capabilities to ensure applications and platforms are resilient, compliant, and secure by default.

This is a hands-on, delivery-facing role requiring strong technical expertise, consulting capability, and the ability to influence at scale.

Key Responsibilities

• Collaborate with internal stakeholders and delivery partners to secure development pipelines and embed security engineering practices aligned to cybersecurity strategy, policies, standards, and compliance requirements.
• Design, implement, and maintain security controls across the end-to-end software development lifecycle.
• Establish and enforce CI/CD security guardrails to identify and mitigate vulnerabilities early in the development process.
• Participate in and facilitate threat modelling activities for new initiatives and critical systems.
• Apply recognised frameworks and methodologies such as AESCSF, MITRE ATT&CK, D3FEND, NIST, and OWASP to enhance detection and defensive capabilities.
• Integrate, operate, and optimise application security tooling including SAST, DAST, and SCA.
• Provide security consulting and guidance to cross‑functional teams, vendors, and delivery squads on secure coding, architecture, and risk mitigation.
• Ensure standardised delivery of security assessments and penetration testing across technology initiatives.
• Drive continuous improvement of security processes in line with evolving regulatory and industry standards.
• Contribute to security awareness, knowledge-sharing, and uplift of engineering capability across development and operations teams.

Skills & Experience Required

• Proven experience conducting penetration testing across web applications, mobile platforms, APIs, and infrastructure, including complex vulnerability discovery and real-world attack simulation.
• Strong background in security engineering within medium to large, complex organisations (5+ years).
• Experience working in regulated environments; government or public sector exposure is highly regarded.
• Deep knowledge of secure software development practices and frameworks such as OWASP SAMM, CWE, MITRE ATT&CK, and NIST.
• Extensive hands-on experience with CI/CD pipelines and embedding security controls within DevSecOps models.
• Demonstrated capability integrating and managing application security tools (SAST, DAST, SCA).
• Strong experience in vulnerability management, remediation prioritisation, and executive-level reporting.
• Hands-on automation and scripting experience for security tasks.
• Solid exposure to production deployments, post‑incident reviews (PIRs), and operational risk management.
• Excellent communication skills, with the ability to translate complex technical risks into clear, concise business language.
• Strong analytical mindset with a practical, outcome-focused approach to problem solving.
• Extensive experience working with Microsoft Azure and cloud-native technologies.
• Program or project delivery experience within enterprise technology environments.

Qualifications (Highly Desirable)

• Degree in Computer Science, Engineering, or a related discipline.
• Industry certifications such as:
  • OSCP / OSWE
  • CISSP
  • GICSP
  • Or equivalent professional experience and continuous development.

If you are a senior-level security engineer passionate about secure software delivery, DevSecOps, and driving meaningful security outcomes, this contract opportunity offers both challenge and influence.

At Chandler Macleod, we are committed to fostering a diverse workforce where everyone is welcome. We encourage applications from Aboriginal and Torres Strait Islander peoples, women, neurodiverse, people living with a disability and the LGBTIQA+ community.

You can read more about our commitment to diversity and inclusion at https://www.chandlermacleod.com/diversity-and-inclusion.