A great opportunity for a Senior Product Security Engineer, you will play a critical role in protecting our products from potential threats and vulnerabilities. In partnership with the Security Operations and Engineering Manager, the Senior AppSec Engineer will be responsible for leading the product security and application security initiatives, developing and implementing security policies and practices, and collaborating with cross-functional teams to integrate security into the product development lifecycle. Who are you? The ideal candidate will… Provide guidance and counsel on all cybersecurity matters to the Security Operations and Engineering Manager and key business stakeholders. Integrate security into the software development lifecycle, conducting security assessments, code reviews, and threat modelling. Conduct security assessments of web and mobile applications, including static code analysis, dynamic scanning, and manual testing. Identify and analyse security vulnerabilities, design flaws, and security weaknesses in application code and architecture. Collaborate with development teams to perform secure code reviews and provide actionable recommendations for remediation. Oversee security testing activities, including penetration testing, vulnerability scanning, and security assessments. Develop threat models and risk assessments for applications to proactively identify potential security issues. Evaluate and respond to submissions to the Domain Vulnerability Disclosure Program (VDP). Lead product security incident response efforts, coordinating investigations and remediation efforts. Promote product security awareness among development teams and stakeholders through training and awareness programs. Evaluate and manage third-party software and services for security vulnerabilities and risks. Monitor and report on cybersecurity risks to senior management and propose mitigation strategies and recommendations. Generate and present regular reports on product security status, vulnerabilities, and improvements to senior management. Ensure compliance with relevant cybersecurity regulations and industry standards (e.g., Privacy Act, GDPR, ISO 27001, PCI DSS, NIST CSF, etc.). Attributes Minimum of 5 years hands on experience working with engineering and development teams on design and implementation of security best practices in architecture and code . Strong knowledge of product security principles, secure coding practices, and security testing methodologies. Proficiency in conducting security assessments, penetration testing, and vulnerability management. Strong understanding of web application security principles, including OWASP Top Ten vulnerabilities. Proficiency in security assessment tools and methodologies, such as SAST, DAST, and manual testing. Familiarity with programming languages commonly used in web application development (e.g., Java, Python, JavaScript). Communicates effectively with strong verbal and written communication. High attention to detail. Education Tertiary qualifications in Computer Science, Software Engineering, Cybersecurity or a related field. Relevant certifications (e.g., OSCP, OSWE, eCPTX, GPEN) are highly desirable Why join us? We're the right size business for you to make a real impact, with a workplace culture where you can be you. Perks of the role include: Discover your ideal work-life balance with our approach to flexibility - whether it's adjusted hours or making the most of working remotely and from our offices, let's chat about what works best for you; First-rate parental leave and wellbeing policies; Access to Perkbox, giving you discounts across healthcare, entertainment, food, utilities and more Continuous opportunities to leap, learn and grow. We don't just talk, we do. Every day we solve property problems for Australians and beyond. We encourage our people to see the possibilities, and turn them into realities. That's why we want you. Who are we? We shine a light on all things property. Our business aims to simplify the property journey for all involved; motivated by expertise and our exclusive data. Changing the way people engage with property requires a team of diverse thinkers. What's next? One of our talent partners will give your application a good look and give you a call if it's a good match, so apply now Don't meet every single requirement? We're committed to building an inclusive, diverse and supportive workplace, so if you're excited about this role but your past experience doesn't align perfectly, we encourage you to send in your application. You may just be the perfect candidate for this opportunity or another within the Domain Group. Got what it takes?