Ready to shape the future of data?
Matillion is the intelligent data integration platform.
We're changing how the world works with data – and we need driven, curious people who think big and move fast.
We built the Data Productivity Cloud to supercharge data productivity, and now we’re shaping the future of data engineering with Maia – our AI-powered virtual data engineers that help teams design, build, and manage data pipelines at unmatched speed.
Join #TeamGreen, where the mission comes first, collaboration drives us forward, and everyone pulls in the same direction to make a dent in the universe bigger than ourselves.
Role Purpose
Matillion is built around small development teams utilising a modern, cloud-based technology stack to deliver products. The AppSec Engineer will work in an engineering capacity to product and engineering teams to ensure security is baked into the product from the design phase creating a SecDevOps workflow.
What you will be doing
Design
Establish and lead security champions programme across the development squads
Build functional and nonfunctional requirements for the application in conjunction with the product team
Input abuse case stories into the product backlog
Evangelise security across the product team, ensuring security stories are prioritised against feature goals
Assess SDLC security gap risks and propose remedies
Consult
Instruct and guide developers on how to conduct Threat Modelling during application Design
Act as the single point of contact for security concerns arising from the development team providing advice on how to solve technical software issues
Lead the pentesting cadence around the core application set by conducting hacking exercises
Provide application code reviews against known development frameworks such as OWASP ASVS
Provide input into the design of functional and non-functional security controls such as customer authentication workflows
Run Security Champion sessions to keep developers aware of security developments
Engineer
Establish security into the CICD pipeline such as SAST/IAST/DAST
Automate and build nifty security tools to test Matillion applications
Integrate testing, build failures and outputs to the development team to ensure passage to production is secure
Create security tests for code and assist developers in building security unit testing
Support
Responsive support to the development teams
Analysis of logs to identify issues and provide solutions
Innovation
Research projects, including prototyping, to explore future opportunities
Investigate new technologies
Optimise the infrastructure deployment process through use of automation, in-house and open source solutions
Self-Development and Growth
Develop new skills by working with other members of the team
Work with the Team Lead to identify training goals
Lead and partake in technical discussions within the team
Actively identify and complete opportunities for self-training and external training
Drive the team’s process of continual improvement
What we are looking for
Technical / Role Specific
Essential
A passion and drive to succeed in Application Security
Understanding of Software Development Life Cycle
Desirable
Security professional at heart borne from a software engineering background
Experience of working with the OWASP ASVS framework
Experience in Agile delivery environments
Greenfield experience setting up security technologies from scratch
Outgoing and able to build relationships with key stakeholders
Personal Capabilities Required, e.g. skills, attitude, strengths
Can do attitude, willing to take on a wide range of security issues
Keeps up to date with security developments
Keen to engage with the security community on a range of topics
Fast learner
