Principal Cyber Security Engineer

Stuff

  • Wellington Auckland
  • Permanent
  • Full-time
  • 15 days ago
Stuff Limited is New Zealand's leading media company committed to providing reliable news, information, and entertainment to millions of New Zealanders. We pride ourselves on our innovation, commitment to excellence, and dedication to serving our audiences across multiple digital platforms. Join our team and contribute to shaping the future of digital media in New Zealand.We are seeking a highly skilled and motivated Principal Cyber Security Engineer to join our team at the Stuff. As the Principal Cyber Security Engineer, you will play a key role in the application of security principles from design through to delivery of our digital platforms, with a specific focus on cloud, identity and web application security. You will work across cross functional teams to share and embed applied security practices.Your key responsibilities
  • Ensure digital applications align to cyber security best practice
  • Embed use of secure application and integration protocols
  • Embed standards to safeguard digital sites from DDoS attacks and web application security attacks
  • Develop and deliver training programs to enhance understanding of best cyber security practices and secure coding standards
  • Support continuous improvement in team workflows to ensure secure, high-quality delivery at pace
  • Design and implement automation strategies within CI/CD pipelines
  • Conduct regular security assessments, code reviews, and configuration reviews to maintain the integrity of our applications
  • Maintain views of threat models and attack boundaries for our digital applications and platforms
What you'll bring
  • Thought leadership shifting security left through automation in CI/CD and the SDLC
  • Passion and motivation to raise security awareness and knowledge
  • A strong focus on customer outcomes
  • Experience in the design and operations of secure cloud and web applications
  • Experience mapping and articulating security threats and attack vectors to technical and non technical stakeholders
  • Experience in web application security including OWASP, secure API development, OAUTH 2.0
  • Experience in Federated Identity and login solutions using OIDC and SAML, stateless and stateful login sessions leveraging short life JWTs or secure httponly opaque session tokens
  • Exposure to multiple cloud platforms such as AWS, GCP, Azure
  • Exposure to multiple web application frameworks and languages, such as Angular and React, .Net and Java, Python
  • Experience implementing security automation tooling including using static and/or dynamic security testing using solutions like OWASP Dependency Checker, Snyk, SonarQube, OWASP ZAP, Burp Suite
  • Experience automating security in CI/CD pipelines such as Github actions, Jenkins, Spinnaker, Azure DevOps, ArgoCD
  • Experience communicating threat models using diagrams or threat model tooling such as OWASP Threat Dragon, or LucidChart
  • Exposure to zero trust strategies including internal PKI and mTLS, using tools such as Istio, or service mesh, and Multi Factor Authentication bastions and auth proxies
Benefits of working with us include
  • Flexible working arrangements
  • Medical insurance
  • A generous parental leave policy for any employees who are the primary or secondary carer
  • Ongoing training and opportunities to attend conferences
Think you can do the job? Then apply now and start your journey with Stuff today.Ka oti rānei i a koe tēnei mahi? Kāti, tono mai ināianei kia tīmata ai tō haerenga me Stuff i tēnei rā.Stuff champions inclusion. Be it gender, ethnicity, beliefs, abilities or experiences - we know that diversity brings another lens through which we all learn, connect and grow.E kōkiri nei a Stuff i te whāinga kia whai wāhi ai te katoa. Hāunga te ira, te iwi, ngā whakapono, ngā āheinga, ngā wheako rānei o te tangata - e mōhio nei tātou mā te kanorau e whai tirohanga hou ai, e ako ai, e tūhono ai, e whanake anō ai tātou katoa.As we are committed to creating a workplace that reflects the diverse communities in New Zealand, we will always invite and encourage applications from people of all genders, ethnicities, disabilities and ages. We are committed to providing equal employment opportunities for all.Nā runga i tā mātou ū ki tētahi taiao mahi e whakaatu ana i te kanorau o ngā hapori i Aotearoa, i te ao, i te pō, ka pōhiringia, ka ākina anō ngā tono mahi a te marea whānui, hāunga te ira, te iwi, te hauātanga, te pakeke rānei. E ū nei mātou ki te whai kia wātea ai ā mātou ara whai mahi ki te katoa i runga i te mana taurite.Disclaimer: Stuff does not accept unsolicited agency resumes. Stuff is not responsible for any fees related to unsolicited resumes.

Stuff

Similar Jobs

  • Security Software Engineer

    Fujitsu

    • Wellington
    About the job Security Software Engineer Security Software Engineer We are Fujitsu We use technology to make happier lives. We are a global leader in technology and business s…
    • 13 days ago

  • Security Architect / Consultant

    Beyond Recruitment

    • Wellington
    We are seeking a skilled Security Architect for a contract initially until end of June in Wellington, to lead our client's Strategy and Roadmap Security Consultancy initiatives. …
    • 27 days ago
    • Apply easily