Who are we? So you might ask, who's CreditorWatch? Well, we are a leading Australian data and technology company that provides businesses with access to unique data and innovative products. By using our platform, our customers can confidently manage their commercial relationships, improve productivity and reduce financial risk. As a commercial credit reporting bureau, we offer a complete suite of credit reporting products and data insights covering the entire customer lifecycle, from customer onboarding and credit decision automation to credit risk management and automated collections. We were established in 2010 and most recently were named as one of AFR's Top 10 Best Places to Work as well as certified by Great Place to Work consecutively across . We saw significant growth in 2025 and that's not about to change. We are on track to break records in 2026, scaling at pace, making this the perfect time to join CreditorWatch. Our Purpose Empower Australian businesses to trade confidently with their customers. Our Mission We aim to be number one in our industry by delivering unique data insights and innovative products. Your Role & Team As we continue to invest in our security tooling and capabilities, we are establishing a dedicated Security Engineering function to ensure we are not just purchasing security platforms, but actively operating, tuning, and integrating them effectively. We are looking for a Security Engineer to join this newly created team. This is a hands‑on, generalist role spanning both enterprise/internal security (IAM, Zero Trust, DLP, SSE, EDR) and product security (application security, vulnerability management, SDLC hardening, security reviews). You will split your time across both domains—helping to protect our corporate environment while embedding security into the way our engineering teams build and deliver software. This is not a narrow, single‑domain role. You will work across the full stack—from employee endpoints and SaaS platforms through to CI/CD pipelines, cloud infrastructure, and the application layer. You will act as a trusted partner to Engineering, a technical resource for the broader business, and a key contributor to maintaining the security posture expected of an Australian credit bureau handling sensitive financial data. You'll report directly to the Principal Product Security Engineer in this role. Please note, it's a full‑time opportunity offering hybrid working conditions out of our Sydney CBD Office . Some of your responsibilities include and are not limited to: Enterprise & Internal Security Improve the security posture across our SaaS platforms, employee endpoints, and office networks. Implement, tune, and operate enterprise security solutions including SSE, EDR, DLP, Email Security, and IAM. Enhance threat detection and response capabilities, contributing to operational runbooks and owning security alert workflows. Product & Application Security Strengthen the security posture of our platform and SDLC through security reviews, threat models, risk‑based assessments. Identify vulnerabilities and provide practical remediation strategies aligned to business impact. Embed and operationalise security controls within CI/CD pipelines (SAST, SCA, secrets detection) with clear ownership, SLAs, and automated feedback loops. Drive initiatives to harden the software supply chain and CI/CD infrastructure, enabling secure development and deployment practices. Cross Organisation Act as a trusted advisor to Engineering, providing guidance on secure development practices across CreditorWatch products and services. Contribute to frameworks, guidance and tooling that enable engineers to safely adopt AI/ML capabilities in software development. Mentor engineers and security champions to uplift security awareness and foster a proactive security culture. Contribute to vulnerability management processes, ensuring findings are tracked, prioritised, and remediated in line with risk tolerance and SLOs. Provide domain expertise in security‑related incident response processes. Support compliance and assurance activities (ISO 27001, SOC 2) where they intersect with engineering controls and evidence. Our ideal candidate Demonstrated hands‑on experience across multiple security domains , with the ability to operate as a broad generalist. Experience with application security practices , including secure code review, SAST/SCA tooling, threat modelling, and vulnerability management in cloud‑native or SaaS environments. Working knowledge of cloud security (preferably AWS), including IAM, networking, and services such as Security Hub, Inspector, or GuardDuty. Experience embedding security into CI/CD pipelines and working closely with engineering teams to shift security left without impacting delivery. Familiarity with enterprise security tools such as EDR, SSE/SWG, DLP, email security, and ASPM platforms. Strong understanding of identity and access management concepts , including SSO (OAuth, OIDC, SAML), conditional access, and least privilege. Exposure to relevant compliance frameworks (e.g. ISO 27001, SOC 2, OWASP Top 10). Ability to script or automate workflows using tools such as Python, Bash, or APIs. Strong communication skills , with the ability to translate security findings into practical guidance for engineers and articulate risk to non‑technical stakeholders. A genuine interest in working across a broad range of security domains and context‑switching as required. We are committed to you We offer a fantastic culture with open communication and rewards and recognition that include probation celebrations, all‑staff birthday and service anniversary celebrations. We are an equal opportunity employer and committed to excellence through diversity. We do not discriminate on race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. #J-18808-Ljbffr