Atlassian seeks application security engineers

By

Blackbox pen-testers need not apply.

Atlassian is seeking two application security engineer for its Sydney office.

Atlassian seeks application security engineers

The engineers will be responsible for application security in Atlassian products and services such as JIRA, Confluence, Bitbucket, Hipchat and OnDemand.

They will use their application security knowledge to write production-grade software for the small Atlassian team to use. 

Candidates will develop security tools and improve existing ones for attack detection, compromise detection, and vulnerability discovery and find vulnerabilities in Atlassian products and services.

Team lead Vitaly Osipov said the company is seeking a person with strong code auditing skills who would also be comfortable using Burp Suite and talented developer who can write large scale data processing code and is familiar with information security.

"Both have to be a good cultural fit and both have to be able to work with non-security teams," Osipov said.

Each applicant sits a basic automated Java test (not a coding task) that is designed to test either basic knowledge of Java, or an individual's attitude and learning skills.

Osipov said the company was not seeking those who:

  • Do only blackbox vulnerability scanning or penetration testing (although Atlassian does some testing of apps.
  • Run 100 percent manual code reviews because of the large amount and rapid changes in Atlassian code.
  • Cannot write their own tools
  • Have application security experience limited, for example, to running Appscan or Fortify.
  • Do not feel comfortable working with developers to get vulnerabilities fixed.
  • Think their job is to police 'stupid developers'.

Atlassian will sponsor Australian work visas for the right candidates.

Skills

  • Delivered production software in Java and Python, ideally both
  • Experience in conducting application security assessments
  • Past experience in Agile software development environments, ideally at a software vendor
  • Published security research or conference talks
  • Ability to handle projects of varying scope
  • Teamwork skills
  • Created security tools with some functionality of attack detection; log analysis; web application scanners, or source code analysis tools
Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
atlassiancareersjobssecurity

Sponsored Whitepapers

Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Wasabi Reveals Hidden Costs and Cloud Storage Shifts in ANZ for 2025
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?