As a Senior Software Engineer – Application Security (AppSec), you will uplift the developer ecosystem by optimising development tooling, workflows, and security controls. You will work cross-functionally to embed secure-by-default design principles, automated guardrails, and modern application security capabilities that empower engineers to build secure applications without compromising velocity.
We have two vacancies on a 1-year max term to start.
What will you be doing?
Partnering with security, platform, engineering, and product teams to design, implement, and embed secure development pathways (“paved roads”), guardrails, and SSDLC practices that integrate naturally intoengineeringworkflows and CI/CD pipelines.
Configuring, integrating, and scaling modern AppSec tooling such as SAST, SCA, ASPM/ASM, and secret scanning, ensuring these capabilities are reliable, usable, and embedded into the software delivery lifecycle.
Leveraging GitHub Actions, CI/CD pipelines, policy-as-code, scripting, and orchestration to automate security checks, enforce controls, and streamline secure deployment processes without disrupting developer velocity.
Creating andmaintainingtemplates, scripts, documentation, and self-service tooling that empower teams to adopt secure-by-default practices while reducing security friction, false positives, and manual overhead.
Defining metrics, gathering developer feedback, and analysing tooling outcomes to assess the effectiveness of AppSec initiatives, iterating on approaches to uplift both security maturity and developer experience.
Communicating withour Engineering cohortto share new tools, workflows, and secure engineering practices, while running enablement activities (docs, workshops, demonstrations) that drive secure adoption and ecosystem improvements.
Staying on top of emerging vulnerabilities, security trends, andengineeringproductivity advancements, and building strong cross-functional relationships to influence secure behaviours and balance risk with usability and delivery outcomes.
What are we looking for in you?
Experience building or securing cloud-native applications (Azure preferred) with SSDLC/shift-left security practices.
AppSec Tooling: Hands-on experience with modern AppSec tooling such as SAST, SCA, ASPM/ASM, and secret scanning in developer environments.
Practical experience with GitHub Actions, CI/CD pipelines, policy-as-code, or equivalent automation platforms.
Proficiencyin scripting or infrastructure-as-code languages (e.g. PowerShell, JavaScript/Node.js, Bash, Terraform or similar) to build automations, actions, and platform integrations.
Empathy forengineeringworkflows with the ability to balance security, productivity, and usability.
Ability to influence technical stakeholders, articulate security impacts clearly, and work cross-functionally across engineering, security, and platform teams.
Previousexposure to GitHub administration or GitHub Advanced Security features such as code scanning, secret scanning, and dependency risk management will be highly regarded.
What can we offer you?
Work withcutting-edgetechnologies and be part of a team driving digital transformation across RACWA.
Join a team that valuespersonal development and enablescontinuous learning opportunities, certifications, and career progression within a supportive and growth-focused environment.
Benefit from flexibleand hybridworking arrangements, includingtemporaryremote work options and a focus on work-life balance.
Contribute to high-impact projectsor productsthat directly enhance RACWA's services to its members and the community.
Be part of an organisation that embraces diversity and inclusion, ensuring a welcoming environment for all employees.
Take advantage of a strong focus on employee wellbeing, including mental health support, wellness programs, and fitness incentives.
Engage in meaningful community and social responsibility initiatives that align with RACWA's values and mission.
About RAC
RAC WA is a member-focused organisation dedicated to serving the Western Australian community. Our mission is to create a safer, more sustainable, and connected future for all Western Australians
RAC values inclusivity, diversity, and flexibility in the workplace. As an Equal Opportunity Employer, we welcome everyone. Forassistanceduring the application process, contact jason.crooks@rac.com.au#LI-JC1
At RAC we offer career opportunities that will allow you to give back and make a difference to our members and the WA community. We pride ourselves on employing the highest calibre of people to meet our member’s needs. RAC promotes healthy living and aims to protect health and safety of employees, members and visitors.
RAC has been a part of the West Australian community since 1905. We are unique organisation, built by members for members. From our origins as a motoring club, we have grown to a diverse organisation of over 1,400 employees serving more than 1 million members with a range of products and services. RAC’s difference is that we are a membership organisation, which means we don't have shareholders and we reinvest our profits for the better of our members and the WA community.
House rules:
We really enjoy receiving your feedback, comments and experiences and enjoy getting the most out of our LinkedIn community. With this in mind, we ask that you stick to the following guidelines:
• Please be polite to other RAC LinkedIn users and treat each other as you would like to be treated.
• Please don’t give out any personal information.
• We cannot allow any inappropriate or offensive language.
• Advertising, spam, selling and links to external shopping sites are not allowed here and will be removed.
• If you want to post a link to another site to illustrate your point, please do not link to sites that require registration in order to view, or any site that prompts an automatic download as these comments will be removed.
• Page admins and the RAC LinkedIn community must be able to easily understand your message. For this reason we can't allow messages which are written in code or a language which isn’t English.
• We reserve the right to de-tag RAC from any posts or photos that we deem inappropriate.
• Please note that repeat offenders may be reported and will be blocked from the LinkedIn page.
