Senior Security Engineer - Product Security & Architecture

Company Description

Are you ready to be a big part of something big? 

At carsales, we’re all about making buying and selling a great experience. Since 1997, we’ve been evolving with the new economy to help people choose how they move - today and tomorrow. 

When it comes to your career, we want to offer meaningful opportunities that empower you to make a lasting impact. But for that to happen, we strive to feel small - small enough to stay agile, learn across teams, and connect authentically with each other. 

With a vision to be the global leader in online vehicle marketplaces, we’re transforming how people buy and sell across the world. We discover new ideas and bring them to life. We continue to grow, and we continue to evolve and we’re not afraid to take bold steps to get there. 

A career in Cyber Security will see you working at the intersection of security and engineering - helping our product and development teams build securely from the ground up. This position sits within our Cyber Security team to embed security into our software development lifecycle to securely design and ship great products. 

We embrace hybrid working - combining the flexibility of remote work with the energy and connection of in-person collaboration. We champion flexibility and offer a range of policies and leave options to support your wellbeing. 

What’s on offer

• Recognition as one of Australia’s Best Workplaces™ by Great Place to Work®, a Family Friendly Workplace, a WORK180 endorsed employer.
• A highly engaged, collaborative team where you’ll learn from exceptional talent.
• 24 weeks paid parental leave for primary caregivers, four weeks for secondary caregivers, and six weeks paid gender-affirming care leave.
• Regular hackathons, continuous learning opportunities, and wellbeing initiatives that support your mental, emotional, and physical health.

Job Description

What you’ll be doing: 

As a Senior Security Engineer - Product Security & Architecture, you'll embed security into the heart of how we design and build products. This isn't a traditional high-level architecture review role - you're a builder who partners deeply with engineering and product teams on secure architecture patterns and automated tooling to enable a secure-by-design mindset. As a technical SME, you will play a hands-on role in shifting security left and scaling secure design best practice across the organization. 

• Partner with engineering and product teams across the business to embed security into product design, architecture and the software development lifecycle. 
• Guide engineering teams through the maturation of application security best practice. Contribute to the development of security standards, guidelines and self-service resources that enable engineering teams to move fast and stay secure. 
• Perform threat modelling and secure architecture reviews to provide actionable, developer-friendly guidance that empowers teams to make good security decisions early on. 
• Develop tooling, including AI-powered agents, to enable a secure-by-design  mindset through the design, build and release phases of the product development lifecycle 
• Mentor engineers and foster a security-first mindset across product and engineering disciplines. 

Qualifications

What we’re looking for: 

• Demonstrated experience working directly with software engineering teams to enable a security mindset in product design and application development and architecture. 
• Hands-on experience building automation workflows and/or AI agents to scale security design and architecture practices - you are a builder first. 
• Strong understanding of application security and secure software development lifecycle practices. 
• Experience performing threat modelling and architecture reviews in a modern cloud-native environment. 
• Familiarity with infrastructure-as-code security and cloud security posture management. 
• Strong collaboration and communication skills, with the ability to translate complex security concepts into accessible, actionable guidance for non-security audiences. 
• Aligned with our values: we change the game, we own it, we step in, we are curious, we don't take ourselves too seriously. 

We know not everyone will meet every requirement, and that’s okay. If you’re excited about the role and believe you can make a difference, we’d love to hear from you.

Additional Information

A few other things we want you to know...

• As an equal opportunity employer, carsales welcomes applications from individuals of all backgrounds, identities, abilities, and life experiences. We are committed to fostering a diverse and inclusive workplace where everyone feels valued and supported.
• If you have a disability or require adjustments to participate fully in the recruitment process, please let us know - we’re here to support you.
• We understand the importance of work-life balance and offer flexible working arrangements, including part-time options. If you’d like to explore this, just ask during the process.
• We’re also a proud Circle Back Initiative employer, which means we commit to responding to every applicant.
• Successful candidates joining the carsales team will need to complete a National Police Record check and must have full-time Australian working rights.

So come join us - because every role plays a vital part in our journey toward something big!