Security Design Lead

Job Title

Job Description

Rabobank is the worlds leading specialist in food & agribusiness banking. One of our key strengths lies in our people who have a deep understanding of agriculture & are committed to adding long-term value for clients. Our commitment to our employees & clients is at the heart of everything we do.

Rabobanks Technology Engineering Security Team is accountable for designing developing & implementing cybersecurity controls to detect & mitigate threats. The team comprises of Security Architecture Vulnerability Management Security Testing & Red Team. The team now has an opening for a Security Design Lead based in Sydney

The Security Design Lead is an individual contributor role that will spearhead the integration of security practices within DevOps processes ensuring alignment with the banks security strategy & architecture. You will play a key role in implementing robust security & compliance measures across the SDLC with a focus on delivering secure scalable & automated solutions.

Top Role Accountabilities:

• Align Security Strategy:Partner with architects to embed secure design patterns & DevOps practices aligned with compliance goals
• Conduct Security Reviews:Perform technical assessments & secure design reviews across both in-house & cloud-based deployments ensuring secure configurations
• Automate & CI/CD Integration: Develop & integrate tools for continuous security testing (SAST DAST SCA IaC) into CI/CD pipelines
• Automated Security Audits:Build automation solutions to detect monitor & detect misconfigurations. Implement policy-as-code frameworks to enforce security guardrails
• Enhance Tooling:Develop APIs integrations & recommend configuration improvements to enhance efficiency & usability
• Promote Secure Coding:Guide teams on secure coding standards to reduce vulnerabilities in software development
• Threat Modelling:Lead threat modelling exercises to identify potential security threats & design countermeasures within DevOps workflows
• Cross-Functional Collaboration: Work with development operations & security teams to foster a culture of security awareness & shared responsibility. Champion the implementation of shift-left security practices within Technology Teams. Support internal & external audit & compliance initiatives
• Risk Management:Collaborate with the vulnerability management team to conduct risk assessments & prioritise remediation efforts based on business impact & threat severity
• Documentation & Reporting:Provide guidance to teams on maintaining documentation of security designs processes & compliance measures. Deliver regular security reports playbooks & infrastructure & application hardening guides

To be successful you will have:

• 5 years of experiencein security engineering DevOps or related fields with3 years focused on securitywithin DevOps practices across hybrid cloud environments
• In-depth knowledgeof DevOps pipelines & secure SDLC integration
• Hands-on expertisewith infrastructure-as-code tools such asBicep ARM templates Terraform &YAML pipelines
• Proficiency withautomation tools( Ansible) & CI/CD platforms ( GitLab GitHub Actions Azure Pipelines)
• Proven ability tocollaborate with developers & platform engineersto embed security into design deployment & monitoring workflows
• Demonstrated experience integrating security tools into CI/CD pipelines ( Check Marx or similar vulnerability management solutions)
• Strong understanding ofsecurity best practicesin infrastructure-as-code environments
• An ability tobuild & manage automation toolsfor security validation policy enforcement & compliance reporting
• Excellentproblem-solving skillswith a focus on designing secure scalable & resilient solutions
• Solid grasp ofcommon vulnerabilities attack vectors & modern security defence strategies
• Deep knowledge ofsecure coding standards( ASVS CERT SCP NIST SSDF)
• Practical experience withthreat modelling methodologiessuch asSTRIDEorDREAD
• Familiarity with leadingsecurity frameworks & benchmarks( CIS STIG Cloud Security Benchmarks)
• Knowledge ofrisk management frameworks& compliance standards ( 27001 SOC 2 PCI-DSS)

Applicants must hold valid work rights for this role.

Our Values

Rabobank Australia values inclusion belonging & positive experiences for all. Our work environment our benefits & the way we live our values Client Driven Responsible Professional & Cooperative make it a great place to work. We welcome applicants from diverse backgrounds.

Please let our Talent Acquisition team know if you need any accommodations to make our opportunities more accessible to you.

What were proud to offer you:

• is our hybrid way of working at Rabobank & for Australia that means we have a blend of time working between the office for 2 days & home
• Wellbeing leave. These 2 extra leave days support greater work/life balance & is just another way we are helping our employees to lead happier healthier & more fulfilling lives
• Education Assistance Program. Rabobank values the development of its people & has a great Education Assistance Program to assist with professional development.
• Bonus & Additional Leave. We realise sometimes 4 weeks Annual Leave isnt enough! At Rabobank we provide an incentive for eligible employees to receive 1 extra week Annual Leave & an option to purchase another 2 weeks Annual Leave
• Extra Insurance. Rabobank recognises that employees need to protect their financial wellbeing in the event of serious illness injury or even death. Rabobank provides eligible permanent employees with employer-funded Death TPD & Income Protection Insurance
• Rabo Workplace Giving program. As part of Rabobanks global Corporate Social Responsibility Workplace Giving aims to encourage employees to contribute to our community. Rabo Workplace Giving program matches employee donations to selected Social Partners