Share this Job

Security Engineer

Date: 11-Jan-2022

Location: Melbourne, VIC, AU

Company: metrotrain


Company Description


Metro is a multi-award-winning organisation, and we pride ourselves on our team of honest, high performing professionals who are talented, inclusive and safety focused and who are at the core of our success. You will be joining an organisation that is known as a global leader in its field but also prides itself on being dynamic, embracing new technologies and focused on customer service. Our aim is to promote work/life balance, allow team members to bring their best to work and to truly be focused on a common goal which is to provide a world-class railway service.

About the Role


The purpose of the Security Engineer role is to provide security advisory and assurance services as part of Security Governance and Compliance.

The role requires an experienced Security engineer with good understanding of secure software development methodologies, standards and processes, security assessments, vulnerability management and working knowledge of contemporary DevOps tools and technologies.



  • Act as subject matter expert on cloud security design, controls and best practices.
  • Review the outcome of vulnerability scanning and penetration testing as well as to assist stakeholders with tracking and prioritising on these remediation.
  • Provide governance and assurance over security controls in systems and applications and/or related services.
  • Assess risks associated with unsupported systems, libraries or outdated security controls in software applications.
  • Assess, formulate, and implement a strategy for software security that can be integrated into the existing Software Development Lifecycle (SDLC) in the organisation.
  • Provide guidance and oversight in static application security testing (SAST) and dynamic application security testing (DAST) for in-scope software applications.
  • Provide reporting on effectiveness of software patching for all in-house or third-party applications including libraries, plugins and database programs.

About You

  • Degree in a technology-related field, or equivalent work or education related experience.
  • Candidates with knowledge and experience in implementing secure coding and familiarity in languages
    • Java, C++, node js, python, bash, ansi C, Angular js, JSP
  • Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) will also be taken into consideration
  • Experience in implementing and working with secure application development frameworks and standards such as OWASP Application Security Verification Standard, NIST SSDF (Secure Software development Framework) and Secure Coding Guidelines for JAVA SE
  • Experience on cloud security and controls, in using automated tools for static and dynamic code review and in using OWASP, NVD / CVE, CVSS standards and vulnerability databases
  • Any of the following certifications around application security will be highly desirable
    • Certified Application Security Engineer (CASE)
    • Certified Application Security Specialist (CASS)
    • GIAC Certified Web Application Defender (GWEB)

Why Work for Metro


  • All Metro Employees receive a free Myki pass that allows free Public Transport in Victoria.
  • Metro supports work/life balance with opportunities to work from home as agreed with your line manager aligned with achieving required business outcomes and MTM’s flexible work policy.
  • Have a significant impact on programs that will directly improve Melbourne’s suburban rail network whilst ensuring these developments do not come at a cost to our safe and cost-effective delivery of services.
  • This is a fantastic and high-profile opportunity to build on the career you have developed to date and be part of the legacy that ‘connects people and places for a growing Melbourne’.

If what you have read resonates with your values, experience and career aspiration then please submit your application




Metro Trains is an equal opportunity employer and embraces diversity. We encourage all interested applicants to apply but please do note only applications with the right to live and work in Australia will be considered for this position.