Application Security Engineer

Who we are and what we do

Audinate leads the world in networked media with our "Dante" technology which is used extensively in professional audio & video applications, including live events, broadcast, entertainment venues and communication systems.

Dante replaces all audio and video connections with a computer network, effortlessly sending video or hundreds of channels of audio over slender Ethernet cables with perfect digital fidelity. Adopted by hundreds of manufacturers in thousands of products, Dante is the de facto standard for modern AV connectivity.

You’ll find us in the largest companies and institutions like the Sydney Opera House, NFL Media Headquarters, Microsoft, major universities and even a 900-year old cathedral featured in Harry Potter.

What You’ll Be Working On

As an Application Security Engineer, you will play a crucial role in ensuring the security for Audinate product development of Dante devices, Dante software services and supporting applications (SDKs, Evaluation Kits).

This position involves a blend of application security expertise and an understanding of the unique challenges faced by IoT and product vendors. You will work closely with the Audinate product security architect to coordinate and mature Security by Design across the full spectrum of our ecosystem, from device hardware to communication protocols and integration with supporting application services.

Your goal will be to identify, assess, and mitigate vulnerabilities in our product releases, ensuring they are resilient against cyber threats while maintaining functionality and user experience. 

How we work

We have flexibility to work from home but also collaborate every week in-person at our office in Surry Hills as well as working remotely alongside engineering colleagues in the UK, Belgium and the Philippines.

In This Role, You Will:

• Educate and guide product development teams, championing a culture of secure development practices and continuous improvement. 
• Lead threat modelling sessions to identify, quantify and address security threats with product teams. 
• Conduct security assessments, penetration testing, and vulnerability analysis specifically tailored to IoT devices and their ecosystems. 
• Collaborate with product development teams to integrate technical security measures into Audinate Dante products' hardware and software design from the outset. 
• Providing technical guidance and direction to product teams to comply with security frameworks, requirements, and best practices for IoT device development.
• Work with product and cloud teams to secure supporting services to Dante ecosystem. 
• Stay up to date with emerging security threats, technologies, and regulatory requirements relevant to Dante products and supporting services. 
• Create security documentation and guides for development and product teams, focusing on product and IoT security considerations. 
• Operationally responsible for maintaining the application security testing suite (including Synk).
• Support and collaborate with product teams to deploy security testing across branching and CICD release for execution of security test cases and security benchmarks.
• Work with product teams to identify, record and track identified vulnerabilities and bugs. Assessment of application vulnerability reports and potential impacts to Audinate Dante products and services. 
• Manage product vulnerability reporting as part of overall security by design assurance.

You Will Have:

• Knowledge of secure coding practices and the ability to work with development teams to implement these practices throughout the software development lifecycle (SDLC). 
• Ability to work collaboratively with cross-functional teams, including Dante product engineers, software developers, QA testers and product managers. 
• Experience working closely with development and product teams to communicate progress/dependencies and to understand business requirements. 
• Strong communication skills to effectively articulate the associated security risks for identified security vulnerabilities and provide recommendations to technical and non-technical audiences. 
• Experience in application and product security within the IoT space or related fields. 
• A solid understanding of IoT architectures, protocols, and technologies, along with the security challenges unique to IoT. 
• A proactive approach to learning and adapting to new technologies and security trends in the Audinate Dante ecosystem. 

Preferred Technical Skills and Knowledge:

• 5+ years of industry experience with a variety of security testing tools (static application security testing [SAST], dynamic application security testing [DAST], software composition analysis [SCA], and penetration testing tools).
• Hands-on experience with Snyk is highly desirable.
• Proficiency in security assessment tools and techniques applicable to IoT products. 
• Working knowledge for test automation in Python (or similar)
• Experience in integrating security validation and testing within CICD stage-gates.
• Understanding of embedded system security, including secure boot, secure firmware update, debug interfaces, etc 
• Understanding of security best practices for cloud providers (e.g. AWS, Azure) and containerised hosting (e.g. Docker, Kubernetes)
• Relevant certifications in cybersecurity testing (e.g. OSCP, CEH) are highly desirable. 

What you’ll experience with us

With us, your ambition extends as far as our reach. Working alongside experts and enthusiasts from different backgrounds, you’ll refine your skills as we define our products. We’ll experience and share a purpose we can see and hear as we pioneer the future of AV together.

In addition to a competitive salary, annual bonus and equity incentive plan, you’ll experience our diverse, values-based culture and a range of benefits such as flexible working through to volunteering leave.