AppSec Engineer

Who is Quantium?

Quantium is a world leader in data science and artificial intelligence. Established in Australia in 2002, Quantium is a global team of more than 1,200 people across 14 locations with a unique blend of capabilities across product and consulting services to help businesses unlock value from data and analytics. Quantium partners with the world's largest corporations to forge a better, more intelligent world.

We're looking for an Application Security Engineer to join our growing AppSec function — a centralised team that works across all of Quantium's engineering teams to improve secure development practices and strengthen how we build software.

This is a collaborative, cross-functional role. You'll spend your time working alongside development teams — helping them understand vulnerabilities, improve their pipelines, and adopt better security practices — rather than operating in isolation. The role blends security expertise with engineering fluency, and suits someone who can be credible in both conversations.

You don't need to come from a single background. You might be an engineer who's developed a strong security interest, an infrastructure or cloud specialist with demonstrated security knowledge, or a security professional who genuinely understands how software is built. What matters is the overlap — you can explain a vulnerability to a developer in terms of what needs to change in their code and their pipeline, not just what the scan found.

How you will make an impact:

• Work with engineering teams across the business to improve secure development practices, helping them stay on top of vulnerabilities and build security into their workflows
• Guide teams on common vulnerability patterns, grounded in frameworks like the OWASP Top 10, and advise on practical remediation in code
• Help embed security controls into CI/CD pipelines, shifting security left in the development process
• Maintain and improve vulnerability reporting and security scanning processes, ensuring the link between scanning output and remediation action is clear and effective
• Build credibility and trust with development teams so that security guidance is welcomed and acted on
• Contribute to maturing Quantium's AppSec capability — moving from reactive vulnerability management toward proactive best practice and prevention
• Collaborate with the broader security team and SRE to ensure application security efforts are aligned with Quantium's wider security posture

The superpowers you'll bring to the team:

• A solid foundation in application security — you understand the main routes by which vulnerabilities enter software and how to address them
• Familiarity with the OWASP Top 10 and how those risks translate to real code and architecture decisions
• A good understanding of CI/CD pipelines and where security tooling and controls can be integrated
• Enough engineering knowledge to be credible with development teams — you understand how software is built, tested, and deployed
• Strong communication and influencing skills — this role is about guiding and advising teams, not mandating from the sidelines
• Adaptability and comfort with ambiguity — the work shifts based on what's needed, from chasing remediation to building best practice frameworks
• Comfort with a role that is more advisory and cross-functional than hands-on coding

Nice to have (not required):

• Background as an application or infrastructure engineer who's moved into security
• Experience with security scanning tools (SAST, DAST, SCA) and integrating them into development workflows
• Cloud security experience (GCP, AWS, or Azure)
• Familiarity with secure architecture and design review practices
• Experience working in a centralised security function that partners with multiple engineering teams

What could your Quantium Experience look like?

Working at Quantium will allow you to challenge your imagination. You will get to solve complex problems using rigor, precision and by asking great questions – but it also means you can think big, outside the box and push your problem-solving skills to the max.

By joining the Quantium team, you'll get to:

• Forge your path: So many of our team have moved around different teams or offices. You'll be in the driver's seat, and we empower you to make your career your own.
• Find your kind: Embrace diversity and connect with your tribe (think foodies, dog lovers, readers, or runners).
• Make an impact: Leave your mark. Your contributions resonate, regardless of your role or rank.

But wait, there's more!

We've got some pretty sweet perks:

• Flexible work arrangements: Achieve work life balance at your own pace with hybrid and flexible work arrangements.
• Continuous learning: Our vision is empowering talent to thrive.
• Remote working: Embrace the opportunity to work outside of your assigned home location for up to 2 months every year.

Apply now and let's forge a better, more intelligent world together!

Quantium’s recruitment process involves the collection and use of personal information, see our Candidate Data Collection Notice for more information. This provides information on how we collect, use & store your personal information, including potential disclosure to our majority shareholder, Woolworths Group Limited.