We Dream. We Design. We Deliver.
Join hummgroup, one of Australasia’s most successful and enduring non-bank financial services institutions. We specialise in fast, easy finance with a market-leading range of business asset finance, credit cards and point of sale payment plan solutions designed around the core needs of today’s businesses and retail consumers. Come join our team and be a part of our next chapter of innovation and growth.
What's so exciting about this role?
The Cyber Security Team, which sits within Digital & Technology at hummgroup, sits along-side our delivery squads and monitor, advice and manage the security posture of our digital assets. Their vision is to maintain a mature cybersecurity practice that continuously reduces the group’s cyber risk exposure.
We are looking for an experienced cybersecurity practitioner who is passionate about safeguarding digital assets and ensuring robust security measures. You will collaborate closely with the technology engineering and delivery team to identify, assess, and mitigate vulnerabilities in a timely manner. Your expertise will be crucial in addressing application and infrastructure security issues, ensuring our systems remain secure and resilient.
What Does An Average Day Look Like?
No day is average at humm but here’s an idea of what you can expect to do in this role:
- Leading a cross-functional security approach, setting the technical direction for the security architecture and liaising with product and tech leads on solutions before build and reviewing implementations post build.
- Proactively identifying and participating in continuous improvement initiatives within engineering and delivery to ensure we improve our security posture and maintain a safe environment.
- Thought leadership across all squads in designing and implementing cloud-based secure solutions using appropriate programming languages, frameworks, and other required technologies.
- Collaborating with Product Managers in product discovery to understand risk assessments and solution options, advising on options and implementation methods to reduce security risk / improve security posture.
- Collaborating with other teams and stakeholders to understand customer experiences and technical solutions from other teams and identify dependencies, contribute to overall cross team solutions.
- Lead incident response efforts, following established procedures for troubleshooting and resolution.
- Ensure the security and reliability of applications by implementing appropriate security measures and monitoring tools and reporting on the implementation of all teams across the group.
- Establish and continually keep up to date a security roadmap/strategy for the applications/experiences across the group. Socialise and gain agreement from all Tech leads and product managers.
- Managing any vendor relationships required to run our security and risk systems.
- Develop and implement a clear change management process to ensure smooth transitions and minimize disruptions.
- Analyse incidents to identify root causes and implement preventative measures to avoid future occurrences.
- Providing technical guidance and mentoring to junior security analysts in the team.
Who will thrive in this role?
You have strong leadership and communication skills to effectively manage a team and collaborate with other stakeholders. You thrive in a fast-paced and dynamic environment, adapt to new technologies and be willing to continuously learn and improve your skills. You are flexible, driven and passionate about customers; you can operate in and contribute to a fast paced and dynamic environment, and you bring excellent multi-tasking skills and a focus on delivering outcomes.
You will be someone who:
- 8+ years in software development or cloud infrastructure roles
- 3+ years in cloud security administration, design or architecture roles
- Experience and understanding of applications and cloud security
- Strong proficiency in multiple programming languages and paradigms, with the ability to write clean, efficient code and adapt to new technologies as needed.
- Strong understanding of RESTful APIs and microservices architecture
- Familiarity with databases such as MySQL, SQL Server, PostgreSQL, and Oracle.
- Familiarity with containerization technologies such as Docker.
- Proficiency in AWS services such as ECS, EKS, EC2, S3, Lambda and cloud security services such as IAM, KMS, CloudTrail, CloudWatch, Config, Security Hub, Shield, WAF, Inspector, and Amazon GuardDuty.
- Proficiency in Azure security related services such as Entra ID, Security Center, Key Vault, and Defender for Cloud Apps.
- Experience with infrastructure-as-code tools such as Terraform.
- Experience working with cloud architecture, API gateway, microservices, mobile applications.
- Exposure to implementing CI/CD for software development including static scan, software composition analysis, and dynamic scan.
- Experience with security information & event management, endpoint detection and response, and vulnerability management tools.
- Background in finance or banking would be highly regarded
- A tertiary or vocational qualification that is relevant to software development (beneficial).
- Security related certifications such as CISSP, SANS (highly desirable)
Working at hummgroup
We embrace flexible working arrangements, ensuring a genuine work-life balance and a fun, vibrant inclusive culture that embraces diverse perspectives and values the unique contributions of each of our team through our behaviours Leadership - Accountability - Collaboration - Commerciality.
We invite candidates of all gender expressions, ethnicities, ages, and other culturally diverse groups to apply. We are committed to making reasonable adjustments to provide a positive, barrier-free recruitment process and welcoming and supportive environment where all our people can thrive.
If this sounds like the opportunity, you have been looking for then apply today!