# Security Engineer (SaaS) > CreditorWatch · Sydney, Australia (Hybrid) · Full-time · Posted 2026-06-04 **Workplace:** hybrid **Department:** IT ## Description ### **Who are we?** So you might ask, who's CreditorWatch? Well, we are a leading Australian data and technology company that provides businesses with access to unique data and innovative products. By using our platform, our customers can confidently manage their commercial relationships, improve productivity and reduce financial risk. As a commercial credit reporting bureau, we offer a complete suite of credit reporting products and data insights covering the entire customer lifecycle, from customer onboarding and credit decision automation to credit risk management and automated collections. We were established in 2010 and most recently were named as one of AFR's Top 10 Best Places to Work as well as certified by Great Place to Work consecutively across 2022-2025. We saw significant growth in 2025 and that's not about to change. We are on track to break records in 2026, scaling at pace, making this the perfect time to join CreditorWatch. ### **Our Purpose** ✅ Empower Australian businesses to trade confidently with their customers. ### **Our Mission** 🏆 We aim to be number one in our industry by delivering unique data insights and innovative products. ### **Your Role & Team** As we continue to invest in our security tooling and capabilities, we are establishing a dedicated Security Engineering function to ensure we are not just purchasing security platforms, but actively operating, tuning, and integrating them effectively. We are looking for a **Security Engineer** to join this newly created team. This is a hands-on, generalist role spanning both **enterprise/internal security** (IAM, Zero Trust, DLP, SSE, EDR) and **product security** (application security, vulnerability management, SDLC hardening, security reviews). You will split your time across both domains—helping to protect our corporate environment while embedding security into the way our engineering teams build and deliver software. This is not a narrow, single-domain role. You will work across the full stack—from employee endpoints and SaaS platforms through to CI/CD pipelines, cloud infrastructure, and the application layer. You will act as a trusted partner to Engineering, a technical resource for the broader business, and a key contributor to maintaining the security posture expected of an Australian credit bureau handling sensitive financial data. You'll report directly to the **Principal Product Security Engineer** in this role**.** Please note, it's a full-time opportunity offering hybrid working conditions out of our **Sydney CBD Office**. **Some of your responsibilities include and are not limited to:** **Enterprise & Internal Security** - Improve the security posture across our SaaS platforms, employee endpoints, and office networks. - Implement, tune, and operate enterprise security solutions including SSE, EDR, DLP, Email Security, and IAM. - Enhance threat detection and response capabilities, contributing to operational runbooks and owning security alert workflows.  **Product & Application Security** - Strengthen the security posture of our platform and SDLC through security reviews, threat models, risk-based assessments - Identify vulnerabilities and provide practical remediation strategies aligned to business impact. - Embed and operationalise security controls within CI/CD pipelines (SAST, SCA, secrets detection) with clear ownership, SLAs, and automated feedback loops. - Drive initiatives to harden the software supply chain and CI/CD infrastructure, enabling secure development and deployment practices. **Cross Organisation** - Act as a trusted advisor to Engineering, providing guidance on secure development practices across CreditorWatch products and services. - Contribute to frameworks, guidance and tooling that enable engineers to safely adopt AI/ML capabilities in software development. - Mentor engineers and security champions to uplift security awareness and foster a proactive security culture. - Contribute to vulnerability management processes, ensuring findings are tracked, prioritised, and remediated in line with risk tolerance and SLOs. - Provide domain expertise in security-related incident response processes. - Support compliance and assurance activities (ISO 27001, SOC 2) where they intersect with engineering controls and evidence. ### **Our ideal candidate** - Demonstrated **hands-on experience across multiple security domains**, with the ability to operate as a broad generalist - **Experience with application security practices**, including secure code review, SAST/SCA tooling, threat modelling, and vulnerability management in cloud-native or SaaS environments - **Working** **knowledge of cloud security** (preferably AWS), including IAM, networking, and services such as Security Hub, Inspector, or GuardDuty - **Experience embedding security into CI/CD pipelines** and working closely with engineering teams to shift security left without impacting delivery - **Familiarity with enterprise security tools** such as EDR, SSE/SWG, DLP, email security, and ASPM platforms - Strong **understanding of identity and access management concepts**, including SSO (OAuth, OIDC, SAML), conditional access, and least privilege - **Exposure to relevant compliance frameworks** (e.g. ISO 27001, SOC 2, OWASP Top 10) - Ability to **script or automate workflows** using tools such as Python, Bash, or APIs - **Strong communication skills**, with the ability to translate security findings into practical guidance for engineers and articulate risk to non-technical stakeholders - A **genuine interest in working across a broad range of security domains** and context-switching as required ### **More than just work** **🏃🏽‍♀️ Keep Active –** All employees get a Fitness First Platinum gym membership. **☕️ Daily Fuel –** Barista-made coffee, breakfast, snacks, lunches and drinks on us – we got you! **📲 Phone Credits -** We pay you $50 per month to put towards your plans - how good. **❤️‍🩹 Wellness Days –** Receive an additional day off each month. Whether you’re pursuing physical activities, cultivating your mental wellbeing or supporting your community… this is your time to switch off from work. **💆🏽‍♂️ Monthly Massages –** We offer monthly in-house massages to soothe those sore spots and tight knots. Poor posture? Stressful week? We get it. **💰 Bonus Shares –** We offer our dedicated employees’ performance-based bonuses. Our employees are also permitted to gain access to our bespoke Employee Share Scheme, giving you the rare opportunity to invest in a growing technology company. **🤩 Fun Activities –** We love escaping the workplace to do fun stuff. Whether its pasta-making, sailing classes, touch footy, winery tours, go karting or relaxing on the company boat (yeah… we own a boat) – these monthly team building activities will keep you feeling valued and connected. **👩🏻‍⚖️ Legal Services –** Our employees get access to free legal services – from conveyancing and property advice to legal assistance around wills, trusts, powers of attorney and more. We make life easier for you, saving you time, money and unnecessary headaches. ### **Our Values** **⚡️ The 1%’ers add up –** Our commitment to going that one step further sets us apart, as we believe that small efforts or improvements in any aspect of our work collectively lead to significant success. **👊🏼 We are dependable and trustworthy –** Our clients are everything to us and we are passionate about maintaining and delivering reliable and trusted services to them. 📈 **We are committed to growth –** Our success comes from our ability to grow and adapt; both collectively and individually. We set the bar high to ensure we continue to innovate and exceed expectations. We are dedicated to the development of our business and our people. **🫶🏾 Our people make the difference –** Just as we help small businesses think big, we help our employees achieve their aspirations. We provide our people with challenges and opportunities, supporting them to live their best lives. **Recruitment Process – We like to keep it simple!** 1. **Phone Screening –** A deep dive into the company, role and experience required, including a thorough review of your match to the role – let’s get to know each other and ensure the opportunity is a match! 2. **Hiring Manager Meeting –** This is an opportunity to showcase why your background and skill set aligns to the role and ask questions – be as curious as you want! 3. **Functional Meeting –** Here you’ll be set up with a take home case-challenge that is designed to look into the way you think and approach certain situations. 4. **Values Meeting –** We’d love to hear why CreditorWatch and see how you’d fit into our world. ### **We are committed to you** We offer a fantastic culture with open communication and rewards and recognition that include probation celebrations, all-staff birthday and service anniversary celebrations. We are an equal opportunity employer and committed to excellence through diversity. We do not discriminate on race, religion, colour, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. ## Apply [Apply at CreditorWatch](https://apply.workable.com/creditorwatch/j/CDB51601E9/apply) --- Powered by [Workable](https://www.workable.com)