Senior Application Security Engineer (Remote)

About the Role

At Code Clan, we're building modern SaaS platforms where security isn't a checkbox — it's part of how we build.

We're looking for a hands-on application security engineer who enjoys working closely with developers, reviewing real code, and improving systems in practical ways. This role is ideal for someone with a strong engineering background who has grown into security, rather than a purely governance or policy-focused profile.

You'll help shape how we design, build, and operate secure applications across our stack.

What You'll Be Doing

• Work closely with engineers to identify, triage, and resolve security issues in real code
• Perform hands-on security testing across our applications and APIs, from development through to production
• Contribute to secure design and architecture decisions, especially in our multi-tenant SaaS platforms
• Explore and validate how our systems behave from an external perspective, including lightweight reconnaissance and real-world attack simulations
• Assess and improve the security of our CI/CD pipelines and deployment processes
• Test critical areas such as tenant isolation, cross-system integrations, and data flows to ensure robustness and integrity
• Work on emerging areas like AI/LLM usage, including validating trust boundaries and input handling
• Partner with the team throughout the lifecycle — from findings and prioritisation through to remediation and re-testing
• Communicate outcomes clearly, including concise reports for both technical teams and leadership

What We're Looking For

We're interested in people who bring a mix of engineering depth and security experience. You don't need to tick every box below — we value curiosity and learning mindset.

• Experience working in application or product security, ideally with hands-on testing or secure code review
• A strong software engineering background (e.g. backend, APIs, or full-stack development)
• Familiarity with modern web architectures (APIs, authentication, frontend frameworks, etc.)
• Understanding of common security risks in SaaS environments, especially multi-tenant systems
• Comfort working with databases and data access patterns (SQL or NoSQL)
• Exposure to CI/CD pipelines and secure delivery practices
• Ability to explain technical issues clearly to different audiences

Technologies & Areas You May Work With

Depending on your experience and interests, you may work across:

• Web and API security (REST, GraphQL, authentication flows)
• Database security (SQL Server, Cosmos DB or similar)
• Security testing tools (e.g. Burp Suite or alternatives)
• Static and dynamic analysis tooling (e.g. Semgrep, Trivy)
• Cloud and platform security (especially Azure environments)
• Emerging areas like AI/LLM security

Nice to Have (Not Essential)

• Experience with OWASP frameworks (e.g. ASVS)
• Familiarity with Azure security tools
• Exposure to AI/LLM security concepts
• Knowledge of Australian privacy and breach reporting requirements
• Industry certifications (OSCP, OSWE, CISSP, etc.)

Why Join Code Clan

• Work on real-world security challenges in modern SaaS systems
• Be part of a developer-centric, practical security culture
• Fully remote role with flexibility
• Opportunity to shape how security is done — not just audit it
• Small, capable team where your impact is visible