We are a growing security team committed to protecting the security of our customers and of Atlassian itself. You will be part of the Security Assessments group whose mission is to partner with Atlassian programs and products to provide innovative security testing solutions to secure Atlassian products, information assets and customers.

Working at Atlassian

Atlassians can choose where they work – whether in an office, from home, or a combination of the two. That way, Atlassians have more control over supporting their family, personal goals, and other priorities. We can hire people in any country where we have a legal entity. Interviews and onboarding are conducted virtually, a part of being a distributed-first company.

In this role you will be responsible for Penetration Testing and Manual Code Review across Atlassian's vast footprint. You will lead and support others in technically validating the state of Atlassian’s technical security, working closely with our security teams and engineering groups.

Day-to-day this person will be:

• A leader in offensive security, penetration testing and application security

• Experience leading teams in a team leader capacity or otherwise

• Providing SME knowledge and guidance to a team of pen testers/code reviewers

• Skilled with common exploitation frameworks such as Metasploit, Core Impact & Canvas

• Working knowledge of KALI Linux or other testing distributions and most of the tools within

• Able to automating pen testing/code review testing workflows and tasks

• Analysing vulnerability data for trends, gaps

• Assessing Atlassian’s estate for potential pen testing scope items

• Assessing third-party testing capabilities

• The ability to complete a penetration test and code review of a modern cloud application

• Worked in a senior penetration testing/application security role

• Experience in automating a testing workflow

• Experience leading security teams or projects

• Strong, practical understanding of security testing methodologies, supporting infrastructure requirements and awareness of legal considerations

• Strong collaboration and communication skills when working with closely with deeply technical development and infrastructure teams

• Experience working with security operations teams to develop detection logic

• Strong application security experience

• Experience with program development and uplift

• Affinity for growing teams and helping people succeed

It's great, but not required, if you have:

• CVE’s to your name

• Contributions to open source security software or penetration testing tools

• Delivered industry presentations

• Certifications: OSCP, OSCE, OSWE, CREST CRT, GPEN

• Comfortable operating in and reviewing modern cloud technologies from providers such as AWS, Azure and GCP