Job Description
It’s a strange thing to say, because us humans are capable of incredible things. And at Medibank, we know our greatest potential lies in the people who work with us.
We strive to make real, fundamental change, driven by a simple purpose: to create the best health and wellbeing for all of Australia.
We are seeking a Senior DevSecOps Engineer to design, build and operate our Product Security Engineering capability. You’ll lead technical implementation of cloud and application security services across the SDLC, including secure CI/CD, SAST, SCA, IaC scanning, container & secret scanning, SaaS posture management and infrastructure-as-code security. This is a hands‑on engineering role responsible for delivering squad requirements, strengthening Medibank’s security posture and automating detection and response.
Key responsibilities
Design, implement and operate secure CI/CD pipelines with security gates, pipeline-as-code templates and developer feedback loops.
Deploy and manage SAST, SCA, IaC scanners, container scanning and secret detection across platforms and languages.
Build security-as-code frameworks, reusable security libraries and policy-as-code for guardrails.
Aggregate and manage vulnerability findings; establish remediation workflows and validate fixes.
Integrate security tooling into developer workflows (IDEs, PRs, pipelines) and optimise for low false positives and developer experience.
Implement runtime/container security and enforce image/base image standards.
Produce SBOMs, enforce dependency policies and automate dependency remediation.
Collaborate with product teams, Security Platform Services, Automation Engineering, Security Ops and Security Architecture to embed DevSecOps practices.
Create metrics, dashboards and automation to demonstrate coverage, trends and remediation velocity.
What we’re looking for
7+ years in security engineering/DevSecOps or related role with strong hands‑on delivery.
Expert programming/scripting (Python, Go, Java) and experience with backend and scripting workflows.
Deep knowledge of SDLC, agile practices, microservices, containerisation and API development.
Practical experience with CI/CD platforms (Jenkins, GitHub Actions, Azure DevOps, AWS DevOps).
IaC experience (Terraform, CloudFormation); implement IaC security scanning (Checkov, Terrascan, etc.).
Hands‑on with SAST, SCA (Snyk/Dependabot), secret scanning (GitGuardian/GitHub), container scanning and vulnerability management.
Strong AWS cloud security experience and familiarity with CSPM/CWPP/CASB concepts.
Excellent stakeholder collaboration and ability to embed security into developer workflows.
Strongly desirable
Offensive security/penetration testing background, bug bounty or vulnerability disclosure experience.
Contributions to open source, public speaking/writing on DevSecOps topics.
Familiarity with chaos engineering, ML/AI security considerations.
Imagine working with us
We understand that work means different things to everyone... We know happy, healthy people make great teams, and great teams put more heart into each customer and patient interaction. And that’s why we’re reinventing work.
Imagine a workplace that helps you and your family thrive. Where connection, personal development and health and wellbeing are front of mind. To learn more about our benefits go to https://careers.medibank.com.au/culture/rewards-benefits/
For you, work should help you Live Better. It should bring you fulfillment and joy. And with Medibank, it could.
Inclusion and Accessibility
We believe in everyone's potential and strive to make Medibank inclusive for all because different perspectives make us better. We encourage applications from everyone, including Aboriginal and Torres Strait Islander peoples, neurodivergent candidates, LGBTQIA+ community including transgender and gender diverse candidates and candidates with a disability.
#J-18808-Ljbffr
