Senior Application Security Engineer (Remote)
About the Role
At Code Clan, we’re building modern SaaS platforms where security isn’t a checkbox — it’s part of how we build.
We’re looking for a hands-on application security engineer who enjoys working closely with developers, reviewing real code, and improving systems in practical ways. This role is ideal for someone with a strong engineering background who has grown into security, rather than a purely governance or policy-focused profile.
You’ll help shape how we design, build, and operate secure applications across our stack.
What You’ll Be Doing- Work closely with engineers to identify, triage, and resolve security issues in real code
- Perform hands-on security testing across our applications and APIs, from development through to production
- Contribute to secure design and architecture decisions, especially in our multi-tenant SaaS platforms
- Explore and validate how our systems behave from an external perspective, including lightweight reconnaissance and real-world attack simulations
- Assess and improve the security of our CI/CD pipelines and deployment processes
- Test critical areas such as tenant isolation, cross-system integrations, and data flows to ensure robustness and integrity
- Work on emerging areas like AI/LLM usage, including validating trust boundaries and input handling
- Partner with the team throughout the lifecycle — from findings and prioritisation through to remediation and re-testing
- Communicate outcomes clearly, including concise reports for both technical teams and leadership
What We’re Looking For
We’re interested in people who bring a mix of engineering depth and security experience. You don’t need to tick every box below — we value curiosity and learning mindset.- Experience working in application or product security, ideally with hands-on testing or secure code review
- A strong software engineering background (e.g. backend, APIs, or full-stack development)
- Familiarity with modern web architectures (APIs, authentication, frontend frameworks, etc.)
- Understanding of common security risks in SaaS environments, especially multi-tenant systems
- Comfort working with databases and data access patterns (SQL or NoSQL)
- Exposure to CI/CD pipelines and secure delivery practices
- Ability to explain technical issues clearly to different audiences
Technologies & Areas You May Work With
Depending on your experience and interests, you may work across:
- Web and API security (REST, GraphQL, authentication flows)
- Database security (SQL Server, Cosmos DB or similar)
- Security testing tools (e.g. Burp Suite or alternatives)
- Static and dynamic analysis tooling (e.g. Semgrep, Trivy)
- Cloud and platform security (especially Azure environments)
- Emerging areas like AI/LLM security
- Experience with OWASP frameworks (e.g. ASVS)
- Familiarity with Azure security tools
- Exposure to AI/LLM security concepts
- Knowledge of Australian privacy and breach reporting requirements
- Industry certifications (OSCP, OSWE, CISSP, etc.)
Working Conditions:
This is a fully remote, contractual position open only to candidates currently based in Philippines.
The role initially requires full-time engagement for approximately 8 weeks. Following this, the engagement continues on a part-time basis at approximately 1 day per week, based on project needs and mutual agreement.
Candidates must be available for partial overlap with Australian business hours to ensure effective collaboration with the engineering team.
Interested candidates are invited to send their CV to job•@codeclan.com.au.