Product Security Engineering Lead

Medibank is seeking a hands-on Product Security Engineering Lead to own and grow our Cloud & Digital Security Engineering capability. You’ll lead a team of DevSecOps engineers to design, implement and operate security services across Cloud Security, SSDLC, Application & Container Security, SaaS posture management, CI/CD pipeline security and IaC security. This technical lead role requires strong engineering and development skills to embed security “shift-left”, deliver automation and improve Medibank’s overall security posture.

Key responsibilities

• Lead design and delivery of secure architectures, security controls and engineering solutions to protect critical applications, workloads and data.
• Own CI/CD security: build pipeline-as-code templates, security gates, automated quality checks, and developer feedback loops.
• Operate and tune SAST, SCA, IaC scanning, secret scanning, container image and runtime security tooling.
• Develop security-as-code frameworks, reusable security libraries, policy-as-code and automated assurance.
• Build self-service security platform capabilities (dashboards, templates, inline guidance, exemption workflows).
• Create secure development patterns, code examples and technical guardrails for cloud, serverless, microservices and data protection.
• Run a Security Champions program, deliver secure coding training and enable developer experience.
• Aggregate vulnerability findings, drive remediation workflows, threat modelling and validate fixes.
• Collaborate with Product, Security Platform, Security Automation and SecOps teams to integrate tooling, detection and incident response.
• Define metrics and dashboards to measure coverage, findings and remediation velocity.

Must-have skills & experience

• 10+ years in security engineering or related roles with proven technical leadership.
• Expert programming and scripting (backend languages such as Python, Go, Java; front-end/scripting as required).
• Deep software engineering knowledge (SDLC, agile, testing, design patterns).
• Experience building and securing APIs, microservices, containerised workloads and orchestration.
• Hands-on with CI/CD platforms (Jenkins, GitHub Actions, AWS DevOps, Azure DevOps, etc.).
• Practical IaC experience (Terraform, CloudFormation) and IaC scanning tools (Checkov, Terrascan, etc.).
• Operational experience with SAST, SCA (Snyk/Dependabot), secret scanning (GitGuardian/GitHub) and vulnerability management.
• Strong AWS/cloud security experience and familiarity with CSPM/CWPP/CASB concepts.

Highly desirable

• Experience building developer platforms/self-service security.
• Background in offensive security, pentesting, or vulnerability research.
• Contributions to open source, public speaking/writing on DevSecOps, bug bounty or chaos/security experiments.
• Knowledge of ML/AI security considerations.

Imagine working with us 

We understand that work means different things to everyone...  We know happy, healthy people make great teams, and great teams put more heart into each customer and patient interaction. And that’s why we’re reinventing work.

Imagine a workplace that helps you and your family thrive.  Where connection, personal development and health and wellbeing are front of mind. To learn more about our benefits go to https://careers.medibank.com.au/culture/rewards-benefits/

For you, work should help you Live Better. It should bring you fulfillment and joy. And with Medibank, it could. 

Inclusion and Accessibility  

We believe in everyone's potential and strive to make Medibank inclusive for all because different perspectives make us better. We encourage applications from everyone, including Aboriginal and Torres Strait Islander peoples, neurodivergent candidates, LGBTQIA+ community including transgender and gender diverse candidates and candidates with a disability.

If you need adjustments or alternative formats at any stage of the recruitment or employment journey, we’re here to help.  You can let us know directly in the application form, or if you’d prefer to discuss before applying, please reach out to us careers@medibank.com.au. Learn more about our commitments and employee stories at https://careers.medibank.com.au/diversity-inclusion/
(please copy and paste the URL onto your browser)