Product Security GRC Engineer

Overview

Working at Atlassian

Atlassians can choose where they work – whether in an office, from home, or a combination of the two. That way, Atlassians have more control over supporting their family, personal goals, and other priorities. We can hire people in any country where we have a legal entity. Interviews and onboarding are conducted virtually, a part of being a distributed-first company.

Responsibilities

Do you love application and platform security and uplifting programs and capabilities? Are you excited about the opportunity to play a crucial role in implementing and managing Atlassian's security risk and governance operations?

The Product Security GRC Engineer at Atlassian will be instrumental in implementing and managing the company's security risk and governance operations. This role requires a sound understanding of Cybersecurity and Risk Management, as well as the ability to collaborate with various stakeholders within Atlassian including but not limited to Security, Engineering, Risk and Compliance teams. Additionally, the role involves providing technical guidance and promoting automation to enhance security processes, aligning with a focus on equipping teams with the latest tools and methodologies.

The Product Security GRC Engineer plays a key role in maintaining Atlassian's strong security posture, managing security risks, and supporting leadership in making risk-informed decisions. The Product Security GRC Engineer should have strong application security skills, understand the technology deeply, and collaborate with different teams to ensure that security is integrated into all aspects of the organisation.

Responsibilities

• Technical Expertise and Innovation: Provide technical security guidance to security teams, promoting the adoption of industry-leading methodologies and approaches to build secure products by default. Drive technical solutions in security and risk management.

• Data Analytics and Visualization: Leverage data analytics to derive actionable insights from security governance, risk and compliance data. Utilize visualization tools to present complex security metrics and trends in an understandable and impactful manner, aiding in strategic decision-making and enhancing the organization's security posture.

• Automation and Tooling: Promote the use of automation and the latest security tools to enhance product security processes, equipping teams with the necessary resources to build secure products by default.

• Proactive Risk Identification and Mitigation: Identify potential security risks, threats or potential compliance concerns specific to product security, and develop comprehensive strategies to mitigate them effectively.

• Collaboration: Collaborate with product security teams to implement security controls and best practices, ensuring a cohesive approach to risk management.

• Reporting: Regularly evaluate and report on the effectiveness of security controls, ensuring continuous improvement and rapid adaptation to the latest cybersecurity developments.

• Influence and Align Stakeholders: Work with security engineers and stakeholders to drive alignment on security initiatives, ensuring that security risk considerations are integrated into product development decisions.

• Regulatory Awareness and Compliance: Stay informed on the latest developments in legislative, regulatory, and industry security requirements. Ensure that Atlassian's security practices and controls are aligned with these evolving standards to maintain compliance and mitigate potential legal and reputational risks.

Qualifications

Qualifications

• 2+ years experience in a similar role, preferably in a large-scale SaaS/Product environment.

• Expertise in security-focused roles with a strong emphasis on technical product security.

• Experience with application security, particularly web applications.

• Proficiency in cloud security architecture and infrastructure.

• Ability to provide SME knowledge and guidance to stakeholders and engineering functions.

• Experience collaborating with internal/external audit and leadership teams.

• Solid understanding of cybersecurity principles, risk management strategies, and IT governance frameworks.

• Strong communication skills to explain complex security concepts to stakeholders at all levels.

• Relevant certifications such as CISSP, CISM, or CRISC are beneficial.

• Scripting experience to automate recurring tasks (ie JQL, SQL, Python, Go).

If some of the above doesn't exactly match your experience, we still encourage you to apply! At Atlassian, we value thoughtful workers who are lifelong learners and kind, playful team members. If this sounds like you, then Atlassian is the perfect place for you.

Our perks & benefits

Atlassian offers a variety of perks and benefits to support you, your family and to help you engage with your local community. Our offerings include health coverage, paid volunteer days, wellness resources, and so much more. Visit go.atlassian.com/perksandbenefitsto learn more.

About Atlassian

At Atlassian, we're motivated by a common goal: to unleash the potential of every team. Our software products help teams all over the planet and our solutions are designed for all types of work. Team collaboration through our tools makes what may be impossible alone, possible together.

We believe that the unique contributions of all Atlassians create our success. To ensure that our products and culture continue to incorporate everyone's perspectives and experience, we never discriminate based on race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status. All your information will be kept confidential according to EEO guidelines.

To provide you the best experience, we can support with accommodations or adjustments at any stage of the recruitment process. Simply inform our Recruitment team during your conversation with them.

To learn more about our culture and hiring process, visit go.atlassian.com/crh.