Fathom is transforming the way people create beautiful performance reports and access timely business insights. We’ve helped thousands of advisers and business owners around the world to make better business decisions. We’re a small company with a global footprint and the feel of a scale-up.
We’re searching for an application security specialist to join our engineering teams and be responsible for developing, maintaining, and optimising application security for the Fathom application.
You will need to be a strong collaborator as you work with multiple disciplines (back-end, front-end, platform, product), adding your expertise in a humble and empathetic manner, to advocate, guide and engage.
This is not just an advocacy role though! You must be a practitioner as well. We run a .NET/C#/SQL shop, running on Azure cloud and you will need to be able to contribute code and resolve issues. Because we’re a smaller team, it’s an opportunity to stay broad in your skills and also to help shape the security function within a modern SaaS company.
In addition to your knowledge of modern security patterns and practices built up through hard-won experience, you will be a keen reader who knows the importance of staying up to date with security trends, advisories, publications, and academic research.
This is a talented group of designers, engineers, business analysts and product specialists who love to collaborate, including people who are recognised as leading practitioners in their respective crafts. This is an opportunity to join them and contribute to the quality, value and architecture of a modern web application in a period of rapid growth.
We’d love you to be that person and help us build on this foundation.

What you’ll be doing:

Your work will vary from week-to-week, but could include, as an example:

• consulting with product and development teams in the area of application security as they develop a new feature;
• discovering and fixing a vulnerability
• reviewing code written by others for security best practices
• running a workshop with engineers to educate on common attack vectors
• build out automated security testing in our CI/CD pipelines
• effectively communicate with internal and external stakeholders (eg. security teams from partner apps).
• working with our cloud team to improve vulnerability scanning

What we’re looking for:

• 5 years of demonstrated experience in web or cloud security engineering
• experience with C# and .NET framework; our technology stack covers SQL, C#, .Net Core, WebAPI, Signalr, Javascript frameworks
• an understanding of architecture and security concerns specific to web applications (eg. secure password storage, encryption, security headers, content security policy, CSRF, OIDC, oAuth2, hash algorithms, one-time codes, password reset, rate limiting, security logging, etc).
• experience with cloud security (Azure ideally)
• a strong coding/scripting background
• experience with penetration testing
• familiarity with common security libraries, security controls, and common security flaws
• security certifications will be highly regarded. eg. OSCP, OSCE, CCSP, or security certifications from cloud vendors
• proven experience with OWASP, static/dynamic analysis, and common security tools;
• previous experience in the finance or accounting industry is helpfu

You must be an Australian/NZ citizen or a permanent resident (visa sponsorship is not offered for this role).

What you’re all about:

• you’re a great communicator and able to engage and bring people along on the journey
• you’ll demonstrate excellent attention to detail
• you have a commitment to efficiency
• you have an ability to write with clarity and conciseness
• you’re a self-learner with a passion for staying up-to-date

This is an opportunity to work with a fun and talented team in a supportive environment. There are plenty of lunch options and we enjoy taking lunch together most days. There will often be a game of basketball, frisbee or grid-iron passing taking place.

You will have access to:

• some of the best designers, engineers & human beings in Brisbane, collaborating together in a modern, light-filled office.
• a competitive salary with opportunities to progress in a growing team
• great back support with a Herman Miller Aeron Chair
• the latest tech — we want you to be productive
• unlimited espresso coffee, fresh fruit
• a convenient walk to daycare, schools, park, gym, shopping centre, medical centre
• free parking and an easy commute against the traffic

Salary Range:
$120k to $140k plus super and based on experience.

About Fathom:

Founded in 2010, Fathom is a web-based (SaaS) reporting and analytics tool used by tens of thousands of businesses and their advisors around the world. Our app is one of the top rated reporting apps in both the Xero and Intuit ecosystems globally.
We are also a profitable company, funded through increased revenue which is a byproduct of our focus on building an application that brings innovation and value to our customers and their clients.

Location:

Fathom is based out of Brisbane, Australia with offices in Seattle, USA and in Cambridge, UK. This role is based on site at our offices in Albany Creek, on the northside of Brisbane.

Apply for this position:

To apply for this position, please send your résumé and cover letter.