MedHealth are a purpose-built collection of industry leading health, medical and employment brands. Our unique and diverse capabilities come together to get the best possible health and employment outcomes for you and the people you support. We support whole populations to better outcomes, yet never lose sight of the individual we are working with to build a better life through work and health.

We’re looking for an experienced Application Security Technical Lead to own and run application security across MedHealth.

This is a hands-on role responsible for operating and continuously improving an established AppSec capability — ensuring security practices, tooling and processes are effectively embedded into development workflows.

You will work across multiple applications and development teams, each with varying levels of application security maturity, tailoring your approach to uplift capability while maintaining delivery alignment.

Key responsibilities

• Own and operate application security across the SDLC
• Identify and assess application security risks, partnering with Engineering teams on remediation
• Perform secure code reviews (primarily .NET) and support secure development practices
• Lead threat modelling and security assessments across applications and automation workflows
• Adapt security practices to suit different team maturity levels, balancing uplift, standardisation and delivery needs
• Own and optimise AppSec tooling (SAST, DAST, SCA) across CI/CD pipelines
• Ensure effective security testing without impacting delivery velocity
• Own vulnerability visibility, prioritisation and reporting
• Define and apply secure design and development standards
• Establish Security Champions across development teams
• Mentor developers and uplift secure coding capability across teams

What You’ll Bring

• 5+ years’ experience in software engineering including 2+ in an application security role.
• Strong experience with DevSecOps and CI/CD environments
• Hands-on experience with AppSec tools (SAST, DAST, SCA)
• Strong experience working in Azure environments and Azure DevOps pipelines
• Comfortable reviewing code (C#, .NET, web applications)
• Strong understanding of OWASP Top 10 and secure design principles
• Experience working across multiple teams or platforms with varying maturity levels
• Able to adapt approach based on risk, complexity and delivery context
• Self-driven, accountable and strong at stakeholder engagement

Why you’ll love it here:

• Ability to own and run a mature Application Security capability
• Work across a diverse application landscape and multiple engineering teams
• Work somewhere serious about cybersecurity done right.
• A culture that values continuous improvement, learning, and knowledge sharing.
• Great balance of working from home and office collaboration.

You are welcome here.

Our fast-growing team of more than 4,000 people around Australia represent a huge array of life experiences, skills and ways of thinking. We value all these differences. 

We are an Equal Opportunity Employer, proudly welcoming people with disability including mental health conditions, people from diverse cultural and linguistic backgrounds, people from the LGBTQIA+ community, veterans, carers and Indigenous Australians to our team.

We are happy to adjust our recruitment process to support accessibility needs.