• Operates in a highly regulated space with a strong focus on risk management and technical assurance.
• The team is embedded in an IT function that works closely with vulnerability and risk specialists.
• Based in Sydney CBD with a hybrid setup that mixes in-office collaboration and remote work.

• Senior Java engineer responsible for remediating or formally accepting reported security flaws in legacy Java applications.
• Perform reachability assessments to judge whether identified weaknesses are realistically exploitable.
• Stabilise and modernise older Java codebases while prioritising security and preserving existing behaviour.
• Collaborate with security stakeholders to triage findings and set remediation priorities.
• Rationalise and manage Maven dependencies to reduce supply-chain and dependency-related risk.
• Use vulnerability-scanning tools to surface, track and confirm fixes for reported issues.
• Produce technical remediation plans and provide practical guidance to development teams.

• Minimum five years of Senior hands-on Java 8 experience in enterprise environments.
• Demonstrated experience remediating CVEs and participating in risk-acceptance workflows.
• Strong knowledge of Java and Maven dependency management and related security concerns.
• Practical experience applying reachability analysis to assess exploitability.
• Track record maintaining and modernising legacy Java applications without introducing instability.
• Good understanding of secure coding practices and vulnerability management processes.
• Ability to obtain Baseline security clearance as a condition of engagement.

• Sydney CBD location with hybrid work flexibility.
• Technically challenging engagement focused on improving the security posture of critical systems.
  
  

If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now.

If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion on your career.