Permanent Opportunity

At Bupa, we’re committed to protecting the value we create by delivering innovative, secure, and scalable solutions for the future of healthcare. 

The Application Defence Engineer plays a critical role in securing the software development lifecycle by focusing on pipeline security, configuration, automation, and DevSecOps practices. This position ensures that security is integrated into every stage of development, from code creation to deployment, minimising vulnerabilities and reducing risk to the business.

 Responsibilities

• Implement and maintain security controls within CI/CD pipelines to ensure secure application delivery.
• Automate vulnerability scanning, static/dynamic application security testing (SAST/DAST), and software composition analysis (SCA) into the development pipelines.
• Monitor and manage security vulnerabilities found in dependencies and third-party libraries. 
• Develop, automate, and maintain security policies and configurations to streamline security processes and reduce manual intervention. 
• Build automated solutions for security testing, code review, and infrastructure provisioning (Infrastructure as Code) 
• Ensure secure configuration of application environments, infrastructure, and platform services. 
• Implement secure defaults in deployment pipelines, including for containers, Kubernetes, and cloud environments. 
• Collaborate with development, operations, and security teams to integrate security into the development lifecycle (Shift Left Security). 
• Promote and advocate for secure coding practices and educate teams on security best practices and tooling. 
• Participate in security incident response for pipeline and application-level security events, performing root cause analysis and implementing long-term remediation.
• Create processes for monitoring and responding to security alerts in real-time. 
• Continuously improve security toolchains by integrating the latest security tools and technologies into DevSecOps workflows
• Conduct regular security reviews and audits of pipelines, infrastructure, and application code to identify and remediate vulnerabilities. 
•  Ensure compliance with security standards, policies, and regulatory requirements throughout the development lifecycle. 
• Implement security policies in pipelines to prevent unauthorized changes or deployments.
• Harden container images and implement security measures for container orchestration (e.g., Kubernetes) to mitigate risks. 
• Secure cloud environments (AWS, Azure, GCP) by automating security configurations and applying best practices. 
• Monitor and collect security metrics and KPIs to measure the effectiveness of security controls within the pipelines.

Qualifications, Training and Experience

• 15+ years of experience in Information Technology, minimum 10 years’ experience in Security
• 10+ years of programming experience • IAC: Proficiency in writing and maintaining infrastructure configurations using Terraform
• ARM: in writing and managing ARM templates for configuring and deploying Azure resources securely. 
• YAML/JSON: Ability to write scripts and code to automate the integration of security tools
• OPA: Familiarity with tools like Open Policy Agent (OPA) and writing security policies in Rego language to enforce policies within the pipeline and infrastructure.
• Knowledge of secure coding practices, OWASP Top 10, SANS CWE Top 25
• Experience with deploying uplift across cloud security and working under a DevSecOps approach 
• Business and commercial acumen - strong business experience with a strong focus of the customer 
• Excellent oral and written communication skills including quality, concise technical documentation, report writing and presentations 
• Excellent team player working within matrix structures, with demonstrated ability to broker outcomes effectively and collaboratively with colleagues and peers
• Vendor and partner management experience, including professional services and technology vendors

What’s in it for me?

As well as a competitive salary, a range of Bupa benefits and flexible working/work from home arrangements, you’ll be challenged and encouraged to innovate. You will partner with colleagues who are dedicated to delivering exceptional experiences. We respect and consider everyone, knowing your difference will make the difference. 

Perk highlights:

• Discount on our health insurance, travel, car, home, contents, and pet insurance products as well as discounts when you attend a Bupa Dental clinic or purchase glasses from a Bupa Optical store.
• A dedicated internal wellbeing team provides you with a range of services, such as a global resilience program, regular training opportunities on a range of wellbeing topics and access to a variety of wellbeing discounts. 
• An additional well-being day each year to treat yourself. 

About Bupa

Bupa is an international healthcare group which has been committed to a purpose of longer, healthier, happier lives and making a better world for more than 70 years. In Australia and New Zealand, Bupa supports more than 5 million customers through a broad range of health and care services including health insurance, aged care, rehabilitation, dental, optical, medical, hearing, and medical visa services. 

Our people reflect the diversity of our community.  At Bupa, your wellbeing, identity, and own story is respected and valued.

Apply now and become an integral part of our innovative and dynamic team!