The Ecosystem Application Security team is responsible for guiding the security strategy and initiatives for third-party apps which customers can use with their Atlassian products. We are looking for a Security Engineer who is excited at the prospect of enabling thousands of developers to improve the security of their apps and ultimately improve the security of millions of users.

Compensation

At Atlassian, we strive to design equitable, explainable, and competitive compensation programs. To support this goal, the baseline of our range is higher than that of the typical market range, but in turn we expect to hire most candidates near this baseline. Base pay within the range is ultimately determined by a candidate's skills, expertise, or experience. In the United States, we have three geographic pay zones. For this role, our current base pay ranges for new hires in each zone are:

Zone A: $154,500 - $206,000

Zone B: $139,000 - $185,400

Zone C: $128,200 - $171,000

This role may also be eligible for benefits, bonuses, commissions, and equity.

Please visit for more information on which locations are included in each of our geographic pay zones. However, please confirm the zone for your specific location with your recruiter.

In this role, your responsibilities will include defining security policies and best practices for Marketplace apps, build security tools and automation, and work closely with the Atlassian Marketplace team and our internal security teams to make processes and tooling available for third-party developers. You will also perform security reviews, source code auditing, and threat modeling on third-party apps as well as Atlassian platform.

Since a lot of our work involves building security tools and performing security reviews, the ability to read, understand, and write code is important. Our products and third-party apps are built using a number of different languages but Java, Go, and Python are the most common. As part of the focus on learning at Atlassian, you'll be able to spend up to 20% of your time on independent research.

On your first day, we'll expect you to have:

• 2+ years working in security
• Solid knowledge of web application security
• Experience with penetration testing with a focus on web application security.
• Experience coding in Java, Python, or Go, and at least one scripting language
• An ability to reason about security decisions
• An ability to communicate ideas clearly and effectively to engineers who know way more than you about their code

It's great, but not required, if you have:

• Published contributions to the security community
• Presentation experience at industry events
• Certifications: OSCP, OSCE, OSWE, CREST CRT, GPEN