<br>
Job Description
<br>
CoStar Group (NASDAQ: CSGP) is a leading global provider of commercial and residential real estate information, analytics, and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100, CoStar Group is on a mission to digitize the world’s real estate, empowering all people to discover properties, insights and connections that improve their businesses and lives.
We have been living and breathing the world of real estate information and online marketplaces for over 35 years, giving us the perspective to create truly unique and valuable offerings to our customers. We’ve continually refined, transformed and perfected our approach to our business, creating a language that has become standard in our industry, for our customers, and even our competitors. We continue that effort today and are always working to improve and drive innovation. This is how we deliver for our customers, our employees, and investors. By equipping the brightest minds with the best resources available, we provide an invaluable edge in real estate.
Domain is a leading property technology and services marketplace that is home to one of the largest portfolios of property brands in Australia, including the Domain, Allhomes and Commercial Real Estate (CRE) platforms. In 2025, Domain became part of CoStar Group (NASDAQ: CSGP), a global leader in commercial real estate information, analytics, online marketplaces and 3D digital twin technology. Together, Domain and CoStar Group is dedicated to digitising the world’s real estate, empowering all people to discover properties, insights, and connections that improve their businesses and lives.
A great opportunity for a Senior Application Security Engineer play a pivotal role in enhancing our Application Security (AppSec) practices, ensuring that security is embedded throughout the software development lifecycle.
You are a seasoned expert who not only possesses deep technical knowledge but also excels at building relationships and collaborating across teams. Reporting to the Group Engineering Manager - Product Security, you will be instrumental in embedding security throughout the software development lifecycle, working directly with our development teams to guide and advise them on best practices. A key part of the role will be to drive the implementation and adoption of some of the initiatives from our Application Security Framework. You will also provide crucial support to our Governance, Risk & Compliance (GRC) and Security Operations teams, ensuring our posture is resilient, compliant, and ready to respond to threats.
Responsibilities:
Proactively embedding security into the software development lifecycle by conducting implementation reviews of solution designs and leading threat modelling sessions. Lead efforts to integrate security into DevOps processes, promoting a culture of security awareness and ownership. Performing hands-on security code reviews and acting as a key security advisor to development teams, providing guidance on addressing vulnerabilities and best practices. Managing and operating our security tools, including those that are integrated into the CI/CD pipeline. Partnering with the Governance, Risk & Compliance (GRC) and Security Operations teams to ensure adherence to relevant regulations and industry standards and collaborating and supporting the investigation and response to security incidents.Experience and Education:
Essential
Minimum education of a bachelor’s degree in relevant information and technology fields5 years + in a Product/Application Security or DevSecOps role. Strong knowledge of DevOps principles and practices, as well as security best practices. Strong problem-solving and communication skills. Collaborative and teamwork-oriented mindset. Proficiency in scripting and automation (e.g., Java, C/C++, C#, Python, JavaScript, PowerShell) Experience with container security (Docker, ECS, Kubernetes) and cloud security (AWS, Azure, or GCP).Preferred
Tertiary qualifications in Computer Science, Software Engineering, Cybersecurity or a related field. Relevant certifications (e.g., AWS Certified Security - Speciality, GPEN, OSCP, OSCE) are highly desirable. Extensive experience and strong understanding of AWS services and cloud security controls including but not limited to IAM, KMS, VPC, Security Groups, AWS Inspector, Guard Duty and SCPs.<br>
CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing