Security Engineer (Hybrid/Remote) at HotDoc Online Pty Ltd Privacy and Security • Melbourne, Victoria 3000, Australia • Full-time Role Type Permanent • Full-time • Mid Level Pay Rate 120000 AUD – 150000 AUD (Annum) Description Welcome to HotDoc! 👋 Founded in Melbourne in 2012, HotDoc is Australia’s largest patient engagement platform — with over 8 million app downloads and partnerships with more than 21,000 practitioners across General Practice, Allied Health, Dental, Specialist, and Optometry. We handle sensitive health (PHI) and personal (PII) data and operate in a highly regulated environment. That means security isn’t an afterthought here — it’s foundational to everything we build. This role sits at the heart of that. We have ambitious goals to improve the healthcare experience for everyone in Australia, and we’re looking for exceptional people to help us get there. Role Purpose & Context This is a hands-on, execution-focused security engineering role. You’ll work closely with Engineering, Infrastructure, Product, and Leadership to reduce risk, uplift compliance maturity, and embed security best practices across a growing SaaS platform at a pivotal stage of growth. You’ll report directly to the Principal Security Engineer and work within a collaborative team that values pragmatism, clarity, and psychological safety. This is not a purely advisory or GRC role. You’ll be doing real engineering work — building tooling, triaging vulnerabilities, supporting incidents, and helping engineering teams ship securely. You’ll earn trust by being useful, specific, and enabling — not by being a gatekeeper. Why Join HotDoc? Join a purpose-driven team where your work directly protects the patients and practitioners who depend on our platform every day. Here’s what you can look forward to: - Impactful, meaningful work — Security at HotDoc protects real health data for millions of Australians. You’ll see how your work connects to outcomes that matter. - A team that values how you work, not just what you deliver — Our culture is built on empathy, curiosity, and psychological safety. We challenge with care, not with hierarchy. - Genuine autonomy with real support — Own your domains and drive your own work, with your leader and team always there to back you up. - A structured monthly milestone plan — We don’t just hire people and hope for the best. You’ll have a clear 6–24 month development roadmap, regular 1:1s, and genuine investment in your career progression. What Will You Be Doing? Operational Security & Risk Management - Own vulnerability identification, prioritisation, and remediation workflows across infrastructure and application layers — using tools, not just spreadsheets - Partner hands-on with engineering squads to review, triage, and remediate security risks within normal sprint cycles - Participate in incident response and contribute to post-incident improvements that actually get implemented - Improve alert quality and reduce noise in security monitoring, so the team responds to what matters Compliance & Audit Readiness - Support SOC 2 and PCI DSS control implementation — evidence collection, control mapping, and gap remediation - Assist with audit preparation cycles and maintain an accurate, up-to-date view of our control posture - Contribute to vendor and third-party risk assessments with practical, proportionate judgement - Maintain security documentation, policies, and control mappings so they reflect reality, not aspiration Secure Development & AI Enablement - Embed security into engineering workflows — threat modelling, code review support, secure defaults in CI/CD pipelines - Work with product and engineering teams to ensure AI-generated and AI-assisted code follows security best practices - Help define guardrails for AI-enabled product features as our AI footprint grows - Provide clear, actionable security guidance during design and architecture discussions Security Architecture Support - Assist in strengthening encryption, identity, access management, and key management practices - Support our MFA rollout and authentication improvement programme - Contribute to health data architecture uplift initiatives that protect patient data at scale Security Engineering & Tooling - Design, build, and maintain internal security tooling, iterating based on feedback and emerging threat patterns - Leverage AI tools to improve the efficiency and effectiveness of security operations What You Must Have to Apply - 3+ years of hands-on experience in application security, infrastructure security, or cloud security — not purely advisory or GRC roles - Demonstrated experience supporting compliance initiatives such as SOC 2, PCI DSS, ISO 27001 or similar — you’ve done the work, not just observed it - Strong, practical AWS security knowledge (or equivalent public cloud) - Experience with vulnerability management tools and remediation workflows — you can triage, prioritise, and communicate risk clearly - Familiarity with Secure SDLC practices and how to work with developers without slowing teams down - Strong written and verbal communication — you can translate security risk into language that resonates with engineers, product managers, and executives alike You’re Just the Person We’re Looking For If You Can Demonstrate - A pragmatic, enabling mindset — you see your job as helping engineers ship securely, not saying no - Genuine curiosity and a growth mindset — you ask “why?” often and are open to new tools and approaches - Ownership and follow-through — you drive work to completion without needing to be chased - The confidence to speak up — you surface risks and concerns proactively, even when it’s not the easy option - A socially conscious outlook — you understand that security failures here have real consequences for patients and clinicians - Comfort with ambiguity and a “progress beats perfection” approach to getting things done What Do Our Employees Love About Working for HotDoc? Our people are at the heart of HotDoc. We are an employee-first company and recognise that we can’t deliver a great patient experience without looking after the people who build it. - Flexibility to work from home and our Melbourne HQ - Access to our comprehensive Health & Wellbeing Program - A generous Learning & Development Budget - Parental leave benefits including paid baby sleep school, first aid courses, and EAP for primary and secondary caregivers - Company-wide events and activities at our Melbourne HQ, open to all remote and hybrid staff several times a year - In-office collaboration days with workshops and team planning sessions - Private and confidential EAP from Day 1 - In-house Career and Strengths Coaching tailored to every employee Please note: we ask that local team members make an effort to attend our Melbourne HQ regularly to build relationships and collaborate in person. If you have flexible working requirements, please raise this with the Hiring Manager during the recruitment process so we can explore what’s possible. HotDoc Is a Place Where You Can Be You. HotDoc prides itself on being an inclusive and diverse workplace — in fact, we celebrate it. If there are any alternative considerations you might require to perform this role, or anything we can do to support you through the application process, please let us know. We’ll do our best to make this a great experience. Company Overview Our mission; To enable the best healthcare experience for everyone in Australia

Realizar actividades tratamiento fisicoquímico del agua para garantizar los resultados establecidos en el contrato establecido con el cliente · Visitar a los clientes, de acuerdo con el plan de trabajo y normas de seguridad, con el fin de medir los resultados al programa de tratamiento químico diseñado. · Realizar el control químico y dosificación de los productos de la compañía utilizados en las instalaciones de los clientes, para garantizar que los productos se encuentren dentro de los rangos establecidos y se estén dosificando en todo momento. · Detectar e informar fallas y / o problemas de productos cuando se encuentran fuera de los rangos establecidos, resolver problemas de manera eficiente y ofrecer alternativas rentables según sea necesario en materia de tratamiento químico del agua. · Realizar revisión de existencias de los productos en las instalaciones del cliente con el fin de suministrarlos dentro del tiempo acordado y reportar los inventarios de estos. · Realizar inspecciones de equipos para monitorear las condiciones y la calidad de la operación, emitiendo los informes correspondientes · Participar en reuniones con el equipo para mejorar el servicio al cliente. · Documentar y comunicar los resultados entregados al cliente, proporcionando claridad y valor. · Realizar la correlación de datos de operación vs tendencias química y de consumos. · Apoyar en la preparación de reportes detallando problemas técnicos y soluciones para iniciar la acción correctiva necesaria por modificaciones del producto y/o recomendaciones de cambios en los procesos. · Verificar el cumplimiento de compromisos, regulatorios y de contrato · Atender requerimiento de los clientes relacionados con términos y condiciones de contrato con respecto al tratamiento del agua · Toma de muestras para llevar a cabo análisis fisicoquímico relacionado con el tratamiento de agua y su análisis en el laboratorio. · Asegurar la implementación de los estándares de servicio en sitio con todos los clientes. · Buscar mantenerse al corriente de los últimos avances de la industria a través de educación continua. · Observar las medidas de seguridad de Chemtreat y del cliente y atender el entrenamiento de seguridad requerido. · Soportar y estar comprometido con el Proceso de Mejoramiento de la Calidad de Chemtreat. Planea estrategias para asegurar un trabajo libre de errores, “haciéndolo correctamente desde la primera vez” y transmite esta actitud en el desarrollo diario de sus diversas responsabilidades. Participa en Equipos de Mejoramiento de la Calidad y Acciones Correctivas” y lleva mediciones de los procesos de su área. At Veralto, we value diversity and the existence of similarities and differences, both visible and not, found in our workforce, workplace and throughout the markets we serve. Our associates, customers and shareholders contribute unique and different perspectives as a result of these diverse attributes. Unsolicited Assistance We do not accept unsolicited assistance from any headhunters or recruitment firms for any of our job openings. All resumes or profiles submitted by search firms to any employee at any of the Veralto companies, in any form without a valid, signed search agreement in place for the specific position, approved by Talent Acquisition, will be deemed the sole property of Veralto and its companies. No fee will be paid in the event the candidate is hired by Veralto and its companies because of the unsolicited referral.

At Allstate, great things happen when our people work together to protect families and their belongings from life’s uncertainties. And for more than 90 years, our innovative drive has kept us a step ahead of our customers’ evolving needs. From advocating for seat belts, air bags and graduated driving laws, to being an industry leader in pricing sophistication, telematics, and, more recently, device and identity protection. Job Description We are looking for a hands-on Cybersecurity Automation Engineer to design and build software that enables and scales cybersecurity operations across Allstate. This role sits within the Automation Enablement team in Cyber Operations. The mission of this team is to turn security requirements and manual processes into reliable, secure, automated services that improve incident response, integrate security tooling, and strengthen cloud-first security operations. This is an engineering-first role. You will write and maintain production code, build secure services and APIs, and partner closely with incident response, threat intelligence, IAM, and platform teams to deliver automation that is used every day. The internal job title is a Security Engineer Senior Consultant II. Key Responsibilities What You Will Do Build Secure Software & Automation Design, develop, test, and maintain production-grade security services, APIs, and automation Build internal tools and integrations that support incident response, detection, and cyber operations Treat security tooling as software products: versioned, tested, monitored, and maintained Apply Security Engineering Best Practices Design secure APIs using authentication and authorization standards (OAuth 2.0, OIDC, SAML, JWT) Apply secure software design principles including least privilege, secrets management, and defense-in-depth Use cryptographic concepts appropriately (hashing, encryption, key management via managed services) Automate & Integrate Across Platforms Integrate security controls and validation into CI/CD pipelines Build automation that connects cloud platforms, security tools, and internal services Partner with cloud and platform teams to ensure solutions are scalable, resilient, and secure Support Cyber Operations Collaborate with incident response, threat intelligence, and SOC teams to identify automation opportunities Improve consistency and speed of response through repeatable, reliable automation Participate in incident follow-ups and help turn lessons learned into system improvements Essential Qualifications - 3+ years of professional software development experience - Strong proficiency in at least one backend language (Python or Java preferred) - Experience designing and building secure APIs or services - Practical knowledge of secure coding practices and common application vulnerabilities - Experience with IAM and authentication concepts (OAuth 2.0, OIDC, SAML, JWT) - Experience contributing to or working with CI/CD pipelines - Hands-on experience with cloud platforms (Azure, AWS, or equivalent Desirable Qualifications - Experience with infrastructure or automation tooling (Terraform, Jenkins, GitHub Actions, etc.) - Experience working with containers (Docker; Kubernetes exposure a plus) - Experience integrating or extending SIEM/SOAR platforms (Microsoft Sentinel, Defender, Splunk, etc.) - Exposure to incident response or security operations workflows - Experience in regulated or large enterprise environments - Relevant certifications such as Security+, AZ-104, or AWS Associate What Success Looks Like You build automation that security teams rely on Manual security tasks become repeatable services Secure defaults are enforced through code, not documentation Cloud-based security controls are easier to use and harder to misuse Experience • 3 or more years of experience (Preferred) Supervisory Responsibilities • This job does not have supervisory duties. #LI-MF1 Skills Application Programming Interface (API), Authentication, Automation, Encryption, Information Security Engineering, IT Security Operations, Risk Management, Secure Coding, Secure Coding Practices, Security Controls, Security Engineering, Security Software, Security Tools, Software Automation, Splunk, Stakeholder Engagement Compensation Compensation offered for this role is 75,100.00 - 126,325.00 annually and is based on experience and qualifications. The candidate(s) offered this position will be required to submit to a background investigation. Joining our team isn’t just a job — it’s an opportunity. One that takes your skills and pushes them to the next level. One that encourages you to challenge the status quo. One where you can shape the future of protection while supporting causes that mean the most to you. Joining our team means being part of something bigger – a winning team making a meaningful impact. Allstate generally does not sponsor individuals for employment-based visas for this position. Effective July 1, 2014, under Indiana House Enrolled Act (HEA) 1242, it is against public policy of the State of Indiana and a discriminatory practice for an employer to discriminate against a prospective employee on the basis of status as a veteran by refusing to employ an applicant on the basis that they are a veteran of the armed forces of the United States, a member of the Indiana National Guard or a member of a reserve component. For jobs in San Francisco, please click “here” for information regarding the San Francisco Fair Chance Ordinance. For jobs in Los Angeles, please click “here” for information regarding the Los Angeles Fair Chance Initiative for Hiring Ordinance. To view the “EEO Know Your Rights” poster click “here”. This poster provides information concerning the laws and procedures for filing complaints of violations of the laws with the Office of Federal Contract Compliance Programs. To view the FMLA poster, click “here”. This poster summarizing the major provisions of the Family and Medical Leave Act (FMLA) and telling employees how to file a complaint. It is the Company’s policy to employ the best qualified individuals available for all jobs. Therefore, any discriminatory action taken on account of an employee’s ancestry, age, color, disability, genetic information, gender, gender identity, gender expression, sexual and reproductive health decision, marital status, medical condition, military or veteran status, national origin, race (include traits historically associated with race, including, but not limited to, hair texture and protective hairstyles), religion (including religious dress), sex, or sexual orientation that adversely affects an employee's terms or conditions of employment is prohibited. This policy applies to all aspects of the employment relationship, including, but not limited to, hiring, training, salary administration, promotion, job assignment, benefits, discipline, and separation of employment.

Ciklum is looking for a Senior Security Engineer to join our team full-time in Bulgaria. We are a custom product engineering company that supports both multinational organizations and scaling startups to solve their most complex business challenges. With a global team of over 4,000 highly skilled developers, consultants, analysts and product owners, we engineer technology that redefines industries and shapes the way people live. About the role: As a Senior Security Engineer, become a part of a cross-functional development team engineering experiences of tomorrow. Together, we will work on the project for a global leader in the leisure, travel and tourism sector, delivering secure and scalable technology that enables a high-quality end-to-end customer experience. The Senior Security Engineer is a practitioner and an advocate of state-of-the-art cloud engineering practices, with a strong DevSecOps mindset, able to tackle the whole software development cycle of designing, building, testing and deploying applications. Responsibilities: - Provide and support the content delivery and security platform at edge across multiple domains - Take over full responsibility for the platform, from design to operation, ensuring quality of work, proper documentation, and security aspects - Develop and run the content delivery network and associated platform as part of a team - Enable business development teams to work more efficiently by using expertise in developing and operating technical platforms - Help other teams adopt your platform through direct engagement - Ensure observability of your platform and service - Improve CI/CD and automation maturity and efficiency - Research, evaluate and test new approaches, processes and tools and help teams to use them effectively - Drive technical excellence, ownership, and self-organisation at team and personal level Requirements: - Proficient experience in working with CDN and WAF solutions like Akamai, AWS or Cloudflare. Bot detection, DDoS protection, cache optimisation - Deep knowledge and hands-on experience on Web technologies - RFC’s, request/response lifecycle, DNS, protocols, status codes, cookies, headers, proxies, certificates, browsers, caching, etc - Experience in front-end development is a huge plus - Advanced experience in designing secure, highly available, distributed applications in an Amazon Web Services (AWS) environment. EKS, Lamdba functions, Lambda@Edge, CloudFront, S3, API Gateways knowledge is preferable - Ability to understand and analyse complex security events as well as adjust the resulting ongoing security profiles - Monitoring experience - Datadog, Grafana. Trend analysis, deep investigation, issue tracking - Experience in defining, planning, implementing, maintaining, and upgrading security measures, guardrails and controls for WAF and CDN - Familiar with information security standards & practices and their practical implications - Experienced in securing APIs, REST API and GraphQL API using AWS AppSync - Deep automation skills, hands-on experience with agentic LLMs, experience with some scripting and programming languages such as Python - Advanced experience with CI/CD, preferably Gitlab CI - Experience with Infrastructure as a Code tools. Preferably Terraform, CloudFormation, AWS CDK - Being customer centric, passionate about delivering great digital products and services - Passionate about continuous improvement, collaboration and great teams - Strong problem-solving skills coupled with good communication skills - Understanding of social and ethical implications of software engineering - Open minded, inquisitive, life-long learner - Comfortable with ambiguity, highly autonomous What’s in it for you? - Regular salary reviews based on performance - Corporate events: webinars, offline parties, and meetups - Internal Mobility Program - Tailored education path (including full access to Udemy, certifications, etc.) - 25 paid days off: 20 business days of vacation per calendar year + 5 undocumented sick leave days - Additional health insurance - 100% company-covered Multisport card, with discounts available for family members About us: At Ciklum, we are always exploring innovations, empowering each other to achieve more, and engineering solutions that matter. With us, you’ll work with cutting-edge technologies, contribute to impactful projects, and be part of a One Team culture that values collaboration and progress. Since expanding to Bulgaria in 2022, we’ve been building a fast-growing team that thrives on learning, collaboration, and innovation. Join us on this exciting journey and help shape the future of our delivery center. Want to learn more about us? Follow us on Instagram, Facebook, LinkedIn. Explore, empower, engineer with Ciklum! Interested already? We would love to get to know you. Submit your application. We can’t wait to see you at Ciklum.