• Own onboarding and offboarding end to end, so every employee, contractor, and partner gets the right access fast and loses it cleanly when they leave • Automate repetitive operational stacks across our stack with scripts, APIs, and agents • Run day to day IAM across Okta, Google Workspace, and other internal applications • Provision and deprovision accounts and devices, and assist to mature our endpoint tooling over time (EDR, MDM) • Be the trusted point of contact for employee technology and access, resolve internal issues quickly, and turn recurring issues into self serve solutions • Lead access reviews and own IAM related audit controls for SOC2, ISO27001, and ISO42001

• Utilising knowledge of blue teaming engagements and techniques to plan, write and improve defensive security labs, challenges and online learning content on the Immersive One platform. • Produce multi-format content utilising various teaching methods; practical exercises, questions & gamification • Test Blue Team labs and ranges to ensure they function as expected • Research the latest crisis and incidents and compile this research to deliver a catalogue of crisis simulation content • Compile technical research into understandable concise content for both technical and non-technical audience • Work with the wider Product team on new projects and product innovations and how best to deploy them

About Airwallex Airwallex is the only unified payments and financial platform for global businesses. Powered by our unique combination of proprietary infrastructure and software, we empower over 200,000 businesses worldwide - including Brex, Rippling, Navan, Qantas, SHEIN and many more - with fully integrated solutions to manage everything from business accounts, payments, spend management and treasury, to embedded finance at a global scale. Proudly founded in Melbourne, we have a team of over 2,200 of the brightest and most innovative people in tech across 26 offices around the globe. Valued at US$8 billion and backed by world-leading investors including T. Rowe Price, Visa, Mastercard, Robinhood Ventures, Sequoia, Salesforce Ventures, DST Global, and Lone Pine Capital, Airwallex is leading the charge in building the global payments and financial platform of the future. If you're ready to do the most ambitious work of your career, join us. Attributes We Value We hire successful builders with founder-like energy who want real impact, accelerated learning, and true ownership. You bring strong role-related expertise and sharp thinking, and you're motivated by our mission and operating principles. You move fast with good judgment, dig deep with curiosity, and make decisions from first principles, balancing speed and rigor. You're humble and collaborative; turn zero-to-one ideas into real products, and you "get stuff done" end-to-end. You use AI to work smarter and solve problems faster. Here, you'll tackle complex, high-visibility problems with exceptional teammates and grow your career as we build the future of global banking. If that sounds like you, let's build what's next. About the team Airwallex's Information Security team partners closely with engineering, IT, and other stakeholders to protect our systems, data, and employees while enabling the business to move quickly. The team helps build and maintain strong security practices across the company-from secure product and infrastructure design to risk reduction, incident response, audits, and compliance-so security is built into how we operate, not treated as a blocker. Your role As a Staff Product Security Engineer at Airwallex, you will be a trusted member of the Information Security team and work closely with Infrastructure, Product and Engineering teams across the business. Reporting directly to the Product Security Engineering Manager, this role will see you being a critical part of Airwallex, helping to identify, protect, detect, respond and recover the organisation from cybersecurity threats. This is a dynamic and hands-on role that requires experience in designing, developing and managing infrastructure projects, processes and standards related to the security of our networks, systems and applications. What you'll be doing - Create and build security controls that strengthen Airwallex's ability to scale securely. - Design and deliver security improvements across applications, software, and services. - Develop and operationalise detection strategies and response workflows that improve the speed and effectiveness of incident response. - Build and enhance secure systems through strong integration, testing, operations, and maintenance practices. - Leverage and analyse endpoint, network, and cloud telemetry to identify, investigate, and mitigate threats. - Design, implement, and maintain cybersecurity infrastructure that improves resilience across the Airwallex environment. - Investigate, contain, and respond to cybersecurity incidents to reduce risk and strengthen defensive capability. - Assess and improve system and network security by identifying vulnerabilities, configuration issues, and remediation opportunities. - Collect and analyse threat intelligence and forensic evidence to better understand, track, and disrupt threats. - Conduct and support defensive operations, tactical forensics, and threat hunting to strengthen security outcomes. - Partner with teams across Airwallex to embed security into new and existing applications, software, and services and drive continuous improvement. Minimum Qualifications (must-have) - 8+ years working in a security engineering or incident response role within a tech company - In depth expertise with at least one major cloud platform - Strong knowledge of common software development tools and infrastructure, including CI/CD tooling and pipelines - Comprehensive understanding of common attacker tools and techniques, how they can be detected and prevented, and ability to respond to incidents with high depth and quality of investigation - Strong communication skills with the ability to explain technical security and software concepts to a non-technical audience - A passion for solving the complex challenges of high-growth startups - Self motivation and drive to learn new skills, or dive deeper into existing skills Highly Desired - Bachelor's degree in Cybersecurity, Computer Science or similar - Recognised training or cybersecurity certifications (eg OSCP, GIAC, CEH) - Strong experience with Splunk and other common security monitoring tools - Past DevOps/SRE experience with Kubernetes - Experience with GCP or Alibaba Cloud (with or without certification) - Experience with Okta, GSuite, and cloud-based VPN services - Experience with Python, Java/Kotlin - Published articles, journals or blogs related to cybersecurity Applicant Safety Policy: Fraud and Third-Party Recruiters To protect you from recruitment scams, please be aware that Airwallex will not ask for bank details, sensitive ID numbers (i.e. passport), or any form of payment during the application or interview process. All official communication will come from an @airwallex.com email address. Please apply only through careers.airwallex.com or our official LinkedIn page. Airwallex does not accept unsolicited resumes from search firms/recruiters. Airwallex will not pay any fees to search firms/recruiters if a candidate is submitted by a search firm/recruiter unless an agreement has been entered into with respect to specific open position(s). Search firms/recruiters submitting resumes to Airwallex on an unsolicited basis shall be deemed to accept this condition, regardless of any other provision to the contrary. Equal opportunity Airwallex is proud to be an equal opportunity employer. We value diversity and anyone seeking employment at Airwallex is considered based on merit, qualifications, competence and talent. We don't regard color, religion, race, national origin, sexual orientation, ancestry, citizenship, sex, marital or family status, disability, gender, or any other legally protected status when making our hiring decisions. If you have a disability or special need that requires accommodation, please let us know. #BI-Hybrid

• Partner with product and engineering teams to integrate security throughout the development lifecycle and drive security initiatives across our stack. • Leverage AI and automation to scale product security coverage, matching the pace of AI-assisted development across engineering. • Design and implement security controls and architecture that scale with our growing product portfolio. • Conduct comprehensive security reviews and threat modeling to identify and mitigate potential vulnerabilities, including risks introduced by AI-generated code and AI-powered features. • Contribute to our vulnerability management program, including triaging bug bounty and vulnerability disclosure reports and driving remediation efforts. • Develop and implement automated security testing, monitoring, and response capabilities, using Tines itself, plus AI-driven tooling, to eliminate manual toil. • Serve as an incident responder during security events and lead post-incident reviews. • Champion security awareness and provide technical guidance to engineering teams, including best practices for secure AI-assisted development.