Application Security Engineer
About us
For over 25 years, Catalyst has worked with government, enterprise and non-profit organisations to create software solutions with limitless possibilities. We specialise in systems that provide full data sovereignty and are free from licensing costs and vendor lock-in - we do this through the power of open source and the freedom it gives for innovation. With sister-companies in New Zealand, Australia and the UK, we’re a company that is recognised globally for our open source expertise, pushing the conventional technology boundaries and creating award-winning software solutions. A career at Catalyst gives you the opportunity to work on high-profile projects, collaborate with industry experts, and continuously grow - personally and professionally. We’re on our own journey to align ourselves better with te ao Māori and our team is filled with open source enthusiasts who share our values of openness, freedom, collaboration and respect.
About the role
We're looking for an Application Security Engineer to help embed security across Catalyst's systems. This role is focused on practical application security — from threat modelling and code reviews to integrating security tooling into CI/CD pipelines and supporting development teams to build securely from the ground up.
Working closely with the security team, developers, and other stakeholders, you'll help reduce Catalyst's application risk profile, drive secure coding practices, and foster a genuine culture of security awareness across our development teams. You'll also play an active role supporting the security team in identifying and responding to incidents as they arise as well as leading tool development to support the team.
This role is based in our Wellington office.
About you
You are an experienced security professional who is as comfortable reviewing code and running vulnerability assessments as you are explaining risk to a non-technical audience and documenting your work. You take ownership of outcomes, bring structure to complex problems, and enjoy working collaboratively with development teams.
Ideally, you will bring:
- Strong experience in application security, including code audits, vulnerability assessments, and threat modelling
- Hands-on knowledge of security tools such as Burp Suite, OWASP ZAP, SonarQube, Semgrep, or Snyk
- Experience integrating SAST, DAST, and SCA tooling into CI/CD pipelines (DevSecOps)
- Familiarity with frameworks and standards such as OWASP Top Ten, NIST, CWE/SANS Top 25, or ISO 27001
- Proven experience developing security tooling or automation in Linux-based environments
- A calm, methodical approach — particularly when supporting the security team through incident identification and response
Relevant certifications (such as CSSLP, OSCP, CEH, or GWAPT) are desirable but not essential.
At Catalyst, we care more about finding the right person than ticking every box. If this role interests you and you believe your experience and approach would add value, even if you don't meet every requirement listed, we encourage you to apply!
Why you’ll love working at Catalyst
At Catalyst, our people are at the heart of our success. We cultivate an environment where every individual is encouraged to bring their full self to work. Our vibrant culture is built on a foundation of community engagement, collaboration, and shared success.
Along with a competitive salary, Catalyst offers a range of benefits designed with your well-being in mind. We emphasise work-life balance, continuous learning and career progression. Here, your talents are appreciated and your ideas are welcomed—helping us shape a future where innovation and inclusivity go hand-in-hand.
Our hiring processes reflect our diversity policy which you can read in full here: https://www.catalyst.net.nz/diversity-and-inclusion-policy
Blog Post: Read about why our people work at Catalyst https://www.catalyst.net.nz/stories-and-studies/catalyst-blog/candc-balancing-career-growth-with-wellbeing
Applications for this role will take you to the advertisers site.
