Security Engineer

About the role

TracPlus is seeking a Security Engineer to own platform security for its cloud‑based telemetry and data solutions used in aerial firefighting and emergency response. Based in the Auckland CBD office, you will ensure that every component of the product is built securely by design and that security tooling is embedded throughout the development lifecycle.

Key responsibilities

• Define and embed security requirements early in sprint planning, design documents, and acceptance criteria.
• Participate in architecture reviews and threat‑modeling sessions using structured methods such as STRIDE.
• Conduct security reviews of backend services (C#/.NET), frontend applications (React/TypeScript), APIs, and data pipelines.
• Maintain and enhance security tooling in GitHub Actions pipelines, including SAST, SCA, secrets detection, container scanning, and DAST.
• Apply Google Cloud Platform security controls (IAM, VPC, Security Command Center, logging, KMS) across the platform.
• Own vulnerability management: triage findings, prioritize risk, and drive remediation with engineering teams.
• Assess AI‑specific security risks such as prompt injection and adversarial inputs.
• Monitor security alerts, support incident response, and contribute to post‑mortems.

Required profile

• Strong technical background with hands‑on experience in software development and security engineering.
• Ability to read and write code, automate security checks, and engage in architectural discussions.
• Up‑to‑date knowledge of evolving threat landscapes, including AI‑driven risks.

Required skills

• C#/.NET
• React/TypeScript
• API security
• Data pipeline security
• GitHub Actions (SAST, SCA, secrets detection, container scanning, DAST)
• Google Cloud Platform security (IAM, VPC, Security Command Center, logging, KMS)
• Vulnerability management processes
• Threat modeling (STRIDE)
• AI security risk assessment