Security Engineer - IAM

Location: Sydney

This is a hybrid role if you are located in Sydney OR a remote role if you are located outside of our Sydney Hub.



We are recognised as a Great Place to Work. We’re a passionate team of brilliant achievers, and together we’re using technology to take the small business finance industry next level. Our mission is to keep small businesses moving – with smart cash flow solutions right when they need them. Supporting them through ups and downs. Making their lives easier. Helping them Prosper. To date, we’ve helped over 30,000 unique small business customers across Australia and New Zealand with over $2 billion in small business loans.

Our values: obsess about customers; deliver value fast; day 1; simplicity; be bold, open, and real; and one team, inform how we think and act every day.


Security at Prospa is about working towards a robust and effective security function to protect Prospa and its customers and enable the business to grow. 

As a Security Engineer, you will focus on Prospa’s Identity and Access Management capabilities, review the existing controls, and deliver projects and improvement activities that enhance authentication and authorisation to Prospa systems and data.


  • Integrate key systems to Azure AD and configure SSO for new applications.
  • Design and deployment of hardware U2F tokens across the organisation.
  • Built out governance practices for identity and privileged access management functions.
  • Analyse, design and migrate users to least privilege role templates based on department, role, and risk level.
  • Understand the friction of processes and aim to reduce friction without impacting risk.
  • Review and configure Azure AD identity features such as Identity Protection, Access Reviews and Entitlements Management.
  • Contribute to various security projects as part of the cyber security roadmap.


  • 3+ years of relevant experience in security, with practical experience working in identity management initiatives.
  • Experience in working with various stakeholders to advise on security controls and requirements.
  • Strong written and verbal communication skills and the confidence to liaise with senior stakeholders.
  • Experience with Azure AD and implementing cloud restrictions, such as Azure Policies, Conditional Access Policies, and Privileged Identity Management. AZ-500: Azure Security Engineer Associate and SC-900: Microsoft Security, Compliance, and Identity Fundamentals are highly regarded but not required.
  • Understanding of authentication standards. OAuth (understand flows), SAML, SCIM, FIDO (U2F, WebAuthn), Mobile Auth solutions, OTP
  • Understanding of zero trust architecture and related patterns.

Don’t let a confidence gap get in the way of submitting your application. We’d love to hear from you and see if this could be a great match.

What we offer

  • Work with the latest technologies in the market
  • Study allowance and paid learning days
  • Join a team of passionate, diverse and talented Engineers
  • Career development opportunities
  • Flexibility (remote work on offer)
  • Highly competitive incentive scheme
  • Volunteer leave & paid parental leave
  • Team and company wide social events
  • A chance to be a part of one of Australia’s fastest scaling tech organisations

Why Prospa?

We embrace diversity in our people and our thinking and provide a collaborative, inclusive, innovative and respectful environment. We celebrate who you are and actively provide our employees the same great experience we provide our customers.

It’s super exciting every day. Always moving. Always something new around the corner. And we’ve only just cracked the surface.

Open the door. Feel the buzz. Want in?