Security Engineer - PenTest Squad

About Us

At ANZ, we're applying new ways technology and data can be harnessed as we work towards a common goal: to improve the financial wellbeing and sustainability of our millions of customers.

Our community of over 5,000 engineers is key to making this happen, because technology underpins every part of our business - from delivering tools, apps and services for our customers, to building a bank for the future. 

About the Role

The mission of Penetration Testing squad is to keep ANZ safe through the active identification of cyber security threat within the systems and/or services that are used or the applications that are developed.

As an Engineer in Penetration Testing squad, drive ANZ's information security efforts by providing Subject Matter Expertise in delivering security and penetration testing activities of applications and systems across the enterprise. In addition, this role will also assist in automation and integration of application security toolset within the enterprise CI/CD pipeline to enable DevSecOps and to maintain the application security toolset and the platform.

What will your day look like?

As a Senior Security Engineer, you will support application security services to increase delivery speed in a secure manner. You will utilise various tools and practices to secure solutions in the most efficient ways, enhancing tech division capabilities and enabling DevSecOps across the enterprise.

As a Senior Security Engineer, you will drive ANZ's information security efforts by providing Subject Matter Expertise and collaborate with engineering teams for:
•    Delivering application security services covering security code review, software composition analysis and security training
•    Assessing tools outputs, reviewing code/configuration, and providing guidance on security vulnerabilities and remediation controls to the application development teams
•    Integrating, managing, fine tuning and automating application security toolset and practices to enable DevSecOps

What will you bring?

To grow and be successful in this role, you will ideally bring the following:

Required skills

• Proven experience in performing penetration testing of various application types including web, web services, APIs, mobile and thick client.
• Demonstrable proficiency of penetration testing in cloud (GCP, AWS) and container (Docker, Kubernetes & OpenShift) space
• Strong understanding of threats, vulnerabilities, risks, exploits and associated security testing needed
• Hands-on experience in all the phases of penetration testing activity including scoping, testing, providing remediation guidance, reporting and quality review
• Experience in running through multiple exploitation scenarios as part of penetration testing activity
• Experience in the execution of security testing using automated tools (dynamic application security testing tools) and manual techniques
• Knowledge of APIs and integration patterns offered by the application security toolsets and its usage to facilitate integration and automation
• Delivery of penetration testing activity as part of an agile delivery model and to support DevSecOps
• Strong communication, presentation, and stakeholder management skills
• Excellent consulting skills with the ability to communicate clearly to developers and senior management at the expected level
• A desire to continuously learn new techniques / technologies and bring innovative ideas into the squad
• Lead penetration testing activity and ability to motivate, mentor individuals within the team and show genuine interest in their career development

Job Posting End Date

15/10/2024 , 11.59pm, (Melbourne Australia)