Principal Adversarial Engineer

Title: Principal Adversarial Engineer

Your role:

The Purple Team (within the Cyber Defence Operations department) is responsible for bridging offensive and defensive security, ensuring that security controls and detection capabilities are continually tested and improved. This team works closely with both red (offensive) and blue (defensive) teams to provide continuous threat emulation, adversary simulation, and real-world attack testing—helping strengthen CommBank’s overall cyber resilience.

The function's remit spans a wide range of offensive security (web app testing, infrastructure testing, cloud testing, and research) while using this testing to work collaboratively with blue teams to enhance detection, response, and defensive controls.

The Purple Team at CBA is one of the most experienced in the industry, bringing together professionals with offensive and defensive expertise. This trusted brand extends into critical deliverables such as attack detection tuning, defensive control metrics, proactive defence improvements, and advisory support for security leadership.

Purple Team members should have strong offensive and defensive cyber security knowledge, experience in both offensive testing and defensive security operations, ability to collaborate effectively with blue teams to improve detection and response, knowledge of adversary tactics, techniques, and procedures (TTPs) and threat modelling, and advanced risk management skills and a mindset for improving security posture across the organization

Do Work That Matters

Deep dive into complex technical problems using your creativity and reasoning. Think like an attacker and defender to identify critical weaknesses and validate detection and response capabilities ahead of adversaries. Perform real-world attack simulations and work collaboratively with the blue team to strengthen security defences. Be recognized as a trusted and professional source of truth for the business.

Your Responsibilities

• Plan and execute purple team engagements, simulating real-world attacks to assess and improve the Group’s detection, response, and resilience.
• Collaborate with red and blue teams to identify, exploit, detect, and mitigate weaknesses across People, Processes, and Technology.
• Perform threat-informed adversary emulation, using TTPs to guide tests and validate security controls, working closely with defensive teams to enhance detections.
• Research novel attack techniques and translate them into actionable defensive improvements for security monitoring, detection, and response strategies.
• Share deep technical and non-technical purple teaming knowledge with various audiences, fostering a security-first mindset across the organization.
• Execute expert-level research on both offensive and defensive techniques, staying ahead of emerging threats and continuously improving detection and response capabilities.
• Write comprehensive reports, including assessment-based findings, blue team collaboration outcomes, and actionable recommendations for security enhancement.

What you will need to succeed:

This role is ideal for security professionals who enjoy working at the intersection of offense and defence, leveraging adversary insights to drive real-world security improvements across the bank. This person will be pivotal in improving our defence capabilities, processes and the use of technology tools and services across the Red Team within the Cyber Defence Operations.

You will bring:

• Demonstrated prior experience working in Red or Purple Teams and can apply understanding of attacker techniques and methodologies.
• Leadership and mentorship experience with an interest in working collaboratively.
• Ability to collaborate effectively with blue teams to improve detection and response
• Ability to work closely with system owners, developers, engineers and/or project teams to identify key gaps in our defences.
• Knowledge of adversary tactics, techniques, and procedures (TTPs) and threat modelling
• Advanced risk management skills and a mindset for improving security posture across the organization
• Relevant SANS, Offensive Security and other industry recognised offensive certifications are highly desirable.
• Experience in developing hacking tools, security research, advisories, and presentations is an advantage.

If this role is of interest to you please apply directly or reach out to have a confidential discussion in more detail.

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.