Penetration Tester - Senior Security EngineerANZ Banking Group Limited offers a range of personal banking services such as internet banking, bank accounts, credit cards, home loans, personal loans, travel and international, investment and insurance.
At ANZ, we're applying new ways technology and data can be harnessed as we work towards a common goal: to improve the financial wellbeing and sustainability of our millions of customers.
Our community of over 5,000 engineers is key to making this happen, because technology underpins every part of our business - from delivering tools, apps and services for our customers, to building a bank for the future.
About the RoleThe mission of the Penetration Testing squad is to keep ANZ safe through the active identification of cyber security threats within the systems and/or services that are used or the applications that are developed.
As a Senior Engineer in the Penetration Testing squad, you will drive ANZ's information security efforts by providing Subject Matter Expertise in delivering security and penetration testing activities of applications and systems across the enterprise. In addition, this role will also assist in automation and integration of application security toolsets within the enterprise CI/CD pipeline to enable DevSecOps and to maintain the application security toolset and the platform.
What will your day look like?As a Penetration Tester - Senior Security Engineer, you will support application security services to increase delivery speed in a secure manner. You will utilize various tools and practices to secure solutions in the most efficient ways, enhancing tech division capabilities and enabling DevSecOps across the enterprise.
You will drive ANZ's information security efforts by providing Subject Matter Expertise and collaborate with engineering teams for:
Delivering application security services covering security code review, software composition analysis, and security training.Assessing tool outputs, reviewing code/configuration, and providing guidance on security vulnerabilities and remediation controls to the application development teams.Integrating, managing, fine-tuning, and automating application security toolsets and practices to enable DevSecOps.What will you bring?To grow and be successful in this role, you will ideally bring the following:
Required skills: Proven experience in performing penetration testing of various application types including web, web services, APIs, mobile, and thick client.Demonstrable proficiency in penetration testing in cloud (GCP, AWS) and container (Docker, Kubernetes & OpenShift) environments.Strong understanding of threats, vulnerabilities, risks, exploits, and associated security testing needed.Hands-on experience in all phases of penetration testing activity including scoping, testing, providing remediation guidance, reporting, and quality review.Experience in running through multiple exploitation scenarios as part of penetration testing activity.Experience in the execution of security testing using automated tools (dynamic application security testing tools) and manual techniques.Knowledge of APIs and integration patterns offered by the application security toolsets and their usage to facilitate integration and automation.Delivery of penetration testing activity as part of an agile delivery model and to support DevSecOps.Strong communication, presentation, and stakeholder management skills.Excellent consulting skills with the ability to communicate clearly to developers and senior management at the expected level.A desire to continuously learn new techniques/technologies and bring innovative ideas into the squad.Lead penetration testing activity and the ability to motivate, mentor individuals within the team and show genuine interest in their career development. #J-18808-Ljbffr