ANZ Banking Group LimitedANZ offers a range of personal banking services such as internet banking, bank accounts, credit cards, home loans, personal loans, travel and international, investment and insurance. Learn about easy and secure ways to manage your money.At ANZ, we're applying new ways technology and data can be harnessed as we work towards a common goal: to improve the financial wellbeing and sustainability of our millions of customers.Our community of over 5,000 engineers is key to making this happen, because technology underpins every part of our business - from delivering tools, apps and services for our customers, to building a bank for the future.About the RoleThe mission of Penetration Testing squad is to keep ANZ safe through the active identification of cyber security threats within the systems and/or services that are used or the applications that are developed.As an Engineer in Penetration Testing squad, drive ANZ's information security efforts by providing Subject Matter Expertise in delivering security and penetration testing activities of applications and systems across the enterprise. In addition, this role will also assist in automation and integration of application security toolset within the enterprise CI/CD pipeline to enable DevSecOps and to maintain the application security toolset and the platform.What will your day look like?As a Senior Security Engineer, you will support application security services to increase delivery speed in a secure manner. You will utilise various tools and practices to secure solutions in the most efficient ways, enhancing tech division capabilities and enabling DevSecOps across the enterprise.As a Senior Security Engineer, you will drive ANZ's information security efforts by providing Subject Matter Expertise and collaborate with engineering teams for:Delivering application security services covering security code review, software composition analysis and security trainingAssessing tools outputs, reviewing code/configuration, and providing guidance on security vulnerabilities and remediation controls to the application development teamsIntegrating, managing, fine tuning and automating application security toolset and practices to enable DevSecOpsWhat will you bring?To grow and be successful in this role, you will ideally bring the following:Required skills:Proven experience in performing penetration testing of various application types including web, web services, APIs, mobile and thick client.Demonstrable proficiency of penetration testing in cloud (GCP, AWS) and container (Docker, Kubernetes & OpenShift) spaceStrong understanding of threats, vulnerabilities, risks, exploits and associated security testing neededHands-on experience in all the phases of penetration testing activity including scoping, testing, providing remediation guidance, reporting and quality reviewExperience in running through multiple exploitation scenarios as part of penetration testing activityExperience in the execution of security testing using automated tools (dynamic application security testing tools) and manual techniquesKnowledge of APIs and integration patterns offered by the application security toolsets and its usage to facilitate integration and automationDelivery of penetration testing activity as part of an agile delivery model and to support DevSecOpsStrong communication, presentation, and stakeholder management skillsExcellent consulting skills with the ability to communicate clearly to developers and senior management at the expected levelA desire to continuously learn new techniques / technologies and bring innovative ideas into the squadLead penetration testing activity and ability to motivate, mentor individuals within the team and show genuine interest in their career developmentJob Posting End DateFind even more open roles below ordered by popularity of job title or skills/products/technologies used.
#J-18808-Ljbffr