Security (Information & Communication Technology)Government - Federal (Government & Defence)Full timeDo work that makes a differenceThis is an exciting opportunity to work in a highly mature cyber security team. This role sits within the Assessments and Testing team in the Bank's IT security services. As part of the role, you will be working closely with a wide variety of stakeholders, liaising with project and technical teams to organise and undertake security testing against the Bank's network, perimeter, applications, and systems to identify vulnerabilities and minimise security risks for the Bank against current and emerging threats.The key aspect of this role will be to undertake regular and ad-hoc penetration testing across RBA applications and infrastructure. As part of this role, you will:Be responsible for discovering vulnerabilities in a variety of systems including web application, infrastructure, mobile and wireless systemsProvide reports outlining identified vulnerabilities and present recommendations to IT and business teamsDedicate time to vulnerability research on certain high-value applications or systemsBe given opportunities to help participate in red team exercises to identify gaps in people, processes, and technologiesEngage in purple teaming activities to ensure the Banks cyber posture can defend against relevant threatsYour teamYou will work with a team of incredibly smart people, who are very passionate about security. It is a challenging, fast paced, and team-oriented environment with a great culture.Your backgroundWe are looking for someone who has strong experience in Network/Application penetration testing along with experience in presenting the identified vulnerabilities and recommendations to stakeholders at various levels effectively. Additionally, experience performing red/purple teaming engagements will be highly desirable.To be successful in this critical role you will possess:Experience performing a broad range of penetration testing (network, web application, mobile etc.)Knowledge of information security principles and practices, and industry standards such as CORIE, ASD's Essential Eight, and ISMIn-depth knowledge of common offensive security tools (Burp Suite, Cobalt Strike, Metasploit)Comfortable programming in at least 1 language (Java, C#, Python) and knowledge of secure coding practicesAbility to present technical concepts to non-technical stakeholders and explain risk in a business contextExperience in conducting red/purple team engagements is beneficial but not requiredYour development & careerWorking for an organisation that truly makes a difference to the Australian people, we can offer development and career opportunities in a collaborative environment that supports people's growth, well-being, and promotes flexibility.
#J-18808-Ljbffr