Exposure to diverse technologies and applications Opportunity to perform purple team engagements Do work that makes a difference This is an exciting chance to work in a highly mature cyber security team.
This role sits within the Assessments and Testing team in the Bank's IT security services.
As part of the role, you will be working closely with a wide variety of stakeholders, liaising with project and technical teams to organise and undertake security testing against the Bank's network, perimeter, applications, and systems to identify vulnerabilities and minimise security risks for the Bank against current and emerging threats.The key aspect of this role will be to undertake regular and ad-hoc penetration testing across RBA applications and infrastructure.
As part of this role, you will: Be responsible for discovering vulnerabilities in a variety of systems including web application, infrastructure, mobile and wireless systems Provide reports outlining identified vulnerabilities and present recommendations to IT and business teams Dedicate time to vulnerability research on certain high-value applications or systems Engage in purple teaming activities to ensure the Banks cyber posture can defend against relevant threats Your team You will work with a team of incredibly smart people, who are very passionate about security.
It is a challenging, fast paced, and team-oriented environment with a great culture.
Your background We are looking for someone who has strong experience in Network/Application penetration testing along with experience in presenting the identified vulnerabilities and recommendations to stakeholders at various levels effectively.
Additionally, experience performing red/purple teaming engagements will be highly desirable.To be successful in this critical role you will possess: Experience performing a broad range of penetration testing (network, web application, mobile etc.) Knowledge of information security principles and practices, and industry standards such as CORIE, ASD's Essential Eight, and ISM In-depth knowledge of common offensive security tools (Burp Suite, Cobalt Strike, Metasploit) Comfortable programming in at least 1 language (Java, C#, Python) and knowledge of secure coding practices Ability to present technical concepts to non-technical stakeholders and explain risk in a business context Experience in conducting red/purple team engagements is beneficial but not required Your development & career Working for an organisation that truly makes a difference to the Australian people, we can offer development and career opportunities in a collaborative environment that supports people's growth, well-being, and promotes flexibility.Application Close :October 24, 2025.
Required Skill Profession
I.t. & Communications