Principal Penetration Tester

Job Description

  • Work in one of the most advanced Cyber Security teams in Australia
  • Work across an extremely broad range of technologies, and many innovative projects and systems.
  • Flexible working options/remote working available

Your Team

The Technology division is responsible for the world leading application of technology and operations across every aspect of CommBank, from innovative product platforms for our customers to essential tools within our business. We also use technology to drive efficient and timely processing, an essential component of great customer service.

The Cyber Security Team, which protects the bank and our customers from theft, losses and risk events, through effective and proactive management of cyber security, privacy and operational risk.

The role is part of the Digital Assurance team, which is responsible for identification of exploitable vulnerabilities across our environments, keeping up with the ever changing threat landscape, and improving the Group’s security posture by demonstrating and helping fix significant security issues in the organisation’s applications and systems.

Do Work that Matters:

Perform complex attack testing activities, provide deep levels of technical knowledge in focus fields, and provide innovative solutions to difficult technical challenges.

Your responsibilities:

  • Lead, design, and deliver complex penetration testing engagements to assess and validate the security posture of bank systems.
  • Report results of testing to our customers, including project managers, service owners, developers and risk managers.
  • Take technical ownership of penetration testing for a business unit or multiple business units.
  • Maintain awareness of advancements in hardware and software technologies (e.g., attend training or conferences, reading) and their potential implications.
  • Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities.
  • Provide subject matter expertise to key stakeholders.
  • Have the flexibility to work on multiple projects as required.
  • Provide Product Security guidance on alternate methods of security assurance, such as AppSec practices, testing automation, etc.
  • Support team technical development through domain development or research and contribute to technical processes.
  • Provide coaching and mentoring to uplift team capability.

What you will need to succeed

  • Demonstrated experience in penetration testing across several of the following domains: web applications, mobile applications, infrastructure, networks, WiFi, cloud and container security, thick-clients applications, hardware and embedded systems, reverse engineering, POS terminals and ATMs, applied cryptography, block chain and smart contracts, etc.
  • Experience in communicating technical concepts to business audience of varying skills and expertise
  • Ability to work closely with system owners, developers, engineers and/or project teams to perform scoping, threat modelling, and penetration testing from start to finish
  • Maintain relevant industry certifications such as SANS or Offensive Security
  • Experience testing critical transactional systems in industries such finance and banking, government, and defense are highly desirable
  • Experience in developing hacking tools, security research, advisories and presentations is an advantage
  • Experience in proactively reducing vulnerabilities before code is deployed, including code review, vulnerability and dependency management.

The health and safety of our people, customers and communities is our number one priority. This means that we require all of our employees to be fully vaccinated against COVID-19. Please speak to us if you have any questions about this based on your individual circumstances.

If you’re already part of the Commonwealth Bank Group (including Bankwest), you’ll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.

We’re aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.

Advertising End Date: 06/09/2022


Whether you’re passionate about customer service, driven by data, or called by creativity, a career with CommBank is for you. 

Our people bring their diverse backgrounds and unique perspectives to build a respectful, inclusive and flexible workplace. One where we’re driven by our values, and supported to share ideas, initiatives, and energy. One where making a positive impact for customers, communities and each other is part of our every day.

Here, you’ll thrive. You’ll be supported when faced with challenges, and empowered to tackle new opportunities. We really love working here, and we think you will too.