Engineer - Cyber Defence - Penetration Testing

Melbourne, Victoria, Australia
21 Mar 2019
28 Mar 2019
Job role
First a bit about ANZ

At ANZ, everything we do boils down to ‘why’ – our purpose – to shape a world where people and communities thrive. We're just as focused on seeing our people thrive as well as our customers. We'll give you every opportunity to develop your career.
We are responding faster to changing customer requirements, focusing on the things that matter the most, energising our people, eliminating waste and reducing bureaucracy.
ANZ has started to move to a new way of working, leveraging agile practices. To understand more about this new way of working and if this role is right for you, we strongly encourage you to take a look at The ANZ Way vimeo channel where you’ll find The ANZ Way animation and the New Ways of Working animation.

Your team’s mission?

The mission of Penetration Testing squad is to keep ANZ safe through the active identification of cyber security threat within the systems and/or services that are used or the applications that are developed.

As an Engineer in Penetration Testing squad, drive ANZ's information security efforts by providing Subject Matter Expertise in integration of application security toolset within the enterprise CI/CD pipeline, automation of application security activities to enable DevSecOps across the enterprise. In addition, this role will also help to maintain the application security toolset and the platform so that it is up-to-date with versions and patch levels and also is scalable enterprise wide.

You’ll help to deliver this by bringing the following skillset/experiences:
  • Years of experience in working on multiple CI/CD environment as well as integration and automation of application security toolset
  • Strong communication and presentation skills
  • A desire to continuously learn new techniques / technologies and bring innovative ideas into the squad
  • Excellent consulting skills with the ability to communicate clearly to developers and senior management at the expected level.

Good to Have:
  • Experience in integrating application security toolsets within the application CI/CD pipeline at an enterprise level including,
    • Dynamic Application Security Testing toolset
    • Static Application Security Testing/Security code scanning toolset (Example: Fortify, Checkmarx)
    • Software composition/open source library analysis toolset (Example: Black Duck)
  • Experience in implementing an automated process for application security services in-line with the agile development process and to facilitate DevSecOps
  • Experience in the execution of application penetration testing using automated tools (dynamic application security testing tools) and manual techniques
  • Maintain application security toolsets deployed enterprise wide including upgrade of toolset and platforms, maintaining the database used by these toolsets
  • Knowledge of APIs and integration patterns offered by the application security toolsets and it’s usage to facilitate integration and automation

  • Experience in the various enterprise level Continuous Integration (CI) / Continuous Development (CD) environment
  • Security Penetration Testing qualification such as GPEN, OSCP are advantage but not mandatory.
  • Familiar with collaboration tools such as Atlassian.

At ANZ we aim to create an inclusive environment where employee differences such as gender, age, culture, disability, sexual orientation, family and caring responsibilities and religion are valued.
We work flexibly at ANZ. Talk to us and let us know how this role can be flexible for you.