Red Team Security Analyst

Employment Type Permanent Closing Date 25 Nov :59pm Job Title Red Team Security Analyst Job Summary As a Security Analysis - Analyst, you play a critical role in ensuring that Telstra provides an industry leading secure ecosystem for employees and customers. You draw on your expertise and experience in cyber security and technology and use leading-edge practices to identify, anticipate, respond to and resolve security threats. Working in a specialised team you use your subject matter expertise to be a collaborative partner and trusted advisor to our employees, partners and customers. The work you do underpins Telstra’s competitive advantage and ability to provide a superior customer experience. Job Description Who We Are We're an iconic Aussie brand with a global footprint. Our purpose is to build a connected future so everyone can thrive. We're all about providing the best experience and delivering the best tech on the best network. This includes making Telstra the place you want to work. For you, that means a having career that grows with you and working with a team powered by human connection that prioritises wellbeing and choice. What We Offer Performance-related pay Access to thousands of learning programs so you can level-up Global presence across 22 countries; opportunities to work where we do business. Purchased annual leave scheme Additional Telstra day off Additional 30% off Telstra products and services Toolkit provided (laptop + mobile phone + plan paid for) What You’ll Do Global Networks & Technology - Security & Operations is responsible for Telstra's security and operations, protecting Telstra's assets and infrastructure. Your key responsibilities and major tasks include, but are not limited to: Assisting in finding and choosing high-value Telstra targets and identifying any associated business risks. Conducting extensive reconnaissance to gather intelligence on Telstra targets and analysing the best ways to achieve set objectives. Planning, scoping, and gaining business approval for red and purple team engagements, including the development of customised code, malware, and exploit kits as necessary. Executing the plan to exploit vulnerabilities and gain access to the target environment, securing persistent access, moving across target infrastructure, and identifying other valuable assets. Writing up comprehensive documentation of end-to-end Red and Purple team engagements, assessing the effectiveness of current security controls, highlighting necessary business actions, and making recommendations in areas such as people, process, and technology. Continuous development and research of evolving exploits, tools and capabilities relevant to the Red and Purple Team’s work. Working with relevant stakeholders (eg blue and risk teams, product owners, and developers) to communicate findings and consult on remediation where necessary. About You Strong penetration testing or Red/ Purple Team experience. Hands-on experience with current offensive tools and techniques, with a strong focus on Windows and Linux enterprise environments. Ability to consume technical and solution architectural documents to identify potential vulnerabilities in new and existing systems. Proficiency in at least one programming language, Python/C#/C++ preferred, with a strong focus on tool/exploit development or reverse engineering. Exhibit strong analytical and problem-solving skills. Excellent written and verbal communication (ability to write clear reports and communicate findings). Web application/API/cloud hacking – identifying vulnerabilities in remote services through to exploitation. Proficient in research and analysis. Comfortable tackling an unfamiliar topic head-on/ willingness to learn new skills. Knowledge of social engineering techniques and practices. Experience reviewing security technical controls and understanding/developing bypasses. Active community participation/self-development (CTF participation/blog authorship/tool development/relevant certifications (OSCP etc)/conference participation etc.) We're amongst the top 2% of companies globally in the CDP Global Climate Change Index 2023, being awarded an 'A' rating. If you want to work for a company that cares about sustainability, we want to hear from you. As part of your application with Telstra, you may receive communications from us on +************** (for job applications in Australia) and +**************** (for job applications in the Philippines and India). When you join our team, you become part of a welcoming and inclusive community where everyone is respected, valued and celebrated. We actively seek individuals from various backgrounds, ethnicities, genders and disabilities because we know that diversity not only strengthens our team but also enriches our work. We have zero tolerance for harassment of any kind, and we prioritise creating a workplace culture where everyone is safe and can thrive. As part of the hiring process, all identified candidates will undergo a background check, and the results will play a role in the final decision regarding your application. We work flexibly at Telstra. Talk to us about what flexibility means to you. When you apply, you can share your pronouns and / or any reasonable adjustments needed to take part equitably during the recruitment process. We are aware of current limitations with our website accessibility and are working towards improving this. Should you experience any issues accessing information or the application form, and require this in an alternate format, please contact our Talent Acquisition team on ******************************************* or via the additional contact options found at *******************************************************************************