Senior Penetration Tester

Organization: At CommBank, we never lose sight of the role we play in other people's financial wellbeing. Our focus is to help people and businesses move forward to progress. To make the right financial decisions and achieve their dreams, targets, and aspirations. Regardless of where you work within our organisation, your initiative, talent, ideas, and energy all contribute to the impact that we can make with our work. Together we can achieve great things.

Job Title: Senior Penetration Tester
Location: Bangalore-Manyata Tech Park
 

Business & Team: The Cyber Security Team protects the bank and our customers from theft, losses and risk events through effective and proactive management of cyber security, privacy and operational risk.

The Security Testing Centre of Excellence (COE) conducts simulated cyber-attacks to ensure systems are safe, sound, and secure by performing security assessments of the Group's technology. This ensures our applications and infrastructure are adequately robust to resist cyber-attacks. Our work seeks to identify security weaknesses using real-world attack scenarios and provide recommendations to assist remediation efforts.

Impact &contribution:

You will lead and perform technical penetration testing activities designed to ensure the bank maintains its risk and security posture at desired levels. You will communicate security issues to both technical and non-technical stakeholders and provide subject-matter expertise across business units. You will mentor junior team members and contribute to the development of innovative solutions to complex technical challenges. This role reports directly to a Centre within the Penetration Testing team.

Roles & responsibilities:

• Lead and conduct security assessments including (but not limited to) web applications, infrastructure, networks, cloud (especially AWS), SaaS, LLM, and mobile applications
• Coordinate small squads of testers in delivering a large programme of testing engagements, using agile methodologies to track progress, and to resolve blockers.
• Carry out scoping and planning activities to determine components to be tested, approach, methodologies, and appropriate levels of test rigour
• Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities to demonstrate business impact and articulate risk.
• Report results of testing and their implications to stakeholders including suppliers, project owners, product crews, and leadership
• Provide technical mentorship and guidance to junior staff
• Maintain awareness of advancements in attack techniques, hardware, software, and other technologies and their implications. Develop new testing methodologies and techniques, contributing to the penetration testing craft across the CoE.
• Ensure all tasks align with internal policies and external regulatory requirements

Essential skills:

• 8+ years of IT Engineering experience.
• Expert-level understanding of vulnerability identification and penetration testing methodologies
• Deep knowledge of software exploitation, security principles, and secure design, with experience conducting penetration testing safely in critical infrastructure environments
• Advanced industry accreditations such as Offensive Security Certified Professional (OSCP), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), or similar are desirable
• Experience in incorporating a broad range of automated tools tools such as Kali Linux, Burp Suite, Metasploit, and others to expand test coverage .
• Ability to develop or recommend analytic approaches to novel problems
• Ability to communicate complex information clearly and confidently
• Tertiary qualifications in Software Engineering, Computer Science, Cyber Security, or a related discipline
• Membership or participation in relevant industry associations

Education Qualification: Bachelor's degree or master's degree in engineering in Computer Science/Information Technology.

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We're keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on