Security Engineer Penetration Testing
تفاصيل الوظيفة
About Us At ANZ, we're applying new ways technology and data can be harnessed as we work towards a common goal: to improve the financial wellbeing and sustainability of our millions of customers. About the Role The mission of the Penetration Testing squad is to keep ANZ safe through the active identification of cyber security threat within the systems and/or services that are used or the applications that are developed. As a Senior Security Engineer in Penetration Testing squad you will deliver security and penetration testing activities across ANZ Plus applications and systems. Additionally, your background in automation and integration of application security toolset within the enterprise CI/CD pipeline will enable ongoing improvements to DevSecOps framework and help maintain the application security toolset and the platform. Banking is changing and we’re changing with it, giving our people great opportunities to try new things, learn and grow. Whatever your role at ANZ, you’ll be building your future, while helping to build ours. Role Type : Permanent Role Location : Bengaluru Position Title : Senior Security Engineer (Penetration Testing Engineer) Work Hours : Regular Shifts (Hybrid/Blended) What will your day look like?
- A team player who exemplifies the we only win if we all win mantra. You will recognise and value the different perspectives and skills other squad members bring and keen to contribute to the successful delivery of our mission.
- The customer’s biggest fan by demonstrating a thirst for better understanding the customer, understanding the requirement, helping them to define the approach and deliver the right outcome.
- A collaboration champion who works closely with technology and business stakeholders and champion the sharing of lessons learnt across teams.
- Comfortable being uncomfortable with uncertainty and have the ability to effectively manage myself through ambiguity by creating meaningful relationships with stakeholders and peers.
- Continuous improvement junkie by constructively challenging the status quo and passionately advocate continuous improvement by looking for opportunities to find better ways of doing things.
- Committed to my own and other’s growth by identifying areas for development, seeking feedback and providing feedback to others to help them learn and grow.
- A problem solver who is energised by tackling complex problems. I use my critical thinking, network, skills, knowledge, and available data to drive better outcomes for our customers and the bank
- Commercially and Tech curious of emerging trends and innovations and thinking of ways that this knowledge can better inform our decisions and actions.
- Proven experience in performing penetration testing of various application types including web, web services, APIs, mobile and thick client.
- Demonstrable proficiency of penetration testing in cloud (GCP, AWS) and container (Docker, Kubernetes & OpenShift) space
- Strong understanding of threats, vulnerabilities, risks, exploits and associated security testing
- Hands-on experience in all the phases of penetration testing activity including scoping, testing, providing remediation guidance, reporting and quality review
- Experience in running through multiple exploitation scenarios as part of penetration testing activity
- Experience in the execution of security testing using automated tools (dynamic application security testing tools) and manual techniques
- Applied knowledge of APIs and integration patterns offered by the application security toolsets and its usage to facilitate integration and automation
- Delivery of penetration testing activity as part of an agile delivery model and to support DevSecOps
- Strong communication, presentation, and stakeholder management skills
- Excellent consulting skills with the ability to communicate clearly to developers and senior management at the expected level
- A desire to continuously learn new techniques / technologies and bring innovative ideas into the squad
- Lead penetration testing activity and ability to motivate, mentor individuals within the team and show genuine interest in their career development
- Experience in facilitating DevSecOps and integrating application security toolsets within CI/CD pipeline at an enterprise level including DAST, SAST, SCA
- Maintain application security toolsets deployed enterprise wide including upgrade of toolset and platforms, maintaining the database used by these toolsets
- Security Penetration Testing qualification such as GPEN, OSCP
- Familiar with collaboration tools such as Atlassian.
Apply safely
To stay safe in your job search, information on common scams and to get free expert advice, we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organization working to combat job scams.