Your role

CommBank continuously deploys and enhances its innovative technology solutions to enable excellent customer service. Our talented Cyber Security teams are deployed globally to provide around-the-clock protection for these solutions, keeping our customers and communities safe.

The Red Team (within the Cyber Defence Operations department) performs all CBA’s red teaming requirements (including oversight of external red teaming regulatory requirements). The function's remit spans all facets of offensive security (web app testing, infrastructure testing, mobile testing, new-to-market research, coding, offensive techniques, code review, rapid prototyping, governance of external red teaming) but also the nuances of a consulting-based role where the team is invited to comment on approaches, techniques, approach and strategy of cyber more broadly.

The Red Team in CBA is one of the most experienced in the industry and employs individuals with long offensive expertise and profound technical capability. This trusted brand extends into necessary deliverable and communication skillsets as the team is invited to provide trusted advice at all levels of leadership.

Red Team members should have deep technical offensive cyber knowledge, proven experience in working in offensive teams, strong communication and process skills, knowledge of industry red team best practices, advanced risk management skills, and the drive to impart positive risk change across the Bank (with the awareness and experience of how to impact positive risk change).

Do work that matters

Deep dive into complex technical problems using your creativity and reasoning. Think like an experienced attacker to find critical weaknesses ahead of the adversary. Perform real-world style attacks. Build sophisticated offensive security capabilities to demonstrate your findings. Be recognised as a trusted and professional source of truth for the business.

Your responsibilities

• Perform self-directed long- and short-term Red Team operations against the Group, targeting weaknesses in People, Processes, and Technology.
• Perform real-world attacks as attackers would, emulating TTPs in order to test and develop the Group’s security posture.
• Research novel attack techniques and scenarios, execute them with a high degree of fidelity, and demonstrate them to your peers.
• Deep dive sharing of specialist technical and non-technical red teaming knowledge with various audiences.
• Handle complex weaknesses concerning system resilience, privacy, customer and employee data, relevant laws, etc. with flawless sensitivity.
• Represent Group views on cyber-attack and security testing with software vendors and other stakeholders.
• Execute expert-level research and self-support skills in investigating and leveraging new attacker techniques.
• Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement.

What you will need to succeed

• A strong sense of ownership and professionalism in your work.
• A profound understanding of and demonstrable ability to find and exploit vulnerabilities in order to achieve defined objectives.
• A solid moral compass, a developed sense of when to ask “should we?”, and impeccable trustworthiness.
• The ability to work effectively with both highly technical team members and non-technical business stakeholders, occasionally and including in high-pressure scenarios.
• Ability to communicate complicated security research or findings to all levels of stakeholders, enabling the business to drive effective risk behaviours.
• Effective written communication skills enable you to deliver and contextualise your complex findings across all levels of leadership, both internally and externally.
• Relevant SANS, Offensive Security and other industry-recognised offensive certifications are highly desirable.
• Experience in developing hacking tools, security research, advisories, and presentations is an advantage.
• Experience in an offensive team for at least five years.

We are looking for a talented Red Team professional who is ready to step into a highly skilled, highly performing team and hit the ground running.

We are currently assessing candidates from Sydney and Melbourne regions.

Advertising End Date: 26/09/2024