Your role
CommBank continuously deploys and enhances its innovative technology solutions to enable excellent customer service. Our talented Cyber Security teams are deployed globally to provide around-the-clock protection for these solutions, keeping our customers and communities safe.

The Software Exploitation team (within the Cyber Defence Operations department) performs deeper software-based security analysis of COTS and SaaS products that CBA is deploying to outpace the threat of sophisticated hackers. The function's remit includes not only software exploitation but also research into new attacker techniques and the coding/development of tools to aid other cyber teams.

We regularly find vulnerabilities (including 0-day) in important software and assist in driving remediation across the organisation by providing trusted advice at all levels of leadership. We design and build exciting new offensive security capabilities to enable CommBank’s best-of-breed red teaming activities, and you will be working closely with some of the best ethical hackers in the country.

Do work that matters
Deep dive into complex technical problems using your creativity and reasoning. Think like an experienced attacker to find critical weaknesses ahead of the adversary. Build sophisticated offensive security capabilities to demonstrate your findings. Be recognised as a trusted and professional source of truth for the business.

Your responsibilities

• Undertake specialist software security research and complex vulnerability evaluation activities.
• Develop sophisticated software vulnerability exploits and offensive security tools, utilising a wide range of development languages/stacks/toolings.
• Deep dive sharing of specialist technical and non-technical software vulnerability knowledge with various audiences.
• Handle complex weaknesses concerning system resilience, privacy, customer and employee data, relevant laws, etc. with flawless sensitivity.
• Represent Group views on cyber-attack and security testing with software vendors and other stakeholders.
• Execute expert-level research and self-support skills in investigating new attacker techniques.

What you will need to succeed

• A curious mind, constant learning attitude and out-of-the-box thinking,
• A profound understanding of, and demonstrable ability to find and exploit vulnerabilities in both closed and open-source software,
• Effective written communication skills enable you to deliver and contextualise your complex findings across all levels of leadership, both internally and externally,
• The ability to work effectively with both highly technical team members and non-technical business stakeholders, occasionally and including in high-pressure scenarios,
• A solid moral compass, a developed sense of when to ask “but should we?”, and impeccable trustworthiness.
• At least seven years in the cyber security industry with demonstrable ‘trust’ based positions
• Ability to communicate complicated security research or findings to all levels of stakeholders, enabling the business to drive effective risk behaviours.

We are looking for a talented software exploitation professional who is ready to hit the ground running. We recognise your unique worth! Do not expect to have to explain the finer points of your CV or be the best at sales techniques in interviews. Do expect to be quizzed on your offensive security knowledge, exploit development experience and coding skills.

We support and promote a diverse and flexible working environment.  

Please note: Background vetting is a regulated requirement to fill this ‘high security’ role. Vetting includes validation of education/employment history and a criminal records check.

Advertising End Date: 19/08/2025