Specialist, Offensive Security Assessment

READY FOR ANYTHING

At IAG, we live and work by our purpose to make your world a safer place. We are motivated by a unique culture that celebrates honesty, creativity, empathy, equity and collaboration. We call it the IAG way, and it means we all share a ‘ready for anything’ mindset that sets the tone for positive actions and positive outcomes. We put heart into everything we do which guides us to create amazing things for our customers, our people and our communities.

As the largest general insurance group in Australia and New Zealand, we own some of the region’s most trusted brands, including NRMA Insurance, CGU, SGIO, SGIC and WFI. We are ready for anything.

The Role

We currently have an exciting permanent, full time opportunity for a Specialist, Offensive Security Assessment to join our Cyber Security, Group Risk team. In this role you will manage, oversee and improve Governance & Systems of the Group’s budget and forecasting processes that enable the provision of insights to stakeholders regarding future financial performance.

To be successful in this role you will be someone who has a passion for cyber security with atleast 5+ years of relevant experience, able to prioritize risk by conducting tests, investigating, reporting finding and drive results. Someone who is willing to continually learn, possess technical aptitude, pays attention to detail. key to this role is, presentation of information and key findings to stakeholders and recommend appropriate solutions.

Key Responsibilities

Perform Infrastructure and Application Penetration Tests - ensure that new and existing systems comply with security requirements by conducting assurance reviews of systems and / or processes.

Manage Penetration Testing Reporting data - assist with framework implementation and ensure that projects have implemented mandated security controls prior to go-live. Validate and assist with the requirements of PCI or other mandatory legislative or regulated control requirements.

Process Improvement - identify practical improvements to processes that would improve agility and allow greater utilisation of self-service capabilities

Skills & Experience

Thorough understanding of Cloud and other Security Standards / Frameworks e.g. CSA CCM, NIST CSF, ISO 27001, PCI-DSS

Application development exposure in one or more of the following: PHP, Python, Rails, HTML, JavaScript, PowerShell

Knowledge of OWASP standards such as ASVS (Application Security Verification Standard) and CVSS (Common Vulnerability Scoring System), including the OWASP Testing Guide

Knowledge of PCI requirements including PCI penetration testing requirements

Experience of conducting Vulnerability Assessment and Penetration testing of Web Applications, API, Mobile and Network Infrastructure hosted on-premises and within cloud environments (e.g. AWS/Azure etc.)

Experience of working in SecDevOps environment or liaising with Development teams to gather security testing requirements and independently managing the execution of penetration tests as well as performing effort estimation

Working with Kali Linux environment, Android/IOS environment and have experience in installing/troubleshooting security tools and other OS related issues

Working experience in Nessus/Qualys, Burp Suite Pro, ZAP Proxy, Maltego, Wireshark, SQLMAP and other widely used security tools

Experience compiling and executing known public exploits using Metasploit or standalone exploits.

Ready for anything? Let’s talk.

IAG rewards and recognises its people with generous benefits, career development opportunities and real work-life balance. Employees also enjoy 13% superannuation, up to 50% insurance discounts, flexible work and leave options, generous parental leave and return to work programs, various corporate partner discounts and a people-focused culture that celebrates achievements big and small.

IAG has committed to the reconciliation movement in Australia for First Nations people and focus on providing a safe and supportive work environment for all our employees. More information on our Reconciliation Action Plan can be found on our company website.

At IAG, our purpose is to make your world a safer place. We are customer led and data driven and believe we have important responsibilities to enable the communities and people we service to be safer, stronger and more confident. In order to deliver on this purpose, we expect our people to demonstrate the IAG Way, take reasonable care for their Health & Safety and to celebrate and respect diversity in all its forms.

The purpose of this role is to help protect IAG and its subsidiaries physical, digital and information assets by performing penetration tests and other security related assessments. This role is in one of the critical teams in the Cyber Security Group. It is part of an elite team that is in huge demand across Australia. A major sophisticated cyber-attack against IAG could have a catastrophic impact on the bus