Principal Penetration Tester

Your Role

The Cyber Security Team protects the bank and our customers from theft, losses and risk events through effective and proactive management of cyber security, privacy and operational risk.

The Product Security Chapter conducts simulated cyber-attacks to ensure systems are safe, sound, and secure by performing security assessments of the Group's technology. This ensures our applications and infrastructure are adequately robust to resist cyber-attacks. Our work seeks to identify security weaknesses using real-world attack scenarios and provide recommendations to assist remediation efforts.

Do Work That Matters

You will lead and perform technical penetration testing activities designed to ensure the bank maintains its risk and security posture at desired levels. You will communicate security issues to both technical and non-technical stakeholders and provide subject-matter expertise across business units. You will mentor team members and contribute to the development of innovative solutions to complex technical challenges. This role reports directly to Chapter Lead aligned to the Chief Technology Office.

Your Responsibilities

• Lead and conduct penetration testing and security testing including (but not limited to) web applications, infrastructure, networks, cloud (especially AWS), SaaS, LLM, Hardware and mobile applications.
• Develop Security Testing plans for business units. Coordinate squads of testers in delivering a large programme of testing engagements, using agile methodologies to track progress, and to resolve blockers.
• Carry out scoping and planning activities to determine components to be tested, approach, methodologies, and appropriate levels of test rigour
• Create comprehensive exploitation strategies that identify exploitable technical or operational vulnerabilities to demonstrate business impact and articulate risk.
• Report results of testing and their implications to stakeholders including suppliers, project owners, product crews, and leadership
• Drive advancements in attack techniques, hardware, software, and other technologies and their implications. Develop new testing methodologies and techniques, contributing to the penetration testing craft.  Provide technical mentorship and guidance to other team members.
• Mentor team members .
• Ensure all tasks align with internal policies and external regulatory requirements

What You Will Need to Succeed

• Expert-level understanding of vulnerability identification and penetration testing methodologies
• Deep knowledge of software exploitation, security principles, and secure design, with experience conducting penetration testing safely in critical infrastructure environments
• Advanced industry accreditations such as Offensive Security Certified Professional (OSCP), GIAC Exploit Researcher and Advanced Penetration Tester (GXPN), or similar are desirable
• Experience in incorporating a broad range of automated tools such as Kali Linux, Burp Suite, Metasploit, and others to expand test coverage.
• Experience in vulnerability research, developing security testing tools and methodologies.
• Ability to develop or recommend analytic approaches to novel problems
• Ability to communicate complex information clearly and confidently
• Tertiary qualifications in Software Engineering, Computer Science, Cyber Security, or a related discipline
• Membership or participation in relevant industry associations

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We're keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on