ANZ - Security Engineer - Penetration Testing (7-8 yrs)

About Us :

At ANZ, we're applying new ways technology and data can be harnessed as we work towards a common goal: to improve the financial wellbeing and sustainability of our millions of customers.

About the Role :

The mission of the Penetration Testing squad is to keep ANZ safe through the active identification of cyber security threat within the systems and/or services that are used or the applications that are developed.

As a Senior Security Engineer in Penetration Testing squad you will deliver security and penetration testing activities across ANZ Plus applications and systems.

Additionally, your background in automation and integration of application security toolset within the enterprise CI/CD pipeline will enable ongoing improvements to DevSecOps framework and help maintain the application security toolset and the platform.

Banking is changing and we're changing with it, giving our people great opportunities to try new things, learn and grow.

Whatever your role at ANZ, you'll be building your future, while helping to build ours.

Role Type : Permanent.

Role Location : Bengaluru.

Position Title : Senior Security Engineer (Penetration Testing Engineer).

Work Hours : Regular Shifts (Hybrid/Blended).

What will your day look like ?

- A team player who exemplifies the we only win if we all win mantra.

- You will recognise and value the different perspectives and skills other squad members bring and keen to contribute to the successful delivery of our mission.

- The customer's biggest fan by demonstrating a thirst for better understanding the customer, understanding the requirement, helping them to define the approach and deliver the right outcome.

- A collaboration champion who works closely with technology and business stakeholders and champion the sharing of lessons learnt across teams.

- Comfortable being uncomfortable with uncertainty and have the ability to effectively manage myself through ambiguity by creating meaningful relationships with stakeholders and peers.

- Continuous improvement junkie by constructively challenging the status quo and passionately advocate continuous improvement by looking for opportunities to find better ways of doing things.

- Committed to my own and other's growth by identifying areas for development, seeking feedback and providing feedback to others to help them learn and grow.

- A problem solver who is energised by tackling complex problems.

- Use my critical thinking, network, skills, knowledge, and available data to drive better outcomes for our customers and the bank.

- Commercially and Tech curious of emerging trends and innovations and thinking of ways that this knowledge can better inform our decisions and actions.

What will you bring ?

- Proven experience in performing penetration testing of various application types including web, web services, APIs, mobile and thick client.

- Demonstrable proficiency of penetration testing in cloud (GCP, AWS) and container (Docker, Kubernetes & OpenShift) space.

- Strong understanding of threats, vulnerabilities, risks, exploits and associated security testing.

- Hands-on experience in all the phases of penetration testing activity including scoping, testing, providing remediation guidance, reporting and quality review.

- Experience in running through multiple exploitation scenarios as part of penetration testing activity.

- Experience in the execution of security testing using automated tools (dynamic application security testing tools) and manual techniques.

- Applied knowledge of APIs and integration patterns offered by the application security toolsets and its usage to facilitate integration and automation.

- Delivery of penetration testing activity as part of an agile delivery model and to support DevSecOps.

- Strong communication, presentation, and stakeholder management skills.

- Excellent consulting skills with the ability to communicate clearly to developers and senior management at the expected level.

- A desire to continuously learn new techniques / technologies and bring innovative ideas into the squad.

- Lead penetration testing activity and ability to motivate, mentor individuals within the team and show genuine interest in their career development.

Desired Skills :

- Experience in facilitating DevSecOps and integrating application security toolsets within CI/CD pipeline at an enterprise level including DAST, SAST, SCA.

- Maintain application security toolsets deployed enterprise wide including upgrade of toolset and platforms, maintaining the database used by these toolsets.

- Security Penetration Testing qualification such as GPEN, OSCP.

- Familiar with collaboration tools such as Atlassian.

So why join us ?

ANZ is a place where big things happen as we work together to provide banking and financial services across more than 30 markets.

With more than 7,500 people, our Bengaluru team is the bank's largest technology, data and operations centre outside Australia.

In operation for over 33 years, the centre is critical in delivering the bank's strategy and making an impact for our millions of customers around the world.

Our Bengaluru team not only drives the transformation initiatives of the bank, it also drives a culture that makes ANZ a great place to be.

We're proud that people feel they can be themselves at ANZ and 90 percent of our people feel they belong.

We know our people need different things to be great in their role, so we offer a range of flexible working options, including hybrid work (where the role allows it).

Our people also enjoy a range of benefits including access to health and wellbeing services.

We want to continue building a diverse workplace and welcome applications from everyone.

Please talk to us about any adjustments you may require to our recruitment process or the role itself.

If you are a candidate with a disability or access requirements, let us know how we can provide you with additional support.