Penetration Tester

  • Job Number: JR-10028796
  • Employment Type: Permanent Full Time
  • Location: VIC: Melbourne, NSW: Australia (Flexible) or NSW: Sydney
  • Opening date: 13/01/2021 12:00 AM AEST
  • Closing date: 27/01/2021 11:59 PM AEST
  • Applications close in: 11 days time

We're on a mission to redesign the way we all connect, and fundamentally change the nature of telecommunication products and services in Australia, and across the region.

The work we do empowers the lives of millions of people around the world. Together, we're creating a bold, new Telstra that will continue to lead the market both now and into the future. At Telstra, what you do matters.

Our Networks & IT team
With our world-class network covering the Australian population and connecting businesses internationally, you’ll have exposure to exciting innovations in the IT industry, including cloud computing, IoT, and virtualisation.
 

As technologies advance, so will your career which means an agile approach will be critical to your success.

The role with us
The Penetration Tester’s primary focus is to perform penetration tests and vulnerability assessments across a variety of domains and technologies, in order to reveal vulnerabilities or lapses in the existing systems or security mechanisms

What you'll work on
In alignment with Telstra’s Cyber Security Strategy, this role will focus on performing penetration tests and vulnerability assessments; as well as operation and consultative advice across a range of security testing tools.

This role will be responsible for delivering both vulnerability assessments and penetration tests, as well as provide advice and technical knowledge to improvements of tooling and automation capon abilities.
 

The role will need to draw capabilities from the broader Security Architecture, Design & Assessment Services practice to help identify and resolve root cause issues to minimise opportunity for repeat findings
 

Key responsibilities

  • Identify security vulnerabilities by generating various attack scenarios for target systems to enable development of countermeasures for identified security vulnerabilities
  • Conduct authorised penetration testing of systems and utilise a suite of network monitoring and vulnerability scanning tools to expose threats, vulnerabilities and potential attack vectors in a system
  • Execute vulnerability scans, document and interpret results to identify security lapses in the system
  • Identify security lapses in the system or security mechanisms, based on issues documented from vulnerability scan and penetration test results
  • Identify and record evidence of controls which are inadequate or not duly enforced
  • Conduct research on threat actors, their techniques and ways in which vulnerabilities in security systems can be exploited

Additional information:

  • Provide input into Telstra’s Vulnerability Assessment and Penetration Testing processes, methodologies and standards, including corresponding roadmaps and enhancement plans
  • Provide technical input into the development of automation across security testing tools
  • Contribute to the improvement of security strategy, standards and frameworks being developed by the broader Security Architecture, Design and Assessment services team to ensure security testing needs and the automation agenda is incorporated
  • Identify and effectively translate identified security vulnerabilities into business risks for communication to business stakeholders in a timely manner - harvesting and harmonising insights and context from the broader Security Architecture, Design and Assessment Services team as required
  • Take a pragmatic approach to security testing activities, achieving a practical balance between business objective, standards alignment, cost, time and corresponding risk considerations.

About you
To be successful in the role, you'll bring skills and experience in:-
 

Essential
 

  • Experience in performing Vulnerability Assessments and Penetration Testing across the following domains:
    • Web Applications
    • Infrastructure
    • Web Services, such as API’s
    • Mobile Applications
    • Hardware, such as CPE and IOT devices
  • Exposure to a variety of software delivery models, such as DevOps and Waterfall
  • Experience in automated security assessment tools, such as Qualys, Nessus and AquaSec
  • Experience in interpreting policy, standards and requirements
  • Experience in creating technical reports, and executive reports from highly technical content.
  • Tertiary qualifications in Electrical/Electronic, Computer, Network or Software Engineering; Information Security, IT or a related discipline
  • Industry Certifications, or demonstratable skillset exceeding:
    • Offensive Security – OSCP
    • CREST -CRT                                                                                                                                                                                                                                                                                                                                     
       

High desirable

  • Industry certifications, such as:
    • Offensive Security – OSCE, OSWE
    • CREST – CCT (Web, Infrastructure)
  • Experience in performing in depth penetration testing across a variety of domains, as well as experience in identifying zero-day exploits.
  • Experience in implementing automated security testing tools in CI/CD pipelines
  • Experience in developing security policy, standards and requirements.
  • Experience in a complementary security assessment discipline, such as manual code review
  • Experience in coaching, developing and training junior team members


Why join us?
Your work will expose you to innovative thinking, technologies and global best practice. As we grow, you'll grow, and this will extend onto building your own valuable talents and skills here with us.


Interested? Apply now!
If this opportunity sounds like a perfect fit for you, we'd encourage you to apply!

___________________________

We’re committed to building a diverse and inclusive workforce in all its forms. We encourage applicants from diverse gender, cultural and linguistic backgrounds and applicants who may be living with a disability. We also offer flexibility in all our roles, to ensure everyone can participate.

To learn more about how we support our people, including accessibility adjustments we can provide you through the recruitment process, visit tel.st/thrive.

Apply Now
  • Job Number: JR-10028796
  • Employment Type: Permanent Full Time
  • Location: VIC: Melbourne, NSW: Australia (Flexible) or NSW: Sydney
  • Opening date: 13/01/2021 12:00 AM AEST
  • Closing date: 27/01/2021 11:59 PM AEST
  • Applications close in: 11 days time