The role exists to provide technology-based vulnerability detection services incorporating scanning and penetration testing across key assets.
We are looking for an experienced Cyber Security professional to manage a team of 5/6 Penetration Testers. Ideally you will have a background in Penetration Testing but this is not essential.
What you’ll be doing…
- Define scope of penetration testing objectives and define and drive plans to deliver on that scope, ensuring alignment of plans with the objectives of the Enterprise Security performance unit;
- Provide direction to NAB’s penetration testing team to ensure outcomes of testing activity align with defined scope and objectives of the Enterprise Security performance unit;
- Provide direction and consultation to NAB’s asset teams to assist in the understanding and remediation of security test findings, influencing security change at a PU level; coordinate execution of testing plans with asset owners and stakeholders;
- Work autonomously within Security but evangelise security uplift across technology teams;
- Build networks and strong working relationships with colleagues to GM level down, and be seen as a trusted provider of penetration testing services and advice;
- Use excellent communication skills to articulate security testing requirements, outcomes, and recommendations in a business context.
- Identify team functions/processes/capabilities which can be improved / automated and drive this change
- Identify desirable skillsets for the team to acquire and find opportunities for the team to grow
What you will bring...
- Experience defining and delivering complex projects in an enterprise environment
- A developed awareness of best practice in security and a drive to self-educate in the field
- Experience working as a consultant, providing guidance and service in an environment of rapid change
- Proven relationship management experience with suppliers of technology products and services
- Technical background in at least one core technology or in application development
- Hands-on experience with security testing
- Desirable: SSCP or CISSP
- Desirable: formal delivery certifications such as CSM, PMP, or Prince 2