• Work on high-impact, enterprise- scale testing across cloud, applications and infrastructure. 

• Shape and uplift NAB’s Offensive Security capability as a recognised technical leader. 

• Access industry-leading tools, frameworks, career development and flexible working. 

Our people are customer obsessed. They prioritise the needs and satisfaction of the customer above all else.  Our mindset fosters innovation and creates strong, lasting customer relationships as we strive to be the most customer centric company in Australia and New Zealand 

In the role of Lead Penetration Tester, you will join the Cyber Security team that’s doubling down on customer obsession. 

In this Lead Penetration Testing role, you will:  

• Lead and execute Offensive Security activities across applications, infrastructure, cloud and emerging technologies. 

• Work with business leaders and stakeholders to identify services that meet defined criteria for offensive testing - establishing a pipeline of testing activity. 

• Perform penetration testing and vulnerability assessments, including the triage of security exposures to determine technical risk to the organisation. This includes testing of web applications, mobile applications, , infrastructure (ATM’s, handheld card devices, Active Directory, Windows and Linux servers and SOE’s, cloud technologies, and hardware. 

• Ensure that the quality of the teams’ work is consistently meeting the desired levels through; technical reviews of penetration testing scopes and reports, enhancement of processes, and mentoring of team members to elevate their skills. 

• Drive process and team skills improvement, helping to evolve the penetration testing function to meet the requirements of a constantly changing technology environment. 

• Provide leadership and guidance to uplift activities in of the Cyber Security business units’ goals.  

We’re looking for the best and brightest to deliver the best for our customers. You’ll need:   

• A be technical leader with demonstrated in-depth experience working in a Lead Penetration Tester role within a large-scale complex organisation, driving technical excellence and uplift across a security testing function 

• Passion for security and ethical hacking always looking for new tools and techniques to learn about - channelling this passion into penetration testing 

• Experience testing various technologies and platforms, including but not limited to; Web applications, web APls, mobile applications (iOS, Android), network and server technologies, cloud services (AWS, Azure), and hardware 

• Experience writing and conveying complex penetration testing findings through reports 

• A comprehensive understanding of Penetration Testing frameworks and methodologies (OWASP, OSTTMM, WAHH) 

• Completion of undergraduate (minimum) in technical degree (Computer Science, Software Engineer, Cyber Security) and Advanced Industry certifications such as OSEP, AWAE, CREST CCT, SANS Advanced, or equivalent; and training on self-development platforms (i.e. HackTheBox, Pentesterlabs, wechall, etc.) 

• Strong communication and influencing skills and ability to shape outcomes 

A diverse and inclusive workplace works better for everyone 

We know that our people make us who we are. That's why we have built a culture of equity and respect – where everyone feels valued and appreciated for being their authentic selves. In partnership with our multiple Employee Resource Groups (ERGs) we continue to foster an inclusive environment, where all NAB colleagues’ unique backgrounds and identities are understood, respected and celebrated.  We are committed to providing an environment where you can work your way.

For details on the recruitment process, and accessibility, please visit https://www.nab.com.au/about-us/careers/apply-for-job.  To discuss adjustment requirements, please contact the NAB Careers team, via nab.careers@nab.com.au (please reference job number) or visit our Careers page through the link above for other contact options.

Join NAB

If you think this role is the right fit for you, we would love to hear from you. Please note candidate screening and interviews may be conducted prior to the closing date of the job advert. Unsolicited CVs from agencies will not be accepted.