Senior Security Engineer - Technical Security Verification
You are an experienced Security Engineer with an investigative mindset
We are one of the best and most advanced Cyber Security teams in Australia.
Together we can contribute to protecting the Group, customers, and the community.
Your Business:
Cyber Security protects the bank and our customers from theft, loss, and risk events, through effective and proactive management of cyber security, privacy, and operational risk.
Your new team:
The Technical Security Verification (TSV) team is responsible for running the Security Verification function within the banks Group Security division.
This team ensures that new-to-bank services and material changes to the Group's technology landscape have met Cyber Security requirements as aligned to our DevSecOps and Cyber Control strategies.
Do Work that matters:
In this role, you will help ensure that critical security controls are implemented and operating as intended before services and material changes go live, reducing the likelihood of cyber control gaps entering production from day one.
You will also:
Develop Technical security assurance/verification automation and tooling including reporting for ongoing governance and oversight
Perform pre‑live verification of new-to-bank services and changes against the Cyber controls, using evidence from engineering artefacts and enterprise security/IT tooling.
Raise clear, actionable findings when deviations are identified; notify delivery owners via standard channels and track outcomes through to closure.
Support delivery teams to remediate findings and execute re-tests as required
Design and build automation to improve scalability and consistency of verification, including:
evidence collection/normalisation,
control checks
reporting outputs for governance visibility.
We are interested in people who have:
Extensive experience as a Security Engineer / Cloud Security / SecOps engineer or Security Designer in a large enterprise.
Hands-on experience with security related tooling and products such as Wiz, Qualys, PING, Noname, Splunk, JSM, Defender etc
Demonstrated ability to investigate and validate security control implementation using logs, configurations, cloud controls, identity platforms, and security tooling outputs.
Experience building automation (scripts, workflow automation, CI/CD checks, reporting pipelines, AI) to reduce manual effort and improve repeatability.
Working knowledge of common security control domains: identity & access, logging/monitoring, security configuration, vulnerability management, endpoint controls, network controls.
Familiarity with common security frameworks and reference models, such as NIST, CIS Controls and OWASP
If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.
We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.