Principal Adversarial Engineer

• You are a problem solver with a strong background in offensive security.

• We are one of the best and most advanced Cyber Security teams in Australia.

• Together we can contribute to protecting the group, its customers and community.

Your business:

Sitting in the Technology division, Cyber Security protects the bank and our customers from cyber intrusions, theft, and loss and risk events, through effective and proactive management of cyber security, privacy and operational risk.

Within this role you will join the Purple Team which is part of the Red Team and report to the Senior Manager of the Purple Team.

Your new team:

The Purple Team are responsible for testing and providing insights into defensive controls and our overall security posture. We perform long term and short term engagements, and automated attacker simulation activities to trigger responses and identify gaps in our defensive coverage.

We work closely with the Blue Team to ensure an understanding of the various attack techniques used, and to design strategies to best enhance the group’s robust cyber security defences.

The Purple Team is seeking an offensive minded individual to join our team  to design scenarios emulating real-world attacks, collaborate with Blue Team and other business units  to share knowledge and influence strategy, and to  research novel attack techniques and scenarios.

Your impact and contribution:

This role is for a collaborative and cooperative Principal Adversarial Engineer working on offensive security testing, sharing knowledge and findings, and coming up with solutions to these problems.

While you are an expert in attacking systems and breaking defences, you are also a true leader, able to collaborate and convey information to the Blue Team. This role will see you working with service owners and external stakeholders to gather information about problems that need attention, designing scenarios to test areas of concern, and presenting findings back to the relevant parties for remediation.

Your regular engagement with external stakeholders before, during, and after testing will achieve our ultimate goal of improving the Group's wider security posture and defence capabilities.

You will be working on our key projects and testing initiatives, designing and running multi-layer attack simulation to ensure the group’s defence capabilities can withstand an attack from real life adversaries.

You will also:

• Perform self-directed, bank wide cyber security testing.

• Work collaboratively with the Blue Team to share expertise, knowledge, and simulation outcomes to improve the business’ cyber defence.

• Share your knowledge and expertise across defensive and engineering teams to support processes and improvements and the use of technology tools and or platforms.

• Co-ordinate and lead large and complex organisation based cyber security attack simulations.

• Write and modify tooling, infrastructure, and deployment automation code in your language of choice.

• Exercise flawless sensitivity in handling information with regards to complex vulnerabilities, resilience of systems, privacy, customer and employee data, relevant laws, etc.

• Write comprehensive reports including assessment-based findings, outcomes, and propositions for further system security enhancement.

We are interested in people who:

We are looking for an experienced Principal Adversarial Engineer who is wanting to work on large-scale offensive security testing projects and be the conduit between the Red and Blue Teams.

This person will be pivotal in improving our defence capabilities, processes and the use of technology tools and services across the Red Team within the Cyber Defence Operations.

You will bring:

• Demonstrated prior experience working in Red or Purple Teams and can apply understanding of attacker techniques and methodologies.

• Leadership and mentorship experience with an interest in working collaboratively between the Red and Blue Teams to improve the group’s cyber defence capabilities.

• Ability to work closely with system owners, developers, engineers and/or project teams to identify key gaps in our defences.

• Relevant SANS, Offensive Security and other industry recognised offensive certifications are highly desirable.

• Experience in developing hacking tools, security research, advisories, and presentations is an advantage.

If this role is of interested to you please apply directly or reach out to have a confidential discussion in more detail.

Advertising End Date: 24/04/2025