Associate, DAST & API Security Posture - Group Security

Responsibilities

• Ensure respective policy, standards, processes and controls meet regulator and compliance expectations
• Support meeting departmental budgets
• Ensure controls and timely completion of findings and treatment plans
• Ensure and drive security outcomes relating to software development and devops practices
• Ensure and optimize dynamic application security testing tools and API security solutions
• Ensure tools are configured correctly and operating efficiently to provide maximum protection
• Utilise a variety of testing methodologies and tools to uncover potential threats and risks while eliminating the false positives
• Enhancing and updating application dynamic testing methodologies, processes and standards documentation
• Document and evangelise secure API design patterns
• Build and promote code libraries for API security
• Automate continuous security testing of APIs
• Consult with development teams to educate and improve awareness of secure standards and practices
• Support and champion the development of secure and reusable code across development teams to eliminate gaps identified in dynamic and API security testing
• Develop or use tooling to identify security vulnerabilities within our web application footprint
• Produce clear and accurate reporting for stakeholders
• Work with Cyber Engineering & Platforms teams to expand coverage and integrate dynamic and API security testing
• Work with Detection & Response and other Cyber Security teams to ensure critical exposures are mitigated in a timely manner
• Extend support on remediation of dynamic application testing and API vulnerabilities discovered through scanning and security testing
• Help manage the organization's vulnerability intake and remediation process
• Support incident response efforts as required
• Stay abreast of current and emerging technologies, threats and vulnerabilities, and best practice protection methods
• Research and analyse application behaviours to improve security and stability
• Contribute to the evolution of the organization's application security functions and services
• Other activities as required by management
• YOUR SKILLS AND EXPERIENCE
• 3 years of experience working in a Application Security, consulting or related role
• Delivery / execution of API security and dynamic security testing across NAB
• Implement security controls across API Gateways.
• Stakeholder management
• Risk management and compliance
• Experience in securing APIs and Dynamic/Runtime security scanning
• DevOps operating model and technologies
• Development skills
• Vulnerability management
• Working experience in Cloud technologies - AWS and/or Azure
• Hands on with coding: Scripting using Java/Python
• Excellent verbal and written communication skills
• Experience with security tools in SAST (static code testing), SCA (software composition analysis), CSS (container security), DAST (dynamic security testing)
• Tertiary qualified with a Degree in Information Technology or related.
• Having a industry leading cyber security certifications will be a plus
• THE BENEFITS AND PERKS
• We appreciate and reward our colleagues who do great work every day - from excelling for our customers, to taking ownership of an issue to get it resolved. Here's how we support our people with a range of exclusive benefits.
• Generous compensation and benefit package
• Attractive salary
• 20-day paid annual leave and 7-day paid sick leave
• 13th month salary and Annual Performance Bonus
• Premium healthcare for yourself and family members
• Monthly allowance for team activities
• Premium welcome kit and occasional gifts of appreciation
• Extra benefits on your work anniversary
• Exciting career and development opportunities
• Large scale products with modern technologies in banking domain
• Clear roadmap for career advancement in both technical and leadership pathways
• Access to digital learning platform such as Udemy
• Consistent and high-quality leadership training through the Distinctive Leadership program (DLP)
• Specialist capabilities and accreditations in key skill areas such as Cloud Engineering, Digital, Data, Security and SREs (Site reliability engineers)
• Sponsored English course with native teachers
• Opportunity for training in Australia
• Professional and engaging working environment
• Hybrid working model and excellent work-life balance
• State-of-the-art & modern Agile office
• Food and beverages in the office pantry
• Employee Assistance Program to improve your physical and mental health
• Annual team act

Benefits

Additional Information

Job Posting End Date: Worker Type: Maximum Term/Fixed Term (Fixed Term) We're seeking a key member who have had a proven track record of running critical shared application platforms in a production cloud environment. The purpose is t o improve the security of NAB applications and DevOps practices through standards, education & awareness with developers, consultation on best practices, development of secure reusable capabilities, and supporting review and remediation of vulnerabilities

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at nab? Share your experience