Company Logo

Consultant Offensive Security


Job Description

This role exists to provide penetration testing services to a wide range of NAB group products and services, identifying security weaknesses and exposures that pose a risk to the enterprise. Offensive Security is set up to execute scope defined and threat/scenario-based testing against the banks People, Processes, and Technology. The team is made up of both a traditional penetration testing capability and red teaming.

penetration testing (‘testing’) is the practice of testing a computer system, network, or web application to find security vulnerabilities that an attacker could exploit. This testing is executed using a combination of automated tools and manual testing.


  • Work with project stakeholders to identify assets and define test scopes - evaluating the breadth and depth on which testing should take place based on varying factors;
  • Execute penetration tests, either in a team or individually, to identify vulnerabilities and weaknesses that could impact bank systems;
    • Including testing of web applications, mobile applications, web APIs, Infrastructure, Cloud technologies, and hardware.
  • Triage vulnerabilities and justify risk in alignment with common vulnerability scoring systems, considering the environment and context;
  • Report testing results to key project stakeholders in varying formats (i.e. traditional report, bug tickets), including verbal communication;
  • Be involved with internal projects and initiatives to uplift team capabilities;
  • Provide QA reviews for testing scopes and reports from your peers to ensure high quality and accuracy of testing;
  • Work with larger technical programs across the bank to understand and construct testing requirements;
  • Where required, work as an embedded penetration tester on large programs;
  • Assist with other offensive security activities within the team (e.g. red team activity);
  • Self-manage penetration testing projects from end-to-end;
  • Perform other ‘run the business’ activities as assigned by the team manager, such as maintenance and uplift of the penetration testing environment.

Mandatory Technical Skills

  • Experience testing various technologies and platforms, including but not limited to; Web applications, web APIs, mobile applications (iOS, Android), network and server technologies, cloud services (AWS, Azure), and hardware;
  • Experience writing and conveying complex security findings through reports;
  • Experience as a penetration tester;
  • Training on self-development platforms (i.e. HackTheBox, Pentesterlabs, wechall, etc.);
  • Participation in Bug Bounty programs Undergraduate (minimum) in technical degree (Computer Science, Software Engineer, Cyber Security)
  • Standard Industry certifications such as OSCP, CREST (CRT, CCT) or equivalent.

About NAB

We believe success comes from our people. We're committed to supporting your talent and skills through your career, as you help us build a culture that affects change for our customers - and for the community too. We have an African Australian Inclusion Program, a range of Grad, Traineeship and Internship Programs, we are proud to have dedicated $55 billion to help address climate change, be recognised as a Gold employer of LGBTI Inclusion by AWEI and be an endorsed employer for Women by Work180.

*Please note unsolicited CVs from agencies will not be accepted.

To help keep our community safe, candidates are required to comply with vaccine requirements outlined in state based public health orders.