At ANZ, we're shaping a world where people and communities thrive, driven by a common goal: to improve the financial wellbeing and sustainability of our millions of customers.

About the Role

The mission of the Penetration Testing squad is to keep ANZ safe through the active identification of cyber security threat within the systems and/or services that are used or the applications that are developed.

As a Lead Penetration Tester, you provide authoritative leadership over penetration testing strategy, execution integrity, and continuous improvement. This role ensures penetration testing delivers meaningful risk reduction, defensible assurance outcomes, and executive confidence.

Banking is changing and we’re changing with it, giving our people great opportunities to try new things, learn and grow. Whatever your role at ANZ, you’ll be building your future, while helping to build ours.

Role Type: Permanent

Role Location: Melbourne

Work Hours: Full-Time

What will your day look like?

This role will be accountable for:

• Plan, prioritise, and drive penetration testing activities across a ANZ’s enterprise environments
• Assure the safety, integrity, and effectiveness of penetration testing engagements
• Identify vulnerabilities across complex environments and translating findings into clear, actionable recommendations as well as provide authoritative advice on control effectiveness and residual risk
• Shape and evolve penetration testing standards, QA, policy, and operating models
• Define risk based testing strategies aligned to the threat landscape and business priorities
• Engage with senior leaders and executives to communicate outcomes and assurance
• Assess internal capability and external providers to ensure quality and value
• Drive continual improvement and innovation in penetration testing practices

What will you bring?

To grow and be successful in this role, you will ideally bring the following:

• 10+ years penetration testing experience, including lead or principal responsibilities
• Relevant cyber security or penetration testing certifications are highly advantageous (eg. OSCP, CRTP, CEH etc)
• Recognised industry credibility and advanced certifications (e.g. CISSP, OSCP, GPEN).
• Strong alignment with industry-standard penetration testing and other related frameworks (e.g. OWASP, PTES).
• Proven penetration testing expertise across a wide range of application and system types, including web, APIs/Microservices, mobile, thick client, AI, biometric and embedded systems.
• Deep technical capability in the penetration testing space spanning multiple domains, including cloud environments (AWS, GCP), enterprise platforms (Active Directory, Git, container platforms), and network infrastructure.
• Extensive hands-on experience across the full penetration testing lifecycle, including scoping, execution, exploitation, reporting, remediation guidance, and quality assurance.
• Proficiency in both automated/manual testing techniques and advanced exploitation methodologies, including the use of dynamic application security testing (DAST) tools and developing custom scripts for automation/exploitation.
• Advanced understanding of modern development ecosystems, including source code repositories, CI/CD pipelines, artefact management, and integration patterns for security toolsets.
• Familiarity with AI eco systems, LLM frameworks and AI penetration testing tools/platforms including using AI to refine end-to-end penetration testing lifecycle/processes.
• Demonstrated commitment to continuous improvement through research, innovation, and staying current with evolving threats, tactics, techniques, and procedures (TTPs).
• The ability to mentor and uplift team capability, including coaching junior testers and reviewing deliverables to ensure high-quality outcomes.
• Strategic and commercial acumen, with the ability to translate technical findings into business risk insights, influence security strategy, and engage effectively with senior stakeholders.

You’re not expected to have 100% of these skills. At ANZ a growth mindset is at the heart of our culture, so if you have most of these things in your toolbox, we’d love to hear from you.

So why join us?

From the moment you join ANZ, you'll be doing meaningful work that will shape a world where people and communities thrive.

But it's not just our customers who'll feel your impact. You'll feel it too. Because at ANZ, you'll have the resources, opportunities, and support you need to take the next big step in your career.

We're a diverse bunch at ANZ in different roles, different locations, doing different things. That's why we have a range of flexible working arrangements, so our people can 'make work, work for them'. We also provide a range of benefits including access to health and wellbeing services and discounts on selected products and services from ANZ and more.

At ANZ, you'll be part of an organisation where the different backgrounds, perspectives and life experiences of our people are celebrated. That's because we're committed to building a workplace that reflects the diversity of the communities we serve. We welcome applications from everyone and encourage you to talk to us about any adjustments you may require to our recruitment process or the role itself. If you're a candidate with a disability or access requirement, and have an enquiry about the support provided, please let us know on your application or visit ANZ Accessibility and Inclusion Programs for alternate contact methods.

• Plan, prioritise, and drive penetration testing activities across a ANZ’s enterprise environments
• Assure the safety, integrity, and effectiveness of penetration testing engagements
• Identify vulnerabilities across complex environments and translating findings into clear, actionable recommendations as well as provide authoritative advice on control effectiveness and residual risk
• Shape and evolve penetration testing standards, QA, policy, and operating models
• Define risk based testing strategies aligned to the threat landscape and business priorities
• Engage with senior leaders and executives to communicate outcomes and assurance
• Assess internal capability and external providers to ensure quality and value
• Drive continual improvement and innovation in penetration testing practices

• 10+ years penetration testing experience, including lead or principal responsibilities
• Relevant cyber security or penetration testing certifications are highly advantageous (eg. OSCP, CRTP, CEH etc)
• Recognised industry credibility and advanced certifications (e.g. CISSP, OSCP, GPEN).
• Strong alignment with industry-standard penetration testing and other related frameworks (e.g. OWASP, PTES).
• Proven penetration testing expertise across a wide range of application and system types, including web, APIs/Microservices, mobile, thick client, AI, biometric and embedded systems.
• Deep technical capability in the penetration testing space spanning multiple domains, including cloud environments (AWS, GCP), enterprise platforms (Active Directory, Git, container platforms), and network infrastructure.
• Extensive hands-on experience across the full penetration testing lifecycle, including scoping, execution, exploitation, reporting, remediation guidance, and quality assurance.
• Proficiency in both automated/manual testing techniques and advanced exploitation methodologies, including the use of dynamic application security testing (DAST) tools and developing custom scripts for automation/exploitation.
• Advanced understanding of modern development ecosystems, including source code repositories, CI/CD pipelines, artefact management, and integration patterns for security toolsets.
• Familiarity with AI eco systems, LLM frameworks and AI penetration testing tools/platforms including using AI to refine end-to-end penetration testing lifecycle/processes.
• Demonstrated commitment to continuous improvement through research, innovation, and staying current with evolving threats, tactics, techniques, and procedures (TTPs).
• The ability to mentor and uplift team capability, including coaching junior testers and reviewing deliverables to ensure high-quality outcomes.
• Strategic and commercial acumen, with the ability to translate technical findings into business risk insights, influence security strategy, and engage effectively with senior stakeholders.

• 10+ years penetration testing experience, including lead or principal responsibilities
• Relevant cyber security or penetration testing certifications are highly advantageous (eg. OSCP, CRTP, CEH etc)
• Recognised industry credibility and advanced certifications (e.g. CISSP, OSCP, GPEN).
• Strong alignment with industry-standard penetration testing and other related frameworks (e.g. OWASP, PTES).
• Proven penetration testing expertise across a wide range of application and system types, including web, APIs/Microservices, mobile, thick client, AI, biometric and embedded systems.
• Deep technical capability in the penetration testing space spanning multiple domains, including cloud environments (AWS, GCP), enterprise platforms (Active Directory, Git, container platforms), and network infrastructure.
• Extensive hands-on experience across the full penetration testing lifecycle, including scoping, execution, exploitation, reporting, remediation guidance, and quality assurance.
• Proficiency in both automated/manual testing techniques and advanced exploitation methodologies, including the use of dynamic application security testing (DAST) tools and developing custom scripts for automation/exploitation.
• Advanced understanding of modern development ecosystems, including source code repositories, CI/CD pipelines, artefact management, and integration patterns for security toolsets.
• Familiarity with AI eco systems, LLM frameworks and AI penetration testing tools/platforms including using AI to refine end-to-end penetration testing lifecycle/processes.
• Demonstrated commitment to continuous improvement through research, innovation, and staying current with evolving threats, tactics, techniques, and procedures (TTPs).
• The ability to mentor and uplift team capability, including coaching junior testers and reviewing deliverables to ensure high-quality outcomes.
• Strategic and commercial acumen, with the ability to translate technical findings into business risk insights, influence security strategy, and engage effectively with senior stakeholders.