About Us

At ANZ, we're shaping a world where people and communities thrive, driven by a common goal: to improve the financial wellbeing and sustainability of our millions of customers.

About the Role

The mission of the Penetration Testing squad is to keep ANZ safe through the active identification of cyber security threat within the systems and/or services that are used or the applications that are developed.

As a Penetration Tester, you provide authoritative leadership over penetration testing strategy, execution integrity, and continuous improvement. This role ensures penetration testing delivers meaningful risk reduction, defensible assurance outcomes, and executive confidence.

Banking is changing and we’re changing with it, giving our people great opportunities to try new things, learn and grow. Whatever your role at ANZ, you’ll be building your future, while helping to build ours.

There are multiple roles available, from senior leaders to more junior positions as we look to build out our existing capability with broad influence across security engineering, technology, and risk stakeholders.

What will your day look like?

• Plan, prioritise, and drive penetration testing activities across a ANZ’s enterprise environments
• Assure the safety, integrity, and effectiveness of penetration testing engagements
• Identify vulnerabilities across complex environments and translating findings into clear, actionable recommendations as well as provide authoritative advice on control effectiveness and residual risk
• Shape and evolve penetration testing standards, QA, policy, and operating models
• Define risk based testing strategies aligned to the threat landscape and business priorities
• Engage with senior leaders and executives to communicate outcomes and assurance
• Assess internal capability and external providers to ensure quality and value
• Drive continual improvement and innovation in penetration testing practices

What will you bring?

• 7+ years in experience in enterprise security domain with specialisation in penetration testing, as lead or senior engineer.
• Recognised industry credibility and advanced certifications (e.g. CISSP, OSCP, GPEN).
• Strong alignment with industry-standard penetration testing and other related frameworks (e.g. OWASP, PTES).
• Proven penetration testing expertise across a wide range of application and system types, including web, APIs/Microservices, mobile, thick client, AI, biometric and embedded systems.
• Deep technical capability in the penetration testing space spanning multiple domains, including cloud environments (AWS, GCP), enterprise platforms (Active Directory, Git, container platforms), and network infrastructure.
• Extensive hands-on experience across the full penetration testing lifecycle, including scoping, execution, exploitation, reporting, remediation guidance, and quality assurance.
• Proficiency in both automated/manual testing techniques and advanced exploitation methodologies, including the use of dynamic application security testing (DAST) tools and developing custom scripts for automation/exploitation.
• Advanced understanding of modern development ecosystems, including source code repositories, CI/CD pipelines, artefact management, and integration patterns for security toolsets.
• Familiarity with AI eco systems, LLM frameworks and AI penetration testing tools/platforms including using AI to refine end-to-end penetration testing lifecycle/processes.
• Demonstrated commitment to continuous improvement through research, innovation, and staying current with evolving threats, tactics, techniques, and procedures (TTPs).
• Strategic and commercial acumen, with the ability to translate technical findings into business risk insights, influence security strategy, and engage effectively with senior stakeholders.

So why join us?

ANZ is a place where big things happen as we work together to provide banking and financial services across more than 30 markets. With more than 7,500 people, our Bengaluru team is the bank's largest technology, data and operations centre outside Australia. In operation for over 33 years, the centre is critical in delivering the bank's strategy and making an impact for our millions of customers around the world. Our Bengaluru team not only drives the transformation initiatives of the bank, it also drives a culture that makes ANZ a great place to be. We're proud that people feel they can be themselves at ANZ and 90 percent of our people feel they belong.

We know our people need different things to be great in their role, so we offer a range of flexible working options, including hybrid work (where the role allows it). Our people also enjoy a range of benefits including access to health and wellbeing services.

We want to continue building a diverse workplace and welcome applications from everyone. Please talk to us about any adjustments you may require to our recruitment process or the role itself. If you are a candidate with a disability or access requirements, let us know how we can provide you with additional support.

• Plan, prioritise, and drive penetration testing activities across a ANZ’s enterprise environments
• Assure the safety, integrity, and effectiveness of penetration testing engagements
• Identify vulnerabilities across complex environments and translating findings into clear, actionable recommendations as well as provide authoritative advice on control effectiveness and residual risk
• Shape and evolve penetration testing standards, QA, policy, and operating models
• Define risk based testing strategies aligned to the threat landscape and business priorities
• Engage with senior leaders and executives to communicate outcomes and assurance
• Assess internal capability and external providers to ensure quality and value
• Drive continual improvement and innovation in penetration testing practices

• Recognised industry credibility and advanced certifications (e.g. CISSP, OSCP, GPEN).
• Strong alignment with industry-standard penetration testing and other related frameworks (e.g. OWASP, PTES).
• Proven penetration testing expertise across a wide range of application and system types, including web, APIs/Microservices, mobile, thick client, AI, biometric and embedded systems.
• Deep technical capability in the penetration testing space spanning multiple domains, including cloud environments (AWS, GCP), enterprise platforms (Active Directory, Git, container platforms), and network infrastructure.
• Proficiency in both automated/manual testing techniques and advanced exploitation methodologies, including the use of dynamic application security testing (DAST) tools and developing custom scripts for automation/exploitation.
• Advanced understanding of modern development ecosystems, including source code repositories, CI/CD pipelines, artefact management, and integration patterns for security toolsets.
• Familiarity with AI eco systems, LLM frameworks and AI penetration testing tools/platforms including using AI to refine end-to-end penetration testing lifecycle/processes.
• Demonstrated commitment to continuous improvement through research, innovation, and staying current with evolving threats, tactics, techniques, and procedures (TTPs).
• Strategic and commercial acumen, with the ability to translate technical findings into business risk insights, influence security strategy, and engage effectively with senior stakeholders.

• 7+ years in experience in enterprise security domain with specialisation in penetration testing, as lead or senior engineer.
• Recognised industry credibility and advanced certifications (e.g. CISSP, OSCP, GPEN).
• Strong alignment with industry-standard penetration testing and other related frameworks (e.g. OWASP, PTES).
• Proven penetration testing expertise across a wide range of application and system types, including web, APIs/Microservices, mobile, thick client, AI, biometric and embedded systems.
• Deep technical capability in the penetration testing space spanning multiple domains, including cloud environments (AWS, GCP), enterprise platforms (Active Directory, Git, container platforms), and network infrastructure.
• Extensive hands-on experience across the full penetration testing lifecycle, including scoping, execution, exploitation, reporting, remediation guidance, and quality assurance.