Background information about the job or company

Senior Security Engineer - Technical Security Verification

You are an experienced Security Engineer with an investigative mindset

We are one of the best and most advanced Cyber Security groups in Australia.

Together we can contribute to protecting the Bank, Customers, and the Community.

Your Business:

Cyber Security protects the bank and our customers from theft, loss, and risk events, through effective and proactive management of cyber security, privacy, and operational risk.

Your new team:

The Technical Security Verification (TSV) team is responsible for running the Security Verification function within the banks Group Security Engineering division.

This team ensures that changes to the Group's technology landscape have met Cyber Security requirements as aligned to our DevSecOps and Cyber Control strategies.

Do Work that matters:

In this role, you will independently verify that critical security controls are correctly implemented across services and changes, while also driving automation and practical improvements in how security is validated, ensuring teams deploy services and changes securely from day one.

Responsibilities or duties

• Design and build automation and tooling to improve how security controls are verified at scale, including evidence collection, control checks, and coverage of security abuse case scenarios.
• Perform pre‑go‑live security checks of new services, leveraging engineering artefacts and enterprise security tooling.
• Identify and raise clear, actionable security findings, working closely with delivery teams and tracking outcomes through to closure.
• Partner with engineering teams to remediate issues and re‑test controls, ensuring changes are delivered securely.
• Continuously improve how security verification is performed by standardising, automating, and scaling control validation across services.

Qualifications or requirements

Experience needed

• Proven experience as a Security Engineer / Cloud Security / SecOps engineer or Security Designer in a large enterprise environment.
• Hands-on experience with security related tooling and products such as Wiz, Qualys, Noname, Splunk etc
• Demonstrated ability to investigate and validate security requirements using security tooling outputs.
• Experience building automation (scripts, workflow automation, CI/CD checks, API integrations, AI agents) to reduce manual effort and improve repeatability.
• Working knowledge of common security control domains: identity & access, logging/monitoring, security configuration, vulnerability management, endpoint controls, network controls.
• Familiarity with common security frameworks and reference models, such as NIST, CIS Controls and OWASP

Any other provided details

If you're already part of the Commonwealth Bank Group (including Bankwest, x15ventures), you'll need to apply through Sidekick to submit a valid application. We’re keen to support you with the next step in your career.

We're aware of some accessibility issues on this site, particularly for screen reader users. We want to make finding your dream job as easy as possible, so if you require additional support please contact HR Direct on 1800 989 696.

• Design and build automation and tooling to improve how security controls are verified at scale, including evidence collection, control checks, and coverage of security abuse case scenarios.
• Perform pre‑go‑live security checks of new services, leveraging engineering artefacts and enterprise security tooling.
• Identify and raise clear, actionable security findings, working closely with delivery teams and tracking outcomes through to closure.
• Partner with engineering teams to remediate issues and re‑test controls, ensuring changes are delivered securely.
• Continuously improve how security verification is performed by standardising, automating, and scaling control validation across services.

• Security Engineering
• Cloud Security
• SecOps
• Security Design
• Wiz
• Qualys
• Noname
• Splunk
• Automation (scripts, workflow automation, CI/CD checks, API integrations, AI agents)
• Identity & Access Management
• Logging & Monitoring
• Security Configuration
• Vulnerability Management
• Endpoint Controls
• Network Controls
• NIST
• CIS Controls
• OWASP

• Proven experience as a Security Engineer / Cloud Security / SecOps engineer or Security Designer in a large enterprise environment.
• Hands-on experience with security related tooling and products such as Wiz, Qualys, Noname, Splunk etc
• Demonstrated ability to investigate and validate security requirements using security tooling outputs.
• Experience building automation (scripts, workflow automation, CI/CD checks, API integrations, AI agents) to reduce manual effort and improve repeatability.
• Working knowledge of common security control domains: identity & access, logging/monitoring, security configuration, vulnerability management, endpoint controls, network controls.
• Familiarity with common security frameworks and reference models, such as NIST, CIS Controls and OWASP